CVE-2025-7546

A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfdelfsetgroupcontents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has bee...

CVE-2025-7545 GNU Binutils objcopy.c copy_section heap-based overflow

A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copysection of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the publ...

PT-2025-29381 · Campcodes · Campcodes Sales/Inventory System

Name of the Vulnerable Software and Affected Versions: Campcodes Sales and Inventory System version 1.0 Description: A critical issue exists in Campcodes Sales and Inventory System. The vulnerability is located in the file /pages/product update.php and allows for SQL injection through manipulatio...

CVE-2025-53371

DiscordNotifications is an extension for MediaWiki that sends notifications of actions in your Wiki to a Discord channel. DiscordNotifications allows sending requests via curl and filegetcontents to arbitrary URLs set via $wgDiscordIncomingWebhookUrl and $wgDiscordAdditionalIncomingWebhookUrls...

WordPress GB Forms DB plugin <= 1.0.2 - Unauthenticated Remote Code Execution vulnerability

Unauthenticated Remote Code Execution vulnerability discovered by CVEhunter in WordPress Plugin GB Forms DB versions = 1.0.2...

CVE-2025-53632 Chall-Manager's scenario decoding process does not check for zip slips

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario i.e. a zip archive, the path of the file to write is not checked, potentially leading to zip slips. Exploitation does not require authentication nor authorization, so anyone can...

ALPINE-CVE-2024-42516

HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response. This vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP...

CVE-2025-6442 affecting package ruby for versions less than 3.3.5-4

CVE-2025-6442 affecting package ruby for versions less than 3.3.5-4. A patched version of the package is available...

CVE-2025-22872 affecting package containerd2 for versions less than 2.0.0-9

CVE-2025-22872 affecting package containerd2 for versions less than 2.0.0-9. A patched version of the package is available...

CVE-2025-46836 affecting package net-tools for versions less than 2.10-4

CVE-2025-46836 affecting package net-tools for versions less than 2.10-4. A patched version of the package is available...

CVE-2023-51258 affecting package yasm for versions less than 1.3.0-16

CVE-2023-51258 affecting package yasm for versions less than 1.3.0-16. A patched version of the package is available...

CVE-2021-44964 affecting package ntopng for versions less than 5.2.1-3

CVE-2021-44964 affecting package ntopng for versions less than 5.2.1-3. A patched version of the package is available...

CVE-2024-35790 affecting package kernel for versions less than 5.15.184.1-1

CVE-2024-35790 affecting package kernel for versions less than 5.15.184.1-1. A patched version of the package is available...

CVE-2025-38348

The CVE-2025-38348 issue is in the Linux kernel wifi driver for the Intersil p54 interface. A malicious USB device could cause a buffer over-read in p54_rx_eeprom_readback() by tampering v1/v2 eeprom length fields, potentially crashing the host. A patch was applied to store the eeprom size in the...

CVE-2025-38278 octeontx2-pf: QOS: Refactor TC_HTB_LEAF_DEL_LAST callback

In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: QOS: Refactor TCHTBLEAFDELLAST callback This patch addresses below issues, 1. Active traffic on the leaf node must be stopped before its send queue is reassigned to the parent. This patch resolves the issue by marki...

PT-2025-28827

Name of the Vulnerable Software and Affected Versions: plan9port versions prior to 9da5b44 Description: A critical vulnerability exists in the edump function within the /src/plan9port/src/libsec/port/x509.c library. Manipulation of this function leads to a heap-based buffer overflow. The exploit...

apache2-mod_security2-2.9.11-1.1 on GA media (moderate)

apache2-modsecurity2-2.9.11-1.1 on GA media Announcement ID: openSUSE-SU-2025:15313-1 Rating: moderate Cross-References: CVE-2025-52891 CVSS scores: CVE-2025-52891 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-52891 SUSE : 8.2...

CVE-2025-53106

Graylog is a free and open log management platform. In versions 6.2.0 to before 6.2.4 and 6.3.0-alpha.1 to before 6.3.0-rc.2, Graylog users can gain elevated privileges by creating and using API tokens for the local Administrator or any other user for whom the malicious user knows the ID. For the...

CVE-2025-38206 exfat: fix double free in delayed_free

In the Linux kernel, the following vulnerability has been resolved: exfat: fix double free in delayedfree The double free could happen in the following path. exfatcreateupcasetable exfatcreateupcasetable : return error exfatfreeupcasetable : free -volutbl exfatloaddefaultupcasetable : return erro...

Cisco Issues Emergency Fix for Critical Root Credential Flaw in Unified CM

Cisco fixes critical root credential vulnerability in Unified CM rated CVSS 10 urging users to patch now to stop remote admin takeovers...