Squid 安全漏洞

Squid is a suite of proxy server and web caching server software from Squid open source. The software provides features such as caching the World Wide Web, filtering traffic, and proxying the Internet. A security vulnerability exists in Squid 7.1 and earlier versions, which stems from improper...

CVE-2025-59362

CVE-2025-59362 affects Squid up to version 7.1, due to mishandling of ASN.1 encoding of long SNMP OIDs in asn_build_objid (lib/snmplib/asn1.c). The issue is triggered by the ASN.1 encoding path and is described across multiple advisories/documentation in Connected documents. Impact according to t...

CVE-2025-59362

Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This occurs in asnbuildobjid in lib/snmplib/asn1.c...

CVE-2025-47327

Memory corruption while encoding the image data...

CVE-2025-59821

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, DNN’s URL/path handling and template rendering can allow specially crafted input to be reflected into a user profile that is returned to the browser. In these cases,...

CVE-2025-0209

A reflected cross-site scripting XSS vulnerability exists in the account registration flow of WSO2 Identity Server due to improper output encoding. A malicious actor can exploit this vulnerability by injecting a crafted payload that is reflected in the server response, enabling the execution of...

PT-2025-39430

Name of the Vulnerable Software and Affected Versions vulnerability-lookup version 2.16.0 Description A cross-site scripting XSS issue exists in the handling of user-supplied input within the Bundles, Comments, and Sightings components of the software. Untrusted data was not properly sanitized...

CVE-2025-60249

vulnerability-lookup 2.16.0 allows XSS in bundle.py, comment.py, and user.py, by a user on a vulnerability-lookup instance who can add bundles, comments, or sightings. A cross-site scripting XSS vulnerability was discovered in the handling of user-supplied input in the Bundles, Comments, and...

CVE-2025-60249

CVE-2025-60249 affects vulnerability-lookup 2.16.0 and enables XSS via Bundles, Comments, and Sightings components (bundle.py, comment.py, user.py). The root cause is unsafe handling of user-supplied input, with untrusted data rendered in templates/tables due to innerHTML usage and insufficient v...

CVE-2025-47327

Memory corruption while encoding the image data...

CVE-2025-47327 Use After Free in Camera

Memory corruption while encoding the image data...

CVE-2025-47327

CVE-2025-47327 describes a memory-corruption issue during image data encoding affecting Qualcomm chipsets. The vulnerability’s root cause is memory corruption in the image encoding path, with the NVD/CVE records noting a high-severity risk (CVSS v3.1: Local attack, low complexity, no user interac...

CVE-2025-47327 Use After Free in Camera

Memory corruption while encoding the image data...

UBUNTU-CVE-2025-23274

NVIDIA nvJPEG contains a vulnerability in jpeg encoding where a user may cause an out-of-bounds read by providing a maliciously crafted input image with dimensions that cause integer overflows in array index calculations. A successful exploit of this vulnerability may lead to denial of service...

CVE-2025-23274

NVIDIA nvJPEG contains a vulnerability in jpeg encoding where a user may cause an out-of-bounds read by providing a maliciously crafted input image with dimensions that cause integer overflows in array index calculations. A successful exploit of this vulnerability may lead to denial of service...

CVE-2025-23274

The CVE-2025-23274 entry concerns NVIDIA nvJPEG in the CUDA Toolkit. The vulnerability is an out-of-bounds read in the jpeg encoding path triggered by a specially crafted input image, where dimensions cause integer overflows in array index calculations. This may lead to a denial of service. Root ...

CVE-2025-55887

Cross-Site Scripting XSS vulnerability was discovered in the meal reservation service ARD. The vulnerability exists in the transactionID GET parameter on the transaction confirmation page. Due to improper input validation and output encoding, an attacker can inject malicious JavaScript code that ...

PT-2025-39283

Name of the Vulnerable Software and Affected Versions Affected versions not specified Description A memory corruption issue exists when encoding image data. The issue involves potential corruption during the image encoding process. Recommendations At the moment, there is no information about a...

PT-2025-39253

Name of the Vulnerable Software and Affected Versions NVIDIA nvJPEG affected versions not specified Description The software contains a flaw in JPEG encoding that could allow an attacker to trigger an out-of-bounds read by supplying a specially designed image. The image dimensions are crafted to...

Qualcomm Chipsets 资源管理错误漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A resource management error vulnerability exists in Qualcomm Chipsets that stems from a memory corruption during image data encoding...