CVE-2024-9129

In versions of Zend Server 8.5 and prior to version 9.2 a format string injection was discovered. Reported by Dylan Marino...

CVE-2024-45330

A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests...

Bypassing MTE with CVE-2025-0072

Memory Tagging Extension MTE is an advanced memory safety feature that is intended to make memory corruption vulnerabilities almost impossible to exploit. But no mitigation is ever completely airtight--especially in kernel code that manipulates memory at a low level. Last year, I wrote about...

CVE-2024-25091

Protection mechanism failure issue exists in RevoWorks SCVX prior to scvimage4.10.211013 when using 'VirusChecker' or 'ThreatChecker' feature and RevoWorks Browser prior to 2.2.95 when using 'VirusChecker' or 'ThreatChecker' feature. If data containing malware is saved in a specific file format...

CVE-2024-21640

Chromium Embedded Framework CEF is a simple framework for embedding Chromium-based browsers in other applications.CefVideoConsumerOSR::OnFrameCaptured does not check pixelformat properly, which leads to out-of-bounds read out of the sandbox. This vulnerability was patched in commit 1f55d2e...

CVE-2024-36581

A Prototype Pollution issue in abw badger-database 1.2.1 allows an attacker to execute arbitrary code via dist/badger-database.esm...

CVE-2024-50399

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the...

CVE-2024-50403

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the...

CVE-2024-1803

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized access of functionality due to insufficient authorization validation on the PDF embed block in all versions ...

CVE-2024-6961

RAIL documents are an XML-based format invented by Guardrails AI to enforce formatting checks on LLM outputs. Guardrails users that consume RAIL documents from external sources are vulnerable to XXE, which may cause leakage of internal file data via the SYSTEM entity...

Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching bsc1242006. CVE-2024-35840: mptcp: use OPTIONMPTCPMPJSYNACK in subflowfinishconnect...

CVE-2024-54674

app/View/GalaxyClusters/clusterexportmispgalaxy.ctp in MISP through 2.5.2 has stored XSS when exporting custom clusters into the misp-galaxy format...

CVE-2024-50396

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QT...

CVE-2024-31837

DMitry Deepmagic Information Gathering Tool 1.3a has a format-string vulnerability, with a threat model similar to CVE-2017-7938...

CVE-2023-52229

Missing Authorization vulnerability in Save as PDF plugin by Pdfcrowd Word Replacer Pro.This issue affects Word Replacer Pro: from n/a through 1.0...

CVE-2023-28545

Memory corruption in TZ Secure OS while loading an app ELF...

CVE-2023-31794

MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdfmarklistpush. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted PDF file...

CVE-2023-22670

A heap-based buffer overflow exists in the DXF file reading procedure in Open Design Alliance Drawings SDK before 2023.6. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of the length of user-supplied XRecord data prior to copying it ...

CVE-2023-37239

Format string vulnerability in the distributed file system. Attackers who bypass the selinux permission can exploit this vulnerability to crash the program...

CVE-2023-41050

AccessControl provides a general security framework for use in Zope. Python's "format" functionality allows someone controlling the format string to "read" objects accessible recursively via attribute access and subscription from accessible objects. Those attribute accesses and subscriptions use...