CVE-2025-5915 Libarchive: heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c

A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber LZSS window. This means the library may attempt to read beyond the allocated memory buffer, which can...

CVE-2025-30202

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.5.2 and prior to 0.8.5 are vulnerable to denial of service and data exposure via ZeroMQ on multi-node vLLM deployment. In a multi-node vLLM deployment, vLLM uses ZeroMQ for some multi-no...

CVE-2025-30202 Data exposure via ZeroMQ on multi-node vLLM deployment

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.5.2 and prior to 0.8.5 are vulnerable to denial of service and data exposure via ZeroMQ on multi-node vLLM deployment. In a multi-node vLLM deployment, vLLM uses ZeroMQ for some multi-no...

The vulnerability of the /usr/ucb/ps component of the Solaris operating system, which allows a hacker to access confidential information

The vulnerability of the /usr/ucb/ps component of the Solaris operating system is related to insufficient protection for service data. Exploiting this vulnerability can allow an attacker to access confidential information...

PT-2024-7212 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 16.6 through 17.2.9 GitLab EE versions 17.3 through 17.3.5 GitLab EE versions 17.4 through 17.4.2 Description: An issue has been discovered in GitLab EE, allowing an unauthenticated attacker to determine the GitLab version...

PT-2024-5614 · Provision Isr +2 · Sh-8100A-2L +5

Name of the Vulnerable Software and Affected Versions: TVT DVR TD-2104TS-CL affected versions not specified DVR TD-2108TS-HP affected versions not specified Provision-ISR DVR SH-4050A5-5LMM affected versions not specified AVISION DVR AV108T affected versions not specified TD-2116TE-HP affected...

The vulnerability of the Notes component in operating systems iPadOS and iOS, which allows a hacker to disclose sensitive information

The vulnerability of the Notes component in iPadOS and iOS operating systems is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information...

The vulnerability of the urllib3 module in the Python programming language lies in the lack of protection for service data, which allows attackers to exploit the exposed information.

The vulnerability of the urllib3 module in the Python programming language is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information that should be protected...

The vulnerability of the svpn_html/loadfile.php component of the Sangfor NAF firewall tool, which allows a hacker to disclose protected information

The vulnerability of the svpnhtml/loadfile.php component of the Sangfor NAF firewall lies in the lack of protection for service data. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...

The vulnerability of the Cryptographic Services in the Windows operating system allows a perpetrator to disclose protected information.

The vulnerability of the Cryptographic Services in the Windows operating system is related to the lack of protection for service-related data. Exploiting this vulnerability could allow a perpetrator to disclose the protected information...

The vulnerability in the web interface of the Aruba Networks ClearPass Policy Manager allows a perpetrator to disclose protected information and enhance their privileges.

The vulnerability of the web interface of the Aruba Networks ClearPass Policy Manager relates to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor to disclose protected information and enhance their privileges...

PT-2022-6871 · Ibm · Ibm Cognos Analytics

Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.1.7 through 11.2.1 Description: The issue is related to a lack of protection for service data in IBM Cognos Analytics, which could allow a low-level user to obtain sensitive information from the details of the...

Authorization

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization checks on multiple API functions. An attacker may gain access to these functions and achieve remote code execution...

The vulnerability of the Microsoft Quantum Development Kit for Visual Studio Code, related to the lack of data protection for service data, allows a hacker to execute arbitrary code.

The vulnerability of the Microsoft Quantum Development Kit for Visual Studio Code, which is used for developing and optimizing quantum computing applications, relates to the lack of protection for application data. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

The vulnerability of the Global Protect Agent’s endpoint protection software lies in the lack of protection for service data, which allows attackers to read VPN cookie information.

The vulnerability of the reporting component of the Global Protect Agent for Linux software lies in the lack of protection for service data. Exploiting this vulnerability could allow attackers to read VPN cookie information...

The vulnerability of the EHCI controller in VMware ESXi, VMware Workstation, and VMware Fusion allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the EHCI controller in VMware ESXi, VMware Workstation, and VMware Fusion lies in the lack of protection for service data. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...

The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to exploit it to disclose protected information.

The vulnerability of the Core component of the Oracle VM VirtualBox software lies in the lack of protection for service data. Exploiting this vulnerability can allow an attacker to disclose protected information...

The vulnerability of the win32k component of the Windows operating system, which allows a hacker to disclose protected information

The vulnerability of the win32k component in the Windows operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker to disclose the protected information...

The vulnerability of D-Link’s microprogrammed software-based router web interfaces, related to the lack of protection for service data, allows attackers to disclose the protected information.

The vulnerability of the web interface of D-Link microprogramming software routers is related to the lack of protection for operational data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose the protected information...

The vulnerability of the Safari browser, which allows a hacker to gain access to cryptographic keys

The vulnerability of the Safari Login AutoFill component in the Safari browser is related to the lack of protection for service data. Exploiting this vulnerability could allow a local attacker to obtain access to cryptographic keys using uncertain vectors...