CVE-2025-26419

In initPhoneSwitch of SystemSettingsFragment.java, there is a possible FRP bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

defusedxml

This is a Python library called defusedxml, which is designed to prevent XML bomb denial of service DoS vulnerabilities. The library provides a facade for the standard library's xml.etree.ElementTree module, which is vulnerable to XML bombs. The defusedxml library defuses XML bombs by preventing...

hfs: fix general protection fault in hfs_find_init()

...

CVE-2025-7040

The Wordfence Vulnerability (CVE-2025-7040) affects the Cloud SAML SSO plugin for WordPress up to version 1.0.19. The issue is a missing capability check on the set_organization_settings action inside csso_handle_actions(), allowing unauthenticated attackers to submit POST data that is passed dir...

defusedxml

This is a Python library called defusedxml, which is designed to prevent XML bomb denial of service DoS vulnerabilities. The library provides a facade for the xml.etree.ElementTree module, which is a built-in Python module for parsing and creating XML documents. The library is maintained by...

PT-2025-36356

Name of the Vulnerable Software and Affected Versions: Cloud SAML SSO plugin for WordPress versions up to and including 1.0.19 Description: The Cloud SAML SSO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the set organization settings...

Linux Distros Unpatched Vulnerability : CVE-2025-39675

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amd/display: Add null pointer check in modhdcphdcp1createsession The function modhdcphdcp1createsession calls the function getfirstactivedisplay, but does n...

SUSE CVE-2025-39715

In the Linux kernel, the following vulnerability has been resolved: parisc: Revise gateway LWS calls to probe user read access We use load and stbys,e instructions to trigger memory reference interruptions without writing to memory. Because of the way read access support is implemented, read acce...

CVE-2025-39724

In the Linux kernel, the following vulnerability has been resolved: serial: 8250: fix panic due to PSLVERR When the PSLVERRRESPEN parameter is set to 1, the device generates an error response if an attempt is made to read an empty RBR Receive Buffer Register while the FIFO is enabled. In...

CVE-2025-9709

On-Chip Debug and Test Interface With Improper Access Control and Improper Protection against Electromagnetic Fault Injection EM-FI in Nordic Semiconductor nRF52810 allow attacker to perform EM Fault Injection and bypass APPROTECT at runtime, requiring the least amount of modification to the...

DEBIAN-CVE-2025-39716

In the Linux kernel, the following vulnerability has been resolved: parisc: Revise getuser to probe user read access Because of the way read access support is implemented, read access interruptions are only triggered at privilege levels 2 and 3. The kernel executes at privilege level 0, so getuse...

CVE-2025-39715

In the Linux kernel, the following vulnerability has been resolved: parisc: Revise gateway LWS calls to probe user read access We use load and stbys,e instructions to trigger memory reference interruptions without writing to memory. Because of the way read access support is implemented, read acce...

CVE-2025-39690

In the Linux kernel, the following vulnerability has been resolved: iio: accel: sca3300: fix uninitialized iio scan data Fix potential leak of uninitialized stack data to userspace by ensuring that the channels array is zeroed before use...

UBUNTU-CVE-2025-39715

In the Linux kernel, the following vulnerability has been resolved: parisc: Revise gateway LWS calls to probe user read access We use load and stbys,e instructions to trigger memory reference interruptions without writing to memory. Because of the way read access support is implemented, read acce...

CVE-2025-9709

CVE-2025-9709 concerns the Nordic Semiconductor nRF52810, where the On-Chip Debug and Test Interface has improper access control and insufficient protection against electromagnetic fault injection (EM-FI). Reports describe that an attacker can perform EM fault injection to bypass the built-in APP...

CVE-2025-58607

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GDPR Info Cookie Notice & Consent Banner for GDPR & CCPA Compliance cookie-notice-and-consent-banner allows Stored XSS.This issue affects Cookie Notice & Consent Banner for GDPR & CCPA Compliance:...

Your AI Strategy Is Only as Strong as Your DNS

...

PT-2025-36298

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.17.0-rc1+ 102 Description: A stack buffer overflow issue exists in the send ipi data function within the Linux kernel, specifically related to the LoongArch architecture and KVM functionality. The kvm io bus...

Nordic Semiconductor nRF52810 安全漏洞

The Nordic Semiconductor nRF52810 is a chip from Nordic Semiconductor, Norway. A security vulnerability exists in the Nordic Semiconductor nRF52810 that stems from improper access control and insufficient protection against electromagnetic fault injection, which could lead to bypassing APPROTECT...

Roo Code 安全漏洞

Roo Code is an AI-based autonomous coding agent from Roo Code. A security vulnerability exists in Roo Code version 3.25.23 and earlier, which stems from inadequate configuration file protection and could lead to arbitrary code execution...