CVE-2007-20001

A flaw was found in StarWind iSCSI target. An attacker could script standard iSCSI Initiator operations to exhaust the StarWind service socket, which could lead to denial of service. This affects iSCSI SAN Windows Native Version 3.2.2 build 2007-02-20...

SUSE CVE-2025-37943

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix invalid data access in ath12kdprxhundecapnwifi In certain cases, hardware might provide packets with a length greater than the maximum native Wi-Fi header length. This can lead to accessing and modifying fields ...

DEBIAN-CVE-2025-37943

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix invalid data access in ath12kdprxhundecapnwifi In certain cases, hardware might provide packets with a length greater than the maximum native Wi-Fi header length. This can lead to accessing and modifying fields ...

UBUNTU-CVE-2025-37943

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix invalid data access in ath12kdprxhundecapnwifi In certain cases, hardware might provide packets with a length greater than the maximum native Wi-Fi header length. This can lead to accessing and modifying fields ...

Malicious code in wdpr-ra-javascript-native-bridge (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a2e2b40d8e2ee8d311cf5e007c4480255217d359bdde3c42115e42ad42f35dbb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in muto-kaiju-npm-native (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c0ab3464568eaf7276dd21b69d889e2dfa9dcf3b71917dd7f1c9bf08a310de52 The OpenSSF Package Analysis project identified 'muto-kaiju-npm-native' @ 1.0.4 npm as malicious. It is considered malicious because: - The...

MAL-2025-3955 Malicious code in muto-kaiju-npm-native (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c0ab3464568eaf7276dd21b69d889e2dfa9dcf3b71917dd7f1c9bf08a310de52 The OpenSSF Package Analysis project identified 'muto-kaiju-npm-native' @ 1.0.4 npm as malicious. It is considered malicious because: - The...

Malicious code in react-native-plugin-ms-adal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 361e4c6581b21fde6eeab43c3e36a75bd051771efd939b92cd3f82fbee601f6e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3852 Malicious code in react-native-plugin-ms-adal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 361e4c6581b21fde6eeab43c3e36a75bd051771efd939b92cd3f82fbee601f6e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

IBM Concert Software Path Traversal Vulnerability

IBM Concert Software is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. A path traversal vulnerability exists in IBM Concert Software that stems from improperly handling URL requests that contain point sequences, a...

IBM Concert Software Encryption Issues Vulnerabilities

IBM Concert Software is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. IBM Concert Software suffers from a cryptographic issue vulnerability that stems from the use of weak encryption algorithms, which could be...

php: Leak partial content of the heap through heap buffer over-read in mysqlnd

A flaw was found in the PHP MySQL client library. This vulnerability allows a hostile MySQL server to disclose the content of the client's heap, potentially exposing data from other SQL requests and other users of the same server via malicious server interactions...

Windows Trusted Runtime Interface Driver Information Disclosure Vulnerability

Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally...

CVE-2025-30147

Besu Native contains scripts and tooling that is used to build and package the native libraries used by the Ethereum client Hyperledger Besu. Besu 24.7.1 through 25.2.2, corresponding to besu-native versions 0.9.0 through 1.2.1, have a potential consensus bug for the precompiles ALTBN128ADD 0x06,...

The vulnerability of the IPS software modules of BIG-IP Next CNF (Cloud-Native Functions) and BIG-IP AFM (Advanced Firewall Manager) allows attackers to cause service interruptions.

The vulnerability of the IPS software solutions for network security, BIG-IP Next CNF Cloud-Native Functions and BIG-IP AFM Advanced Firewall Manager, is related to unlimited resource allocation. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

IBM CICS TX Standard 缓冲区错误漏洞

IBM CICS TX Standard is a comprehensive single transaction runtime package from International Business Machines IBM, Inc. It can provide a cloud-native deployment model for standalone applications. A buffer error vulnerability exists in IBM CICS TX Standard version 11.1, which stems from the...

CVE-2025-46821

Envoy is a cloud-native edge/middle/service proxy. Prior to versions 1.34.1, 1.33.3, 1.32.6, and 1.31.8, Envoy's URI template matcher incorrectly excludes the character from a set of valid characters in the URI path. As a result URI path containing the character will not match a URI template...

CVE-2025-46821 Envoy vulnerable to bypass of RBAC uri_template permission

Envoy is a cloud-native edge/middle/service proxy. Prior to versions 1.34.1, 1.33.3, 1.32.6, and 1.31.8, Envoy's URI template matcher incorrectly excludes the character from a set of valid characters in the URI path. As a result URI path containing the character will not match a URI template...

CVE-2025-30147

Besu Native contains scripts and tooling that is used to build and package the native libraries used by the Ethereum client Hyperledger Besu. Besu 24.7.1 through 25.2.2, corresponding to besu-native versions 0.9.0 through 1.2.1, have a potential consensus bug for the precompiles ALTBN128ADD 0x06,...

CVE-2025-30147

Hyperledger Besu relies on besu-native to implement ALTBN128_ADD, ALTBN128_MUL, and ALTBN128_PAIRING precompiles. From Besu 24.7.1 through 25.2.2 (besu-native 0.9.0–1.2.1), a consensus bug could arise because the gnark-crypto bn254 implementation used for these precompiles did not perform proper ...