CVE-2025-37975 riscv: module: Fix out-of-bounds relocation access

In the Linux kernel, the following vulnerability has been resolved: riscv: module: Fix out-of-bounds relocation access The current code allows relj to access one element past the end of the relocation section. Simplify to numrelocations which is equivalent to the existing size expression...

EulerOS Virtualization 2.12.0 : python3 (EulerOS-SA-2025-1572)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : There is a MEDIUM severity vulnerability affecting CPython. The socket module provides a pure- Python fallback to the...

Drupal Enterprise MFA - TFA for Drupal 跨站请求伪造漏洞

Drupal Enterprise MFA - TFA for Drupal is a module plugin in the Drupal content management system from the Drupal community. A security vulnerability exists in Drupal Enterprise MFA - TFA for Drupal versions prior to 5.2.0 that stems from vulnerability to cross-site request forgery attacks...

CVE-2025-3632 IBM 4769 Developers Toolkit denial of service

IBM 4769 Developers Toolkit 7.0.0 through 7.5.52 could allow a remote attacker to cause a denial of service in the Hardware Security Module HSM due to improper memory allocation of an excessive size...

CVE-2025-46593

Process residence vulnerability in abnormal scenarios in the print module Impact: Successful exploitation of this vulnerability may affect availability...

oath-toolkit: Local root exploit in a PAM module

A vulnerability was found in a PAM module, the oath-toolkit. The module gained a feature that allowed placing the OTP state file, called the usersfile, in the home directory of the to-be-authenticated user. The PAM module performed unsafe file operations in the users' home directories. Since PAM...

IFrame Remove Filter - Moderately critical - Cross site scripting - SA-CONTRIB-2025-051

This module enables you to add a filter to text formats Full HTML, Filtered HTML, which will remove every iframe where the "src" is not on the allowlist. The module doesn't sufficiently filter these iframes in certain situations. This vulnerability is mitigated by the fact that an attacker must b...

CVE-2025-46585

Out-of-bounds array read/write vulnerability in the kernel module Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2025-2082

Tesla Model 3 VCSEC Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the VCSEC...

UBUNTU-CVE-2025-3637

A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery CSRF attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the moddata module: edit and delete pages...

PT-2025-17660 · Drupal · Sportsleague

Name of the Vulnerable Software and Affected Versions: Sportsleague versions . Description: The issue affects the Sportsleague module in Drupal, but specific details about the nature of the issue are not provided in the available information. Recommendations: At the moment, there is no informatio...

CVE-2024-33452

An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request...

PT-2025-26 · Ооо '1С Битрикс' · Модуль Iblock

Уязвимость модуля iblock системы управления содержимым сайтов CMS 1С-Битрикс: Управление сайтом связана с ошибками при обработке относительного пути к каталогу. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к защищаемой информации...

CVE-2024-10088

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS Cross-site Scripting attacks. An attacker might trick a user into filling a login form with a malicious script, what causes the script to run in user's context. This vulnerability has been patched in version 7...

Vulnerability of the iavf_init_module() function in the drivers/net/ethernet/intel/iavf/iavf_main.c module – This is a driver for supporting Ethernet network adapters in Linux kernel-based operating systems. It allows attackers to gain access to protected information.

The vulnerability of the iavfinitmodule function in the drivers/net/ethernet/intel/iavf/iavfmain.c module exists. This vulnerability in the Linux kernel’s Ethernet driver code allows attackers to access protected information...

Vulnerability of the int3400_setup_gddv() function in the drivers/thermal/intel/int340x_thermal/int3400_thermal.c module – a Linux kernel temperature control driver that allows a hacker to cause a service failure.

Vulnerability of the int3400setupgddv function in the drivers/thermal/intel/int340xthermal/int3400thermal.c module – The Linux kernel temperature control driver contains errors in its code. Exploiting this vulnerability could allow an attacker to cause system failures...

Drupal TacJS module < 6.7.0 - Authenticated Cross Site Scripting (XSS) vulnerability

Authenticated Cross Site Scripting XSS vulnerability discovered by Pierre Rudloff prudloff in WordPress Module TacJS versions 6.7.0...

CVE-2025-28256

An issue in TOTOLINK A3100R V4.1.2cu.5247B20211129 allows a remote attacker to execute arbitrary code via the setWebWlanIdx of the file /lib/cstemodules/wireless.so...

The vulnerability of the cpython module in the Python programming language allows a perpetrator to execute arbitrary code.

The vulnerability of the cPython programming language in Python is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows an attacker to execute arbitrary code...

CVE-2021-37787

The unprivileged administrative interface in ABO.CMS version 5.8 through v.5.9.3 is affected by a SQL Injection vulnerability via a HTTP POST request to the TinyMCE module...