Amazon Linux 2023 : cuda-nvdisasm-13 (ALAS2023NVIDIA-2025-145)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023NVIDIA-2025-145 advisory. NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successfu...

[SECURITY] Fedora 42 Update: reposurgeon-5.3-1.fc42

Reposurgeon enables risky operations that version-control systems don't want to let you do, such as editing past comments and metadata and removing commits. It works with any version control system that can export and import git fast-import streams, including git, hg, fossil, bzr, CVS and RCS. It...

PT-2025-31735 · WordPress · Ultimate Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Ultimate Addons for Elementor versions up to and including 2.4.6 Description: The Ultimate Addons for Elementor plugin for WordPress contains a flaw that allows unauthorized data modification. A missing capability check within the save hfe...

CVE-2025-54429

Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. There are various account address types in Frontier, e.g. precompiled contracts, smart contracts, and externally owned accounts. Some EVM mechanisms should be unreachable by certain types of accounts for...

RLSA-2025:7895 Important: compat-openssl10 security update

The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries and is provided for compatibility with previous releases and software that does not support compilation with OpenSSL-1.1. Security Fixes: openssl: X.400...

CVE-2025-54427

Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The extrinsic notemingaspricetarget is an inherent extrinsic, meaning only the block producer can call it. To ensure correctness, the ProvideInherent trait should be implemented for each inherent, which...

CVE-2025-54429

Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. There are various account address types in Frontier, e.g. precompiled contracts, smart contracts, and externally owned accounts. Some EVM mechanisms should be unreachable by certain types of accounts for...

CVE-2025-54427 Polkadot Frontier contains missing `check_inherent` for `note_min_gas_price_target` inflates gas price

Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The extrinsic notemingaspricetarget is an inherent extrinsic, meaning only the block producer can call it. To ensure correctness, the ProvideInherent trait should be implemented for each inherent, which...

CVE-2025-54427 Polkadot Frontier contains missing `check_inherent` for `note_min_gas_price_target` inflates gas price

Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The extrinsic notemingaspricetarget is an inherent extrinsic, meaning only the block producer can call it. To ensure correctness, the ProvideInherent trait should be implemented for each inherent, which...

CVE-2025-54426

Summary: Polkadot Frontier’s Curve25519Add and Curve25519ScalarMul precompiles mis-handle invalid Ristretto point representations in versions before commit 36f70d1, silently treating malformed inputs as the Ristretto identity element and potentially yielding incorrect cryptographic results. This ...

PT-2025-31152 · Parity Technologies · Polkadot Frontier

Name of the Vulnerable Software and Affected Versions: Polkadot Frontier versions prior to a754b3d Description: Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The note min gas price target extrinsic is an inherent extrinsic, callable only by the block...

Exploit for Use After Free in Microsoft

This is a PoC exploit for CVE-2019-0708, also known as the "BlueKeep" vulnerability. The vulnerability is in the Remote Desktop Protocol RDP service, which is a remote access protocol used by Windows systems. The exploit is designed to scan for vulnerable systems and exploit the vulnerability to...

Vulmap

This is an online local vulnerability scanner project called Vulmap. It is an open-source tool that can be used for defensive and offensive purposes. The tool scans the localhost to gather installed software information and checks for vulnerabilities using the Vulmon API. If vulnerabilities exist...

DEBIAN-CVE-2025-38427

In the Linux kernel, the following vulnerability has been resolved: video: screeninfo: Relocate framebuffers behind PCI bridges Apply PCI host-bridge window offsets to screeninfo framebuffers. Fixes invalid access to I/O memory. Resources behind a PCI host bridge can be relocated by a certain...

Security update 5.0.5 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2024-38822: Fixed Minion token validation bsc1244561 CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 CVE-2024-38824: Fixed directory traversal...

CVE-2025-7705 Authentication bypass due to compatibility mode enabled by default

: Active Debug Code vulnerability in ABB Switch Actuator 4 DU-83330, ABB Switch actuator, door/light 4 DU -83330-500.This issue affects Switch Actuator 4 DU-83330: All Versions; Switch actuator, door/light 4 DU -83330-500: All Versions...

CVE-2025-7705 Authentication bypass due to compatibility mode enabled by default

: Active Debug Code vulnerability in ABB Switch Actuator 4 DU-83330, ABB Switch actuator, door/light 4 DU -83330-500.This issue affects Switch Actuator 4 DU-83330: All Versions; Switch actuator, door/light 4 DU -83330-500: All Versions...

CVE-2025-7705

CVE-2025-7705 affects ABB Switch Actuator 4 DU-83330 and ABB Switch actuator, door/light 4 DU-83330-500, all versions. The issue is described as an Active Debug Code vulnerability. The PT-2025-30398 entry confirms the vulnerable components and versions and states there is no information about a f...

CVE-2025-6082 Birth Chart Compatibility <= 2.0 - Unauthenticated Full Path Exposure

The Birth Chart Compatibility plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0. This is due to insufficient protection against directly accessing the plugin's index.php file, which causes an error exposing the full path. This makes it possible f...

WordPress plugin Birth Chart Compatibility 信息泄露漏洞

WordPress Birth Chart Compatibility plugin is a tool for testing horoscope pairing compatibility. WordPress Birth Chart Compatibility plugin suffers from an information disclosure vulnerability that originates from direct access to the index.php file resulting in full path disclosure, which can b...