EUVD-2025-201703

In affected versions, vulnerability-lookup did not track or limit failed One-Time Password OTP attempts during Two-Factor Authentication 2FA verification. An attacker who already knew or guessed a valid username and password could submit an arbitrary number of OTP codes without causing the accoun...

EUVD-2023-60061

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix memory leak in ath12kqmidrivereventwork Currently the buffer pointed by event is not freed in case ATH12KFLAGUNREGISTERING bit is set, this causes memory leak. Add a goto skip instead of return, to ensure event...

EUVD-2025-201627

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix race in hcicmdsyncdequeueonce hcicmdsyncdequeueonce does lookup and then cancel the entry under two separate lock sections. Meanwhile, hcicmdsyncwork can also delete the same entry, leading to double listd...

UBUNTU-CVE-2023-53751

In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential use-after-free bugs in TCPServerInfo::hostname TCPServerInfo::hostname may be updated once or many times during reconnect, so protect its access outside reconnect path as well and then prevent any potential...

CVE-2023-53751

CVE-2023-53751 affects the Linux kernel CIFS code: TCP_Server_Info::hostname may be updated during reconnect, and access wasn’t properly protected outside the reconnect path, enabling a use-after-free and potential memory corruption. The connected advisories indicate kernel security updates (RHSA...

PT-2025-49550

Some endpoints in vulnerability-lookup that modified application state e.g. changing database entries, user data, configurations, or other privileged actions may have been accessible via HTTP GET requests without requiring a CSRF token. This flaw leaves the application vulnerable to Cross-Site...

Enalean Tuleap 跨站请求伪造漏洞

Enalean Tuleap is a free and open source tool from the French company Enalean. It is used for end-to-end traceability of application and system development. A cross-site request forgery vulnerability exists in Enalean Tuleap that stems from a lack of CSRF protection and could lead to the creation...

PT-2025-49499

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The encryption algorithms within the kernel’s virt/coco/sev-guest component directly read from and write to shared unencrypted memory. This practice could potentially expose information...

Linux Distros Unpatched Vulnerability : CVE-2025-40302

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: videobuf2: forbid removebufs when legacy fileio is active vb2ioctlremovebufs call manipulates queue internal buffer list, potentially overwriting some...

EUVD-2025-201575

In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free in tipcmonreinitself. syzbot reported use-after-free of tipcnetnet-monitors in tipcmonreinitself. 0 The array is protected by RTNL, but tipcmonreinitself iterates over it without RTNL. tipcmonreinitself i...

CVE-2025-66629

HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.4, some of HedgeDoc's OAuth2 endpoints for social login providers such as Google, GitHub, GitLab, Facebook or Dropbox lack CSRF protection, since they don't send a state parameter and verify the respon...

AZL-71662 CVE-2025-40289 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM Otherwise accessing them can cause a crash...

DEBIAN-CVE-2025-40280

In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free in tipcmonreinitself. syzbot reported use-after-free of tipcnetnet-monitors in tipcmonreinitself. 0 The array is protected by RTNL, but tipcmonreinitself iterates over it without RTNL. tipcmonreinitself i...

UBUNTU-CVE-2025-40280

In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free in tipcmonreinitself. syzbot reported use-after-free of tipcnetnet-monitors in tipcmonreinitself. 0 The array is protected by RTNL, but tipcmonreinitself iterates over it without RTNL. tipcmonreinitself i...

Web Technologies Security in the AI Era: A Survey of CDN-Enhanced Defenses

The modern web stack, which is dominated by browser-based applications and API-first backends, now operates under an adversarial equilibrium where automated, AI-assisted attacks evolve continuously. Content Delivery Networks CDNs and edge computing place programmable defenses closest to users and...

CVE-2025-66414

MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. Prior to 1.24.0, The Model Context Protocol MCP TypeScript SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without...

CVE-2025-63363

A lack of Management Frame Protection in Waveshare RS232/485 TO WIFI ETH B Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2.1: Webpage V7.04T.07.002880.0301 allows attackers to execute de-authentication attacks, allowing crafted deauthentication and disassociation frames to be broadca...

CVE-2025-63363

A lack of Management Frame Protection in Waveshare RS232/485 TO WIFI ETH B Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2.1: Webpage V7.04T.07.002880.0301 allows attackers to execute de-authentication attacks, allowing crafted deauthentication and disassociation frames to be broadca...

CVE-2025-63363

A lack of Management Frame Protection in Waveshare RS232/485 TO WIFI ETH B Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2.1: Webpage V7.04T.07.002880.0301 allows attackers to execute de-authentication attacks, allowing crafted deauthentication and disassociation frames to be broadca...

CVE-2025-40257

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix a race in mptcppmdeladdtimer mptcppmdeladdtimer can call skstoptimersyncsk, &entry-addtimer while another might have free entry already, as reported by syzbot. Add RCU protection to fix this issue. Also change confusin...