CVE-2025-20968

Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows remote attackers to access data and perform internal operations within Samsung Gallery...

gvfs bug fix update

An update is available for gvfs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GVFS is the GNOME Desktop Virtual File System layer that allows users to easily...

CVE-2025-20968

Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows remote attackers to access data and perform internal operations within Samsung Gallery...

The vulnerability of the FTP server PMan FTP Server arises from the possibility of operations occurring outside the buffer in memory. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the PCMan FTP Server relates to the execution of operations beyond the buffer boundaries during the processing of the mdir parameter. Exploitation of this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected...

CVE-2025-31338

A missing authorization vulnerability in the retrieve teacher Information function of Wisdom Master Pro versions 5.0 through 5.2 allows remote attackers to obtain partial user data by accessing the API functionality...

CVE-2025-31338

A missing authorization vulnerability in the retrieve teacher Information function of Wisdom Master Pro versions 5.0 through 5.2 allows remote attackers to obtain partial user data by accessing the API functionality...

openjdk: Better TLS connection support (Oracle CPU 2025-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE:8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK:17.0.14, 21.0.6, 24; Oracle...

openjdk: Improve compiler transformations (Oracle CPU 2025-04)

Vulnerability in Oracle Java SE component: Compiler. Supported versions that are affected are Oracle Java SE: 21.0.6, 24; Oracle GraalVM for JDK: 21.0.6 and 24. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java...

The vulnerability of the Apache Pinot OLAP data store, related to incorrect restrictions on the path name to the restricted catalog, allows attackers to disclose protected information.

The vulnerability of the Apache Pinot OLAP data store is related to incorrect restrictions on the path name to the restricted catalog. Exploiting this vulnerability could allow an attacker, operating remotely, to expose protected information by sending a specially crafted GET request...

The vulnerability of the RabbitMQ messaging broker lies in the failure to remove script-related HTML tags from web pages, allowing attackers to compromise data integrity.

The vulnerability of the RabbitMQ messaging broker is related to the failure to remove script-related HTML tags from web pages. Exploiting this vulnerability allows an attacker to compromise data integrity remotely...

The vulnerability of the `init_imlib_fonts()` function in the Imlib image processing library allows a hacker to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the initimlibfonts function in the Imlib image processing library is related to the failure of the operation outside the buffer in memory. Exploiting this vulnerability can allow a remote attacker to gain access to confidential data, compromise its integrity, and cause servic...

The vulnerability of the Python RSA cryptographic library, which stems from the use of cryptographic algorithms with defects, allows a perpetrator to gain access to confidential data.

The vulnerability of the Python RSA cryptographic library is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability could allow a malicious actor to gain access to confidential data remotely...

The vulnerability of the WPE WebKit and WebKitGTK web page rendering modules, related to the occurrence of operations outside the buffer in memory, allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the WPE WebKit and WebKitGTK page rendering modules is related to the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability can allow a remote attacker to access confidential data, compromise its integrity, and cause service failures...

EBM Technologies EBM Maintenance Center SQL注入漏洞

EBM Technologies EBM Maintenance Center is a maintenance center platform from China-based EBM Technologies EBM Technologies. A SQL injection vulnerability exists in EBM Technologies EBM Maintenance Center versions prior to 25.04.31435, which stems from an SQL injection that could lead to a remote...

CVE-2024-53693

An improper neutralization of CRLF sequences 'CRLF Injection' vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify application data. We have already fixed the...

CVE-2024-53693

An improper neutralization of CRLF sequences 'CRLF Injection' vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify application data. We have already fixed the...

QNAP Systems QTS、QNAP Systems QuTS hero和QNAP Systems QuLog Center 代码问题漏洞

QNAP Systems QuLog Center and others are products of QNAP Systems, Inc.QNAP Systems QuLog Center is a report field that records events reported by the system.QNAP Systems QTS is an entry-level operating system.QNAP Systems QuTS hero is an operating system. Systems QuTS hero is an operating system...

Malicious code in acloud-clients (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 89813876cca364b0dffda624005d527aa3c9f54ea7ce20af8186faf8f374ba6f This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

CVE-2024-22341

IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7 could allow unauthorized data access from a remote data source object due to improper privilege management...

Ubuntu: Security Advisory (USN-7278-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...