CVE-2025-30659

An Improper Handling of Length Parameter Inconsistency vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. When a device configured for Secure Vector Routing SVR receives a...

CVE-2025-30659

CVE-2025-30659 concerns Juniper Networks Junos OS on SRX Series, where an Improper Handling of Length Parameter Inconsistency in the Packet Forwarding Engine (PFE) can be triggered by a specially malformed SVR (Secure Vector Routing) packet. An unauthenticated, network-based attacker can cause th...

CVE-2025-30659 Junos OS: SRX Series: A device configured for vector routing crashes when receiving malformed traffic

An Improper Handling of Length Parameter Inconsistency vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. When a device configured for Secure Vector Routing SVR receives a...

CVE-2025-30659 Junos OS: SRX Series: A device configured for vector routing crashes when receiving malformed traffic

An Improper Handling of Length Parameter Inconsistency vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. When a device configured for Secure Vector Routing SVR receives a...

CVE-2025-29189

Flowise = 2.2.3 is vulnerable to SQL Injection. via tableName parameter at PostgresVectorStores...

CVE-2025-3100

The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.22 due to insufficient input sanitization and output escaping...

PT-2025-15879 · Sonos · Sonos Era 300

Name of the Vulnerable Software and Affected Versions: Sonos Era 300 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. The specific flaw exists within the processing of HLS playlist data, resulti...

PT-2025-27754

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, specifically related to the arm64/fpsimd component. The issue occurs when a thread's kernel FPSIMD state is restored during a...

openSUSE Security Advisory (SUSE-SU-2025:1149-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not properly saving host FPSIMD/SVE/SME state, which could lead to a QEMU crash or ptrace ABI change...

Ubuntu: Security Advisory (USN-7419-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from an SVG parsing module exception capture failure, and can be exploited by an attacker to...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from the Chinese company Huawei. Huawei HarmonyOS suffers from a buffer overflow vulnerability that stems from a security issue in the SVG parsing module, which can be exploited by an attacker to affect availability...

SUSE: Security Advisory (SUSE-SU-2025:1125-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2025-3f77ed652b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2025-0127)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2025:1126-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress plugin AI Content Pipelines 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

GHSA-XCJ6-PQ6G-QJ4X Vite allows server.fs.deny to be bypassed with .svg or relative paths

Summary The contents of arbitrary files can be returned to the browser. Impact Only apps explicitly exposing the Vite dev server to the network using --host or server.host config option are affected. Details .svg Requests ending with .svg are loaded at this line...

CVE-2024-13708

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in versions 4.0.1 to 7.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...