10471 matches found
OPENSUSE-SU-2025:20163-1 Security update for grub2
This update for grub2 fixes the following issues: Changes in grub2: - CVE-2025-54771: Fixed grubfileclose does not properly controls the fs refcount bsc1252931 - CVE-2025-54770: Fixed missing unregister call for netsetvlan command may lead to use-after-free bsc1252930 - CVE-2025-61662: Fixed...
SUSE-SU-2025:21212-1 Security update for grub2
This update for grub2 fixes the following issues: Changes in grub2: - CVE-2025-54771: Fixed grubfileclose does not properly controls the fs refcount bsc1252931 - CVE-2025-54770: Fixed missing unregister call for netsetvlan command may lead to use-after-free bsc1252930 - CVE-2025-61662: Fixed...
CVE-2025-40265
No description is available for this CVE...
SQL Injection
jeecg-boot is vulnerable to SQL Injection. The vulnerability is due to insufficient sanitization of the title parameter in the /sys/dict/loadTreeData endpoint, allowing attackers to inject malicious SQL statements and manipulate backend database queries...
Jeecg-boot SQL Injection Vulnerability
A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public...
SQL Injection
Jeecg-boot is vulnerable to SQL Injection. The vulnerability is due to insufficient sanitization of the code parameter in the /sys/user/queryUserComponentData endpoint, allowing attackers to inject malicious SQL statements and manipulate backend database queries...
Improper SSL Hostname Verification
org.springframework.boot, spring-boot-autoconfigure is vulnerable to improper SSL hostname verification. The vulnerability is due to missing hostname verification in Cassandra SSL auto-configuration, which allows an attacker to perform man-in-the-middle attacks by intercepting and spoofing truste...
Incorrect Authorization
org.nutz:nutzboot-parent is vulnerable to Incorrect Authorization. The vulnerability is due to inadequate validation of transaction parameters from/to/wei in the Transaction API, which allows an attacker to manipulate requests and perform unauthorized actions remotely...
CVE-2025-36755
The CleverDisplay BlueOne hardware player is designed with its USB interfaces physically enclosed and inaccessible under normal operating conditions. Researchers demonstrated that, after cicumventing the device’s protective enclosure, it was possible to connect a USB keyboard and press ESC during...
EUVD-2025-203082
APTIOV contains a vulnerability in BIOS where a user may cause “Improper Handling of Insufficient Permissions or Privileges” by local access. Successful exploitation of this vulnerability can lead to escalation of authorization and potentially impact Integrity and Availability...
CVE-2025-36755
The CVE-2025-36755 entry describes the CleverDisplay BlueOne hardware player. When its USB interfaces are physically enclosed, the device is normally inaccessible; after circumventing the enclosure, a USB keyboard can be connected and ESC pressed during boot to access the BIOS setup interface. BI...
EUVD-2025-203085
The CleverDisplay BlueOne hardware player is designed with its USB interfaces physically enclosed and inaccessible under normal operating conditions. Researchers demonstrated that, after cicumventing the device’s protective enclosure, it was possible to connect a USB keyboard and press ESC during...
CVE-2025-10451
CVE-2025-10451 affects Insyde InsydeH2O (EFI/UEFI) with an unchecked output buffer that can enable arbitrary code execution in System Management Mode (SMM) and may cause SMM memory corruption. The CVE is described as a H19Int15CallbackSmm memory-corruption vulnerability in combined DXE/SMM (SMRAM...
PT-2025-50938
The CleverDisplay BlueOne hardware player is designed with its USB interfaces physically enclosed and inaccessible under normal operating conditions. Researchers demonstrated that, after cicumventing the device’s protective enclosure, it was possible to connect a USB keyboard and press ESC during...
SolarEdge SE3680H 安全漏洞
The SolarEdge SE3680H is an HDW inverter from SolarEdge, Israel. A security vulnerability exists in the SolarEdge SE3680H that originates from the unauthenticated disclosure of sensitive information during the boot loop, which could lead to the disclosure of operating system information...
CVE-2025-36938
In U-Boot of appenduint32le, there is a possible fault injection due to a logic error in the code. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
Critical: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.14.2 for Spring Boot release.
Red Hat build of Apache Camel 4.14.2 for Spring Boot patch release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
CVE-2025-36938
CVE-2025-36938 concerns a fault injection vulnerability in U-Boot function append_uint32_le() caused by a logic error in the code. The issue enables physical elevation of privilege with no additional execution privileges required and no user interaction needed. Multiple sources (NVD/Red Hat/OSVed...
CVE-2025-36938
In U-Boot of appenduint32le, there is a possible fault injection due to a logic error in the code. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-36938
In U-Boot of appenduint32le, there is a possible fault injection due to a logic error in the code. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...