350 matches found
CVE-2025-64332
Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a stack overflow that causes Suricata to crash can occur if SWF decompression is enabled. This issue has been patched in version...
EUVD-2025-199776
Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64data. This issue has been patched in...
CVE-2025-64335
Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64data. This issue has been patched in...
CVE-2025-64334 Suricata is vulnerable to unbounded memory growth for decompression
Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In versions from 8.0.0 to before 8.0.2, compressed HTTP data can lead to unbounded memory growth during decompression. This issue has been patched in version 8.0.2....
Linux Distros Unpatched Vulnerability : CVE-2025-59148
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Versions 8.0.0 and below...
EUVD-2020-3425
Malware in sbrugna...
EUVD-2025-27483
Malicious code in bioql PyPI...
SUSE CVE-2025-59148
Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Versions 8.0.0 and below incorrectly handle the entropy keyword when not anchored to a "sticky" buffer, which can lead to a segmentation fault. This issue is fixed ...
CVE-2025-59150
CVE-2025-59150 affects Suricata 8.0.0, where using the tls.subjectaltname keyword can cause a segmentation fault if the decoded subjectaltname contains a NULL byte. The issue is fixed in 8.0.1; a workaround is to disable rules using the tls.subjectaltname keyword. The NVD/NASL/Nessus entries corr...
Linux Distros Unpatched Vulnerability : CVE-2025-47291
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - containerd is an open-source container runtime. A bug was found in the containerd's CRI implementation where containerd, starting in version 2.0.1 and prior to...
CVE-2025-54791
CVE-2025-54791 concerns OMERO.web prior to 5.29.2, where an error during the Forgot Password flow could disclose user information in the web page. The issue is mitigated by upgrading to version 5.29.2 or higher. As a workaround, disabling the Forgot Password option via the omero.web.show_forgot_p...
Linux Distros Unpatched Vulnerability : CVE-2025-53537
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LibHTP is a security-aware parser for the HTTP protocol and its related bits and pieces. In versions 0.5.50 and below, there is a traffic-induced memory leak th...
PT-2025-25795
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version Description A vulnerability in the Linux kernel has been resolved. The issue is related to MACsec offload for uplink representor profiles. MACsec offload is not supported in switchdev mode for...
CVE-2025-49013 WilderForge vulnerable to code Injection via GitHub Actions Workflows
WilderForge is a Wildermyth coremodding API. A critical vulnerability has been identified in multiple projects across the WilderForge organization. The issue arises from unsafe usage of $ github.event.review.body and other user controlled variables directly inside shell script contexts in GitHub...
PT-2025-22165
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version Description A slab-use-after-free issue has been identified in the Linux kernel's HDCP code. The vulnerability occurs when the HDCP code copies pointers to amdgpu dm connector objects without...
SUSE CVE-2025-32433
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution RCE. By exploiting a flaw in SSH protocol message handling, a malicious actor...
PT-2025-17213 · Tenda · Tenda Ac10
Name of the Vulnerable Software and Affected Versions: Tenda AC10 version V4.0si V16.03.10.20 Description: The issue is related to a Buffer Overflow in AdvSetMacMtuWan via wanMTU2. This allows for potential exploitation. No information is provided about the estimated number of potentially affecte...
PT-2025-16380 · Tenda · Tenda Ac10
Name of the Vulnerable Software and Affected Versions: Tenda AC10 version V4.0si V16.03.10.20 Description: The issue concerns a Buffer Overflow in the AdvSetMacMtuWan function via the mac2 variable. Recommendations: For Tenda AC10 version V4.0si V16.03.10.20, as a temporary workaround, consider...
PT-2025-15283 · Libbpf +1 · Libbpf +1
Name of the Vulnerable Software and Affected Versions: libbpf version 1.5.0 Description: The issue is a buffer overflow vulnerability that allows a local attacker to execute arbitrary code via the bpf object init prog function of libbpf. Recommendations: For libbpf version 1.5.0, as a temporary...
PT-2025-14838 · Unknown · React-Draft-Wysiwyg
Name of the Vulnerable Software and Affected Versions: react-draft-wysiwyg versions 3.1 and earlier Description: The issue is related to Cross-site Scripting XSS via the Embedded button, which results in saving the payload in the iframe tag. This allows attackers to exploit the vulnerability...