CVE-2025-62397

CVE-2025-62397 describes a router-side issue where responses to invalid course IDs are inconsistent, enabling an attacker to infer which course IDs exist (information disclosure for reconnaissance). The CVSS v3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) indicates network access with low confi...

CVE-2025-62813

...

UBUNTU-CVE-2025-62707

pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires parsing the content stream of a page which has an inline image using the DCTDecode filter. This has been fixed in...

EUVD-2025-35633

BookLore is a self-hosted web app for organizing and managing personal book collections. In versions 1.8.1 and prior, an authentication bypass vulnerability in the BookMediaController allows any unauthenticated user to access and download book covers, thumbnails, and complete PDF/CBX page content...

pypdf can exhaust RAM via manipulated LZWDecode streams

Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream of a page using the LZWDecode filter. Patches This has been fixed in pypdf==6.1.3. Workarounds If you cannot upgrade yet, consider applying the changes from P...

CLSA-2025-1761143521 Fix CVE(s): CVE-2025-1153

SECURITY UPDATE: memory corruption in bfdsetformat function - debian/patches/CVE-2025-1153.patch: Fix heap/memory corruption in bfdsetformat of format.c - CVE-2025-1153...

kernel: Fix of 39 CVEs

nfs: fix UAF in direct writes CVE-2024-26958 - NFSD: Fix the behavior of READ near OFFSETMAX CVE-2022-48827 - thermal: core: prevent potential string overflow CVE-2023-52868 - ath5k: fix OOB in ath5keepromreadpcalinfo5111 CVE-2021-47633 - RDMA/cma: Ensure rdmaaddrcancel happens before issuing...

CVE-2023-53695 udf: Detect system inodes linked into directory hierarchy

In the Linux kernel, the following vulnerability has been resolved: udf: Detect system inodes linked into directory hierarchy When UDF filesystem is corrupted, hidden system inodes can be linked into directory hierarchy which is an avenue for further serious corruption of the filesystem and kerne...

mmc: core: use sysfs_emit() instead of sprintf()

...

CVE-2025-60507

Cross site scripting vulnerability in Moodle GeniAI plugin localgeniai 2.3.6. An authenticated user with Teacher role can upload a PDF containing embedded JavaScript. The assistant outputs a direct HTML link to the uploaded file without sanitization. When other users including Students or...

Hikvision CSMP iSecure Center 安全漏洞

Hikvision CSMP iSecure Center is an integrated security management platform from Hikvision China. A security vulnerability exists in Hikvision CSMP iSecure Center version 2024-08-01 and earlier, which stems from unverified execution of the $ command in JSON data, which could lead to the execution...

SUSE CVE-2025-58147

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Some Viridian hypercalls can specify a mask of vCPU IDs as an input, in one of three formats. Xen has boundary checking bugs with all three formats, which can cause...

Privilege Escalation

PyInstaller is vulnerable to Privilege Escalation. The vulnerability is due to the bootstrap process appending a special entry to sys.path and attempting to load an optional bytecode-decryption module while that entry is present, which allows an attacker who can create files/directories next to t...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987537)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987537 advisory. In the Linux kernel, the following vulnerability has been resolved: powerpc/secvar: fix refcount leak in formatshow Refcount leak will happen when formatshow returns...

Moodle GeniAI plugin 安全漏洞

Moodle GeniAI plugin is a large modeling plugin for Moodle open source. A security vulnerability exists in Moodle GeniAI plugin version 2.3.6, which stems from an uncleaned JavaScript embedded in PDF files and could lead to a cross-site scripting attack...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987621)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987621 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/plane: Move range check for formatcount earlier While the check for formatcount 64 in...

CVE-2025-11896

A flaw was found in Xpdf. A PDF object loop in a CMap, via the "UseCMap" entry leads to an infinite recursion and a stack overflow, resulting in an application crash...

EUVD-2025-35044

Cross-site Scripting XSS stored vulnerability in Tawk Live Chat. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by uploading a malicious PDF with JavaScript payload through the chatbot. The PDF is stored by the application and subsequently displayed witho...

JLSEC-2025-160 A flaw was found in GLib

A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service...

JLSEC-2025-101 FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability in libavcode...

FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability in libavcodec/cbsav1.c that can result in Denial of service. This attack appears to be exploitable via specially crafted AV1 file has to be provided as input. This vulnerability appears to have been fixed in...