SUSE CVE-2023-53729

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: qmiencdec: Restrict string length in decode The QMI TLV value for strings in a lot of qmi element info structures account for null terminated strings with MAXLEN + 1. If a string is actually MAXLEN + 1 length, this wil...

EUVD-2025-35625

pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires parsing the content stream of a page which has an inline image using the DCTDecode filter. This has been fixed in...

CVE-2023-53729 soc: qcom: qmi_encdec: Restrict string length in decode

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: qmiencdec: Restrict string length in decode The QMI TLV value for strings in a lot of qmi element info structures account for null terminated strings with MAXLEN + 1. If a string is actually MAXLEN + 1 length, this wil...

PT-2025-43130

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Linux kernel related to Qualcomm QMI encoding and decoding. The QMI TLV value for strings within various QMI element info structures allocates space for...

CVE-2025-11680

Out-of-bounds Write in unfilterscanline in warmcat libwebsockets allows, when the LWSWITHUPNG flag is enabled during compilation and the HTML display stack is used, to write past a heap allocated buffer possibly causing a crash, when the user visits an attacker controlled website that contains a...

JLSEC-2025-136 In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vu...

In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vulnerability exists due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead to integer overflow conditions, potentially resulting in...

CVE-2025-60641

CVE-2025-60641 affects Vfront 0.99.52. The issue is a vulnerable call in mexcel.php that does unserialize(base64_decode($_POST['mexcel'])) on user-controlled input, decoded from base64 and deserialized without validation or allowed_classes. This allows injection of arbitrary PHP objects, with pot...

ROS-20251016-04

Vulnerability of X509VERIFYPARAMadd0policy function of OpenSSL library is related to errors in the procedure of of certificate authentication. Exploitation of the vulnerability could allow an attacker acting remotely to perform a "man-in-the-middle" type of attack. remotely to perform a...

CVE-2025-62380

Mailgen (Node.js) versions up to 2.0.31 expose an HTML injection/XSS risk in plaintext output generated by generatePlaintext. The plaintext cleaning code strips HTML tags with a regex, decodes HTML entities, and then replaces decoded content; however, HTML tags containing certain Unicode line sep...

CVE-2025-62366 Mailgen vulnerable to HTML injection and cross-site scripting via plaintext email generation

mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.30 contain an HTML injection vulnerability in plaintext emails produced by the generatePlaintext method when user‑generated content is supplied. The function attempts t...

Linux Distros Unpatched Vulnerability : CVE-2025-39962

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix untrusted unsigned subtract Fix the following Smatch static checker warning:...

CVE-2025-21052

Out-of-bounds write under specific condition in the pre-processing of JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to cause memory corruption...

CVE-2025-21051

Out-of-bounds write in the pre-processing of JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to write out-of-bounds memory...

CVE-2025-21053

Out-of-bounds write in the parsing header for JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to cause memory corruption...

CVE-2025-21054

Out-of-bounds read in the parsing header for JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to potentially access out-of-bounds memory...

CVE-2025-21052

Out-of-bounds write under specific condition in the pre-processing of JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to cause memory corruption...

CVE-2025-21051

Out-of-bounds write in the pre-processing of JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to write out-of-bounds memory...

CVE-2025-21052

Out-of-bounds write under specific condition in the pre-processing of JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to cause memory corruption...

EUVD-2025-33678

Out-of-bounds read in the parsing header for JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to potentially access out-of-bounds memory...

CVE-2025-21053

CVE-2025-21053 affects the libpadm.so library used on Samsung Mobile devices. The issue is an out-of-bounds write in the parsing header for JPEG decoding, leading to memory corruption. The vulnerability is present in versions before SMR Oct-2025 Release 1. The connected documents confirm the root...