CVE-2025-54610

Out-of-bounds access vulnerability in the audio codec module. Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2025-54627

Out-of-bounds write vulnerability in the skia module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

PT-2025-32074 · Unknown · Hvb Module

Name of the Vulnerable Software and Affected Versions: HVB module affected versions not specified Description: The vulnerability is due to insufficient data length verification in the HVB module. Successful exploitation of this issue may affect service integrity. Recommendations: At the moment,...

CVE-2025-4426 SetupAutomationSmm : SMRAM memory contents leak / information disclosure vulnerability in SMM module

The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability. https://support.lenovo.com/us/en/productsecurity/home...

CVE-2025-4423 SetupAutomationSmm:Vulnerability in the SMM module allow attacker to write arbitrary code and lead to memory corruption

The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability. https://support.lenovo.com/us/en/productsecurity/home...

CVE-2025-8194 Tarfile infinite loop during parsing with negative member offset

There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives...

CVE-2025-7868 Portabilis i-Educar Calendar educar_calendario_dia_motivo_cad.php cross site scripting

A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /intranet/educarcalendariodiamotivocad.php of the component Calendar Module. The manipulation of the argument Motivo/descricao results in cross site scripting. It is possible to...

CVE-2025-7866 Portabilis i-Educar Disabilities Module educar_deficiencia_lst.php cross site scripting

A vulnerability was found in Portabilis i-Educar 2.9.0. It has been rated as problematic. This issue affects some unknown processing of the file /intranet/educardeficiencialst.php of the component Disabilities Module. The manipulation of the argument Deficiência ou Transtorno leads to cross site...

CVE-2025-7672

The improper default setting in JiranSoft CrossEditor4 on Windows, Linux, Unix API modules potentaily allows Stored XSS. This issue affects CrossEditor4: from 4.0.0.01 before 4.6.0.23...

Huawei EulerOS: Security Advisory for libcap (EulerOS-SA-2025-1779)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-7113 Portabilis i-Educar Curricular Components Module edit cross site scripting

A vulnerability was found in Portabilis i-Educar 2.9.0. It has been classified as problematic. Affected is an unknown function of the file /module/ComponenteCurricular/edit?id=ID of the component Curricular Components Module. The manipulation of the argument Nome leads to cross site scripting. It...

CVE-2025-7112 Portabilis i-Educar Function Management Module educar_funcao_det.php cross site scripting

A vulnerability was found in Portabilis i-Educar 2.9.0 and classified as problematic. This issue affects some unknown processing of the file /intranet/educarfuncaodet.php?codfuncao=COD&refcodinstituicao=COD of the component Function Management Module. The manipulation of the argument Função leads...

The vulnerability of the cookie-consent management module on Drupal COOKiES websites stems from the lack of measures taken to protect the website structure. This allows attackers to perform cross-site scripting attacks (XSS).

The vulnerability of the cookie-consent management module on Drupal COOKiES websites is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting XSS attacks remotely...

The vulnerability of the Nomad Module component of the 1E Client software allows a hacker to delete any files on the device.

The vulnerability of the Nomad Module component of the 1E Client software lies in the improper handling of symbolic links before accessing files. Exploiting this vulnerability could allow an attacker to delete any files on the device...

ROS-20250619-01

A vulnerability in the Rack module interface of the Ruby programming language interpreter is related to sending requests with an extremely large number of parameters. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A vulnerability in the Rack...

CVE-2024-55567

Improper input validation was discovered in UsbCoreDxe in Insyde InsydeH2O kernel 5.4 before 05.47.01, 5.5 before 05.55.01, 5.6 before 05.62.01, and 5.7 before 05.71.01. The SMM module has an SMM call out vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary...

CVE-2025-48905

Wasm exception capture vulnerability in the arkweb v8 module Impact: Successful exploitation of this vulnerability may cause the failure to capture specific Wasm exception types...

The vulnerability in the fs/dlm/lock.c module of the Linux kernel’s locking mechanism allows a hacker to trigger a service failure.

The vulnerability in the fs/dlm/lock.c module of the Linux operating system’s locking manager, which involves pointer dereferencing errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the bpf_send_signal_common() function in the Linux kernel component of the MM module allows a hacker to trigger a service failure.

The vulnerability of the bpfsendsignalcommon function in the Linux kernel component is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow an attacker to trigger a system failure...

CVE-2024-47292

Path traversal vulnerability in the Bluetooth module Impact: Successful exploitation of this vulnerability may affect service confidentiality...