Lucene search
K

5614 matches found

SUSE CVE
SUSE CVE
added 2025/09/12 11:23 p.m.11 views

SUSE CVE-2025-39787

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: mdtloader: Ensure we don't read past the ELF header When the MDT loader is used in remoteproc, the ELF header is sanitized beforehand, but that's not necessary the case for other clients. Validate the size of the...

4.4CVSS6.6AI score0.00148EPSS
Exploits0References22
Snyk
Snyk
added 2025/09/12 2:41 p.m.1 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the gonja template parsing process. An attacker can access arbitrary files on the server by injecting malicious template statements into prompts. Allowing an attacker to insert a statement into a prompt to...

9.8CVSS7.3AI score0.00666EPSS
Exploits0References2
OSV
OSV
added 2025/09/12 2:24 p.m.5 views

OESA-2025-2252 assimp security update

Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose. Security Fixes: A vulnerability has been found in Op...

8.8CVSS6.3AI score0.00618EPSS
Exploits3References4
NVD
NVD
added 2025/09/11 5:15 p.m.10 views

CVE-2025-39787

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: mdtloader: Ensure we don't read past the ELF header When the MDT loader is used in remoteproc, the ELF header is sanitized beforehand, but that's not necessary the case for other clients. Validate the size of the...

5.5CVSS0.00148EPSS
Exploits0References12
OSV
OSV
added 2025/09/11 5:15 p.m.3 views

DEBIAN-CVE-2025-39787

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: mdtloader: Ensure we don't read past the ELF header When the MDT loader is used in remoteproc, the ELF header is sanitized beforehand, but that's not necessary the case for other clients. Validate the size of the...

5.5CVSS5.6AI score0.00148EPSS
Exploits0References1
OSV
OSV
added 2025/09/11 5:15 p.m.5 views

AZL-74682 CVE-2025-39787 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: mdtloader: Ensure we don't read past the ELF header When the MDT loader is used in remoteproc, the ELF header is sanitized beforehand, but that's not necessary the case for other clients. Validate the size of the...

5.5CVSS5.8AI score0.00148EPSS
Exploits0References1
OSV
OSV
added 2025/09/11 5:15 p.m.14 views

AZL-67211 CVE-2025-39787 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: mdtloader: Ensure we don't read past the ELF header When the MDT loader is used in remoteproc, the ELF header is sanitized beforehand, but that's not necessary the case for other clients. Validate the size of the...

5.5CVSS5.8AI score0.00148EPSS
Exploits0References1
OSV
OSV
added 2025/09/11 5:15 p.m.3 views

UBUNTU-CVE-2025-39787

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: mdtloader: Ensure we don't read past the ELF header When the MDT loader is used in remoteproc, the ELF header is sanitized beforehand, but that's not necessary the case for other clients. Validate the size of the...

5.5CVSS6AI score0.00148EPSS
Exploits0References36
Cvelist
Cvelist
added 2025/09/11 4:56 p.m.9 views

CVE-2025-39787 soc: qcom: mdt_loader: Ensure we don't read past the ELF header

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: mdtloader: Ensure we don't read past the ELF header When the MDT loader is used in remoteproc, the ELF header is sanitized beforehand, but that's not necessary the case for other clients. Validate the size of the...

0.00148EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2025/09/11 4:56 p.m.4 views

CVE-2025-39787

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: mdtloader: Ensure we don't read past the ELF header When the MDT loader is used in remoteproc, the ELF header is sanitized beforehand, but that's not necessary the case for other clients. Validate the size of the...

5.5CVSS5.6AI score0.00148EPSS
Exploits0
OSV
OSV
added 2025/09/11 4:56 p.m.14 views

CVE-2025-39787 soc: qcom: mdt_loader: Ensure we don't read past the ELF header

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: mdtloader: Ensure we don't read past the ELF header When the MDT loader is used in remoteproc, the ELF header is sanitized beforehand, but that's not necessary the case for other clients. Validate the size of the...

5.5CVSS6.2AI score0.00148EPSS
Exploits0References13
Rapid7 Blog
Rapid7 Blog
added 2025/09/11 12:26 p.m.11 views

Rapid7 Q2 2025 Incident Response Findings

Rapid7’s Q2 incident response IR data illustrates a solidification of trends first observed in Q1. There are no sweeping changes to commonly observed malware, or noticeably different software being deployed by threat actors in Q2. If you were expecting Bunny Loader to lose its impressive...

10CVSS10AI score0.99698EPSS
Exploits53
Rosalinux
Rosalinux
added 2025/09/11 10:17 a.m.9 views

Advisory ROSA-SA-2025-3000

software: grub2 2.06 WASP: ROSA-CHROME unaffected versions = grub2-2.06-24 affected versions grub2-2.06-24 CVE-ID: CVE-2024-45779 BDU-ID: 2025-03832 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the BFS file system of the Grub2 operating system boot loader is related to reads outside the allowed...

8.8CVSS7.4AI score0.00721EPSS
Exploits0
Rosalinux
Rosalinux
added 2025/09/11 10:6 a.m.6 views

Advisory ROSA-SA-2025-2996

software: grub2 2.06 WASP: ROSA-CHROME unaffected versions = grub2-2.06-23 affected versions grub2-2.06-23 CVE-ID: CVE-2024-45777 BDU-ID: 2025-07120 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the gettext component of the Grub operating systems loader is related to integer overflow. Exploitation...

7.8CVSS7.5AI score0.0044EPSS
Exploits0
OSV
OSV
added 2025/09/10 8:30 p.m.4 views

GHSA-P2XP-XX3R-MFFC PyInstaller has local privilege escalation vulnerability

Impact Due to a special entry being appended to sys.path during the bootstrap process of a PyInstaller-frozen application, and due to the bootstrap script attempting to load an optional module for bytecode decryption while this entry is still present in sys.path, an application built with...

7CVSS7.7AI score0.00114EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2024-37149

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An...

8.8CVSS5.7AI score0.21078EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/09/10 12:0 a.m.2 views

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2025-2124)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS6.7AI score0.0039EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/09/09 9:19 p.m.18 views

MONAI: Unsafe torch usage may lead to arbitrary code execution

Summary In modeldict = torch.loadfullpath, maplocation=torch.devicedevice, weightsonly=True in monai/bundle/scripts.py , weightsonly=True is loaded securely. However, insecure loading methods still exist elsewhere in the project, such as when loading checkpoints. This is a common practice when...

8.8CVSS7.5AI score0.00684EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2025/09/09 7:52 p.m.3 views

CVE-2025-58759 TinyEnv: Inline comments not stripped properly in .env values

TinyEnv is an environment variable loader for PHP applications. In versions 1.0.9 and 1.0.10, TinyEnv did not properly strip inline comments inside .env values. This could lead to unexpected behavior or misconfiguration, where variables contain unintended characters including or comment text...

5.1CVSS6.6AI score0.00194EPSS
Exploits0References3
Veracode
Veracode
added 2025/09/09 7:24 a.m.5 views

Denial Of Service (DoS)

org.bouncycastle, bc-fips is vulnerable to Denial Of Service DoS. The vulnerability is due to excessive allocation in the org.Bouncycastle.Crypto.Fips.NativeLoader module, which allows an attacker to exhaust system resources and cause a denial of service...

1CVSS6.9AI score0.00137EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder