OSV-2025-275 UNKNOWN READ in void std::__1::vector<unsigned char, std::__1::allocator<unsigned char>>::__cons

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=410115359 Crash type: UNKNOWN READ Crash state: void std::1::vector::cons Poco::Net::NTLMCredentials::parseChallengeMessage Poco::Net::HTTPNTLMCredentials::createNTLMMessage...

The vulnerability of the mptcp_established_options_add_addr function in the Linux operating system’s kernel allows a hacker to cause a service failure.

The vulnerability of the mptcpestablishedoptionsaddaddr function in the Linux kernel involves the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...

openSUSE Security Advisory (SUSE-SU-2025:1201-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-30659

An Improper Handling of Length Parameter Inconsistency vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. When a device configured for Secure Vector Routing SVR receives a...

CLSA-2024-1709548308 openssl: Fix of CVE-2023-5363

CVE-2023-5363: process key length and iv length early if present...

CVE-2025-2575

The Z Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to...

UBUNTU-CVE-2025-32807

A path traversal vulnerability in FusionDirectory before 1.5 allows remote attackers to read arbitrary files on the host that end with .png and .svg or .xpm for some configurations via the icon parameter of a GET request to geticon.php...

WordPress plugin WP Project Manager 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin Z Companion 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2025-1347)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for openjpeg2 (EulerOS-SA-2025-1365)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2025-1346)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for elfutils (EulerOS-SA-2025-1351)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

HedgeDoc 跨站脚本漏洞

HedgeDoc is a Javascript-based real-time editing and sharing platform for Markdown documents from the HedgeDoc team. A cross-site scripting vulnerability exists in HedgeDoc versions prior to 1.10.3, which stems from a malicious SVG file that could lead to a cross-site scripting attack...

CVE-2025-30659

An Improper Handling of Length Parameter Inconsistency vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. When a device configured for Secure Vector Routing SVR receives a...

CVE-2025-30659

An Improper Handling of Length Parameter Inconsistency vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. When a device configured for Secure Vector Routing SVR receives a...

CVE-2025-30659 Junos OS: SRX Series: A device configured for vector routing crashes when receiving malformed traffic

An Improper Handling of Length Parameter Inconsistency vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. When a device configured for Secure Vector Routing SVR receives a...

CVE-2025-30659

CVE-2025-30659 concerns Juniper Networks Junos OS on SRX Series, where an Improper Handling of Length Parameter Inconsistency in the Packet Forwarding Engine (PFE) can be triggered by a specially malformed SVR (Secure Vector Routing) packet. An unauthenticated, network-based attacker can cause th...

CVE-2025-30659 Junos OS: SRX Series: A device configured for vector routing crashes when receiving malformed traffic

An Improper Handling of Length Parameter Inconsistency vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. When a device configured for Secure Vector Routing SVR receives a...

CVE-2025-29189

Flowise = 2.2.3 is vulnerable to SQL Injection. via tableName parameter at PostgresVectorStores...