CVE-2025-20234

A vulnerability in Universal Disk Format UDF processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to a memory overread during UDF file scanning. An attacker could exploit this vulnerability...

DEBIAN-CVE-2025-20234

A vulnerability in Universal Disk Format UDF processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to a memory overread during UDF file scanning. An attacker could exploit this vulnerability...

UBUNTU-CVE-2025-20234

A vulnerability in Universal Disk Format UDF processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to a memory overread during UDF file scanning. An attacker could exploit this vulnerability...

CVE-2025-20234

A vulnerability in Universal Disk Format UDF processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to a memory overread during UDF file scanning. An attacker could exploit this vulnerability...

Exploit for CVE-2025-7503

Research on V380 CCTV IP Camera CVE-2025-7503 🔒 Summ...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Ncr Terminal_Handler

💼 Breaking Bank-Grade Software: My Public CVE Disclosures in N...

ClamAV 安全漏洞

ClamAV Clam AntiVirus is a free and open source antivirus program from the ClamAV team. The software is used to detect Trojans, viruses, malware and other malicious threats. A security vulnerability exists in ClamAV that stems from improper allocation of memory buffers during PDF file processing,...

📄 ONLYOFFICE Docs 8.3.1 Cross Site Scripting

ONLYOFFICE Docs versions 8.3.1 and below suffers from a reflective cross site scripting vulnerability. SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Reflected Cross-Site Scripting product: ONLYOFFICE Docs...

DEBIAN-CVE-2025-6199

A flaw was found in the GIF parser of GdkPixbuf’s LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather than the actual number of written bytes. This logic error results in uninitialized sections of the...

UBUNTU-CVE-2025-6199

A flaw was found in the GIF parser of GdkPixbuf’s LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather than the actual number of written bytes. This logic error results in uninitialized sections of the...

CVE-2025-6199

A flaw was found in the GIF parser of GdkPixbuf’s LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather than the actual number of written bytes. This logic error results in uninitialized sections of the...

gimp: Multiple heap buffer overflows in TGA parser

A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing a heap buffer overflow...

gimp: Multiple heap buffer overflows in TGA parser

A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing a heap buffer overflow...

Technical Options for Flexible Hardware-Enabled Guarantees

Frontier AI models pose increasing risks to public safety and international security, creating a pressing need for AI developers to provide credible guarantees about their development activities without compromising proprietary information. We propose Flexible Hardware-Enabled Guarantees flexHEG,...

Astra Linux – Vulnerability in binutils

A potential heap-based buffer overflow was detected in the bfdelfslurpversiontables function in bfd/elf.c. This could lead to a loss of functionality...

Astra Linux – Vulnerability in GIMP

GIMP XWD File Parsing: Integer Overflow and Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability, as the target must visit a malicious page or open a...

Astra Linux – Vulnerability in Thunderbird

Thunderbird’s handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By creating a nested email attachment message/rfc822 and setting its content type to application/pdf, Thunderbird may incorrectly render it as HTML when opened,...

Astra Linux – Vulnerability in GhostScript

A issue was discovered in Artifex Ghostscript prior to version 10.05.0. A buffer overflow occurs due to an excessively large Type 4 function in a PDF document, located in pdf/pdffunc.c...

📄 AirKeyboard iOS App 1.0.5 Remote Input Injection

The AirKeyboard iOS application version 1.0.5 exposes a WebSocket server on port 8888 which accepts arbitrary input injection messages from any client. No authentication or pairing process is required. This allows any attacker to type arbitrary keystrokes directly into the victim’s iOS device in...

ALSA-2025:9119 Important: libvpx security update

The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Security Fixes: libvpx: Double-free in libvpx encoder CVE-2025-5283 For more details about the security issues, including the impac...