E-commerce 安全漏洞

E-commerce is a dynamic e-commerce website developed by Bhabishya Ghimire as an individual developer. Version 1.0.0 of E-commerce has a security vulnerability, which stems from improper handling of the getsafevalue function in the utility/function.php file. This vulnerability may lead to cross-si...

PT-2026-21249

A weakness has been identified in detronetdip E-commerce 1.0.0. This affects the function get safe value of the file utility/function.php. Executing a manipulation can lead to cross site scripting. The attack can be executed remotely. The exploit has been made available to the public and could be...

K000160077: Zlib vulnerability CVE-2026-22184

Security Advisory Description zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs wh...

TFL: Targeted Bit-Flip Attack on Large Language Model

Large language models LLMs are increasingly deployed in safety and security critical applications, raising concerns about their robustness to model parameter fault injection attacks. Recent studies have shown that bit-flip attacks BFAs, which exploit computer main memory i.e., DRAM vulnerabilitie...

CVE-2025-25210

Improper input validation for some Server Firmware Update UtilitySysFwUpdt before version 16.0.12 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation of privilege. This...

CVE-2025-22453

Improper input validation for some Server Firmware Update UtilitySysFwUpdt before version 16.0.12 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable local code execution. This...

Advisory ROSA-SA-2026-3196

Software: opensc 0.20.0 OS: ROSA Virtualization 2.1 unaffected versions = opensc-0.20.0-8.0.1.rv3 affected versions opensc-0.20.0-8.0.1.rv3 CVE-ID: CVE-2024-45615 BDU-ID: 2024-11086 CVE-Crit: LOW CVE-DESC.: A vulnerability in the pkcs15-init smart card personalization utility and the libopensc...

Advisory ROSA-SA-2026-3178

Software: opensc 0.20.0 OS: ROSA Virtualization 3.0 unaffected versions = opensc-0.20.0-8.0.1.rv30 affected versions opensc-0.20.0-8.0.1.rv30 CVE-ID: CVE-2024-45615 BDU-ID: 2024-11086 CVE-Crit: LOW CVE-DESC.: A vulnerability in the pkcs15-init smart card personalization utility and the libopensc...

Advisory ROSA-SA-2026-3158

Software: opensc 0.20.0 OS: ROSA Virtualization 3.1 unaffected versions = opensc-0.20.0-8.0.1.rv31 affected versions opensc-0.20.0-8.0.1.rv31 CVE-ID: CVE-2024-45615 BDU-ID: 2024-11086 CVE-Crit: LOW CVE-DESC.: A vulnerability in the pkcs15-init smart card personalization utility and the libopensc...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility (CVE-2025-1470, CVE-2025-1471)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 11 used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-1470 DESCRIPTION: In...

[SECURITY] Fedora 42 Update: rust-sevctl-0.6.2-6.fc42

Administrative utility for AMD SEV...

CVE-2025-35999

Incorrect permission assignment for critical resource for some System Firmware Update Utility SysFwUpdt for IntelR Server Boards and IntelR Server Systems Based before version 16.0.12. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with a privileg...

CVE-2025-35999

The CVE-2025-35999 entry concerns Intel System Firmware Update Utility (SysFwUpdt) on Intel Server Boards/Server Systems, affected before version 16.0.12. Affected component: SysFwUpdt; root cause: incorrect permission assignment for a critical resource in Ring 3. This enables a local attacker wi...

CVE-2025-25210

Improper input validation for some Server Firmware Update UtilitySysFwUpdt before version 16.0.12 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation of privilege. This...

CVE-2025-25210

Improper input validation for some Server Firmware Update UtilitySysFwUpdt before version 16.0.12 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation of privilege. This...

CVE-2025-22453

Improper input validation for some Server Firmware Update UtilitySysFwUpdt before version 16.0.12 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable local code execution. This...

[SECURITY] Fedora 43 Update: rust-sevctl-0.6.2-6.fc43

Administrative utility for AMD SEV...

Intel Server Firmware Update Utility 输入验证错误漏洞

Intel Server Firmware Update Utility is a command-line tool developed by Intel Corporation. Versions prior to Intel Server Firmware Update Utility 16.0.12 contained a vulnerability related to input validation errors. This vulnerability stemmed from improper input validation, which could lead to...

Intel® Server Board and Intel® Server System Firmware Update Utility Advisory

Summary: A potential security vulnerability in the Intel® Server System Firmware Update Utility for some Intel® Server Board may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2025-35999 Description:...

AMD Graphics Driver Vulnerabilities – February 2026

CVE Details Refer to Glossary for explanation of terms CVE| CVE Description | CVSS Score ---|---|--- CVE-2024-36324| Improper input validation in the AMD Graphics Driver could allow an attacker to supply a specially crafted pointer, potentially leading to arbitrary code execution.| 8.8 High...