SUSE CVE-2025-41244

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate...

CVE-2025-56301

An issue was discovered in Chipsalliance Rocket-Chip commit f517abbf41abb65cea37421d3559f9739efd00a9 2025-01-29 allowing attackers to corrupt exception handling and privilege state transitions via a flawed interaction between exception handling and MRET return mechanisms in the CSR logic when an...

CVE-2025-56301

An issue was discovered in Chipsalliance Rocket-Chip commit f517abbf41abb65cea37421d3559f9739efd00a9 2025-01-29 allowing attackers to corrupt exception handling and privilege state transitions via a flawed interaction between exception handling and MRET return mechanisms in the CSR logic when an...

CVE-2025-56301

Summary (CVE-2025-56301) — The issue affects Chipsalliance Rocket-Chip, tied to the CSR logic in the commit f517abbf41abb65cea37421d3559f9739efd00a9. The root cause is a flawed interaction between exception handling and the MRET return mechanism, which can trigger faulty trap behavior when an exc...

PT-2025-39994

Name of the Vulnerable Software and Affected Versions Rocket-Chip commit f517abbf41abb65cea37421d3559f9739efd00a9 2025-01-29 Description An issue exists in the Control and Status Register CSR logic that allows attackers to corrupt exception handling and privilege state transitions. This occurs du...

CVE-2025-56301

An issue was discovered in Chipsalliance Rocket-Chip commit f517abbf41abb65cea37421d3559f9739efd00a9 2025-01-29 allowing attackers to corrupt exception handling and privilege state transitions via a flawed interaction between exception handling and MRET return mechanisms in the CSR logic when an...

CVE-2025-41244

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate...

CVE-2025-41244

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate...

CVE-2025-41244

CVE-2025-41244 covers a local privilege-escalation in Open VM Tools used with VMware Aria Operations; a non-administrative local user with access to a VM that has VMware Tools (SDMP enabled) can escalate to root within the same VM. Affected component: open-vm-tools bundled with VMware Tools; root...

Malicious code in notificationalerts (npm)

The package notificationalerts was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9c1205ef89ec9b8ec887a5a8e4d166be6421e33f4d61a691c4bd2e7000ee5c14 Any computer that has this package installed or running should be considered fully...

UBUNTU-CVE-2025-41244

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate...

PT-2025-39909

Name of the Vulnerable Software and Affected Versions vet versions prior to 1.12.5 Description The software is susceptible to a DNS rebinding attack because of missing HTTP Host and Origin header validation. When used as an MCP server in SSE mode with default ports, the sqlite3 database containin...

Path Traversal (Arbitrary Write) in Jira Software Data Center and Server

This High severity Path Traversal Arbitrary Write vulnerability was introduced in versions: 9.12.0, 10.3.0 and remain present in 11.0.0 of Jira Software Data Center and Server. This Path Traversal Arbitrary Write vulnerability, with a CVSS Score of 8.7, allows an attacker to modify any filesystem...

H2O Flow Unauthenticated Access

H2O Flow is an open-source user interface for H2O, an open-source, distributed and scalable machine learning and predictive analytics platform. By default, H2O Flow does not require authentication to access the application. This allows an attacker to access sensitive data. This detection is...

CVE-2025-21476

Memory corruption when passing parameters to the Trusted Virtual Machine during the handshake...

CVE-2025-27077

Memory corruption while processing message in guest VM...

CVE-2025-47315

Memory corruption while handling repeated memory unmap requests from guest VM...

ML-Logger 安全漏洞

ML-Logger is a logger, server and visualization dashboard for machine learning projects by Ge Yang Personal Developer. A security vulnerability exists in ML-Logger acf255bade5be6ad88d90735c8367b28cbe3a743 and prior versions, which stems from an incorrect manipulation of the parameter data of the...

ML-Logger 路径遍历漏洞

ML-Logger is a logger, server and visualization dashboard for machine learning projects by Ge Yang Personal Developer. A path traversal vulnerability exists in ML-Logger acf255bade5be6ad88d90735c8367b28cbe3a743 and prior versions, which stems from a misbehavior of the loghandler function in the...

ALSA-2025:16823 Moderate: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: openssh: Machine-in-the-middle attack if VerifyHostKeyDNS is enabled CVE-2025-26465 For more...