CVE-2025-68259

Summary: In the Linux kernel’s KVM/SVM path, re-injecting a soft interrupt when replacing INT3/INT0/INTn can lead to decoding a different instruction and thus a wrong next RIP. This can clobber guest state and trigger a guest panic (e.g., Oops: int3) if the RIP lookup uses the incorrect instructi...

PT-2025-51672

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the KVM SVM component. Specifically, when re-injecting a soft interrupt from an INT3 instruction, the system may discard the exception and retry t...

Grassroot DICOM 安全漏洞

Grassroot DICOM is a Sourceforge open source C++ library for DICOM medical files. A security vulnerability exists in Grassroot DICOM version 3.024, which stems from an out-of-bounds read in the RLECodec decoding function that could lead to information disclosure...

Grassroot DICOM 缓冲区错误漏洞

Grassroot DICOM is a Sourceforge open source C++ library for DICOM medical files. A buffer error vulnerability exists in Grassroot DICOM version 3.024, which stems from an out-of-bounds read in the JPEGBITSCodec decoding function that could lead to information disclosure...

SUSE-SU-2025:4398-1 Security update for python3

This update for python3 fixes the following issues: Security issues fixed: - CVE-2025-6075: Fixed simple quadratic complexity vulnerabilities on os.path.expandvars bsc1252974. - CVE-2025-8291: Fixed missing validity checks of the ZIP64 End of Central Directory EOCD bsc1251305. Other issues fixed:...

curl: Path Traversal Bypass in file:// URLs Due to Incomplete URL-Encoded Path Normalization

Summary: The dedotdotify function in lib/urlapi.c is responsible for removing path traversal sequences ../ and ./ from URLs according to RFC 3986. However, the function only recognizes literal forward slashes / when identifying path segments and does not handle URL-encoded slashes %2f or %2F. Thi...

CVE-2025-14606

A security vulnerability has been detected in tiny-rdm Tiny RDM up to 1.2.5. Affected by this vulnerability is the function pickle.loads of the file pickleconvert.go of the component Pickle Decoding. The manipulation leads to deserialization. The attack can be initiated remotely. A high degree of...

CVE-2025-14606

CVE-2025-14606 affects tiny-rdm (up to version 1.2.5). The vulnerability lies in the Pickle Decoding component, specifically pickle_convert.go’s pickle.loads, enabling deserialization and a potentially remote attack. The CVE notes remote initiation, with high attack complexity and publicly disclo...

CVE-2025-14606 tiny-rdm Tiny RDM Pickle Decoding pickle_convert.go pickle.loads deserialization

A security vulnerability has been detected in tiny-rdm Tiny RDM up to 1.2.5. Affected by this vulnerability is the function pickle.loads of the file pickleconvert.go of the component Pickle Decoding. The manipulation leads to deserialization. The attack can be initiated remotely. A high degree of...

Tiny RDM 代码问题漏洞

Tiny RDM is a desktop manager by Lykin Personal Developers. A code issue vulnerability exists in Tiny RDM 1.2.5 and earlier versions, which stems from a deserialization issue in the pickle.loads function of the pickleconvert.go file in the Pickle Decoding component, which could lead to remote...

[SECURITY] Fedora 43 Update: dr_libs-0^20251201.877b096-1.fc43

Single-file audio decoding libraries for C/C++...

UBUNTU-CVE-2025-64702

quic-go is an implementation of the QUIC protocol in Go. Versions 0.56.0 and below are vulnerable to excessive memory allocation through quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large header field section many unique header...

CVE-2025-64702 quic-go HTTP/3 QPACK Header Expansion DoS

quic-go is an implementation of the QUIC protocol in Go. Versions 0.56.0 and below are vulnerable to excessive memory allocation through quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large header field section many unique header...

USN-7918-1 netty vulnerabilities

Jeppe Bonde Weikop discovered that Netty incorrectly parsed HTTP messages. When Netty is used with certain reverse proxies, a remote attacker could possibly use this issue to perform HTTP request smuggling attacks. CVE-2025-58056 Jonas Konrad discovered that Netty did not properly manage memory...

CVE-2025-48631

In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48631

In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

GHSA-GM62-XV2J-4W53 urllib3 allows an unbounded number of links in the decompression chain

Impact urllib3 supports chained HTTP encoding algorithms for response content according to RFC 9110 e.g., Content-Encoding: gzip, zstd. However, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps...

openSUSE 16 Security Update : python-cbor2 (openSUSE-SU-2025-20133-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025-20133-1 advisory. - CVE-2025-64076: Fixed bug in decodedefinitelongstring that causes incorrect chunk length calculation bsc1253746. Already fixed in release 5.6....

Meta React Server Components Remote Code Execution Vulnerability

Meta React Server Components contains a remote code execution vulnerability that could allow unauthenticated remote code execution by exploiting a flaw in how React decodes payloads sent to React Server Function endpoints. Please note CVE-2025-66478 has been rejected, but it is associated with...

CVE-2025-53965

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The function used to decode the SOR transparent container lacks bounds checking...