4299 matches found
Unified Framework for Qualifying Security Boundary of PUFs against Machine Learning Attacks
Physical Unclonable Functions PUFs serve as lightweight, hardware-intrinsic entropy sources widely deployed in IoT security applications. However, delay-based PUFs are vulnerable to Machine Learning Attacks MLAs, undermining their assumed unclonability. There are no valid metrics for evaluating P...
Access of Resource Using Incompatible Type ('Type Confusion')
Overview org.webjars.npm:preact is a fast 3kB alternative to React with the same modern API. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' during rendering in the vnode constructor. An attacker can inject arbitrary HTML or execute...
git-lfs: Git LFS may write to arbitrary files via crafted symlinks
A flaw was found in Git LFS. Running git lfs checkout and git lfs pull in a specially crafted repository, specifically with symbolic or hard links tracked by Git LFS and pointing to files outside the working tree or in a bare repository, can cause Git LFS to write to arbitrary file system locatio...
git-lfs: Git LFS may write to arbitrary files via crafted symlinks
A flaw was found in Git LFS. Running git lfs checkout and git lfs pull in a specially crafted repository, specifically with symbolic or hard links tracked by Git LFS and pointing to files outside the working tree or in a bare repository, can cause Git LFS to write to arbitrary file system locatio...
git-lfs: Git LFS may write to arbitrary files via crafted symlinks
A flaw was found in Git LFS. Running git lfs checkout and git lfs pull in a specially crafted repository, specifically with symbolic or hard links tracked by Git LFS and pointing to files outside the working tree or in a bare repository, can cause Git LFS to write to arbitrary file system locatio...
git-lfs: Git LFS may write to arbitrary files via crafted symlinks
A flaw was found in Git LFS. Running git lfs checkout and git lfs pull in a specially crafted repository, specifically with symbolic or hard links tracked by Git LFS and pointing to files outside the working tree or in a bare repository, can cause Git LFS to write to arbitrary file system locatio...
CVE-2026-0604
The FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.7 via the 'dirpath' parameter in the 'njt-fastdup/v1/template/directory-tree' REST API endpoint. This makes it possible for authenticated attackers,...
CVE-2026-0604
CVE-2026-0604 affects the WordPress plugin FastDup – Fastest WordPress Migration & Duplicator via a Path Traversal flaw in the REST endpoint njt-fastdup/v1/template/directory-tree. An authenticated attacker with at least Contributor+ privileges can read contents of arbitrary server directories th...
CVE-2025-67419
A Denial of Service DoS vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to exhaust the application server's resources via the "GET /images" API. The application fails to limit the height of the use-element shadow tree or the dimensions of pattern tiles during the...
SUSE CVE-2025-68758
In the Linux kernel, the following vulnerability has been resolved: backlight: led-bl: Add devlink to supplier LEDs LED Backlight is a consumer of one or multiple LED class devices, but devlink is currently unable to create correct supplier-producer links when the supplier is a class device. It...
evershop allows unauthenticated attackers to exhaust application server's resources via "GET /images" API
A Denial of Service DoS vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to exhaust the application server's resources via the "GET /images" API. The application fails to limit the height of the use-element shadow tree or the dimensions of pattern tiles during the...
CVE-2025-67419
A Denial of Service DoS vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to exhaust the application server's resources via the "GET /images" API. The application fails to limit the height of the use-element shadow tree or the dimensions of pattern tiles during the...
CVE-2025-68758
In the Linux kernel, the following vulnerability has been resolved: backlight: led-bl: Add devlink to supplier LEDs LED Backlight is a consumer of one or multiple LED class devices, but devlink is currently unable to create correct supplier-producer links when the supplier is a class device. It...
CVE-2025-68758 backlight: led-bl: Add devlink to supplier LEDs
In the Linux kernel, the following vulnerability has been resolved: backlight: led-bl: Add devlink to supplier LEDs LED Backlight is a consumer of one or multiple LED class devices, but devlink is currently unable to create correct supplier-producer links when the supplier is a class device. It...
EUVD-2026-0799
A Denial of Service DoS vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to exhaust the application server's resources via the "GET /images" API. The application fails to limit the height of the use-element shadow tree or the dimensions of pattern tiles during the...
CVE-2025-67419
A Denial of Service DoS vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to exhaust the application server's resources via the "GET /images" API. The application fails to limit the height of the use-element shadow tree or the dimensions of pattern tiles during the...
PT-2026-27747
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw where raw event callbacks could occur even for a HID device that had not been claimed, potentially causing a crash if a broken device were connected. The...
PT-2026-8132
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the unittest data add function within the Linux kernel. If of resolve phandles fails, the allocated unittest data is not freed, resulting in a memory leak. The fi...
PT-2026-27679
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A device node reference leak exists in the bq257xx reg dt parse gpio function within the regulator subsystem related to the bq257xx driver. Specifically, if the function fails to obtain ...
PT-2026-20426
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.19.0-rc5-00002-gb71e635feefc Description The Btrfs file system in the Linux kernel allows new transactions even when the file system is read-only. This behavior can lead to warnings and potential issues during...