547 matches found
CVE-2025-3409
A vulnerability classified as critical has been found in Nothings stb up to f056911. This affects the function stbincludestring. The manipulation of the argument pathtoincludes leads to stack-based buffer overflow. It is possible to initiate the attack remotely. This product does not use...
CVE-2025-3029
A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability was fixed in Firefox 137, Firefox ESR 128.9, Thunderbird 137, and Thunderbird 128.9...
CVE-2025-31438
Cross-Site Request Forgery CSRF vulnerability in Benoit De Boeck WP Supersized wp-supersized allows Cross Site Request Forgery.This issue affects WP Supersized: from n/a through = 3.1.6...
CVE-2025-30839
CVE-2025-30839 – Taxi Booking Manager for WooCommerce (Ecab) has a Missing Authorization vulnerability affecting versions from n/a up to 1.2.1. The issue arises from incorrectly configured access control security levels that permit unauthorized access or actions. The connected ENISA vulnerability...
PT-2025-13289 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to an incorrect offset calculation in the Linux kernel, specifically in the erofs/zmap.c file. This miscalculation resulted in the iomap-length being set to 0,...
PT-2025-12022 · Parisneo · Lollms-Webui
Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui versions v9.9 to the latest Description: The issue allows an attacker to list arbitrary directories on a Windows system by sending a specially crafted HTTP request to the "/open file" endpoint. This enables the attacker ...
GHSA-2865-HH9G-W894 Microsoft Security Advisory CVE-2025-24070: .NET Elevation of Privilege Vulnerability
Microsoft Security Advisory CVE-2025-24070: .NET Elevation of Privilege Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 9.0, ASP.NET Core 8.0, ASP.NET Core 6.0, and ASP.NET Core 2.3. This advisory also...
CVE-2025-24055
CVE-2025-24055 is a Windows USB Video Driver vulnerability described as an out-of-bounds read that could allow an authorized attacker to disclose information with a physical attack. The CVSSv3.1 base score is 4.3 (Medium), with privileges required as Low, attack vector Physical, and impact restri...
Security Advisory 0112
Security Advisory 0112 . CSAF PDF Date: March 11, 2025 Revision | Date | Changes ---|---|--- 1.0 | March 11, 2025 | Initial release The CVE-ID tracking this issue: CVE-2024-9448 CVSSv3.1 Base Score: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Common Weakness Enumeration: CWE-284 Improper...
Debian: Security Advisory (DSA-5873-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Linux Distros Unpatched Vulnerability : CVE-2020-15658
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier...
Linux Distros Unpatched Vulnerability : CVE-2017-5433
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller whil...
GO-2025-3489 Rancher's SAML-based login via CLI can be denied by unauthenticated users in github.com/rancher/rancher
Rancher's SAML-based login via CLI can be denied by unauthenticated users in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...
CVE-2025-1857
Summary of CVE-2025-1857 (PHPGurukul Nipah Virus Testing Management System 1.0) A critical SQL injection vulnerability exists in an unspecified part of the file /check_availability.php, caused by manipulation of the employeeid argument. The issue allows remote initiation of an attack and the expl...
CVE-2025-1744
Out-of-bounds Write vulnerability in radareorg radare2 allows heap-based buffer over-read or buffer overflow.This issue affects radare2: before 5.9.9...
Security Bulletin: Vulnerability in paramiko affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2023-48795]
Summary The paramiko package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2023-48795. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH befo...
CVE-2022-49325
In the Linux kernel, the following vulnerability has been resolved: tcp: add accessors to read/set tp-sndcwnd We had various bugs over the years with code breaking the assumption that tp-sndcwnd is greater than zero. Lately, syzbot reported the WARNONONCE!tp-priorcwnd added in commit 8b8a321ff72c...
Security Advisory 0111
Security Advisory 0111 . CSAF PDF Date: February 25, 2025 Revision | Date | Changes ---|---|--- 1.0 | February 25, 2025 | Initial release The CVE-ID tracking this issue: CVE-2025-1259 CVSSv3.1 Base Score: 7.7 CVSS:3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Common Weakness Enumeration: CWE-284:...
GHSA-5FWX-P6XH-VJRH Mattermost allows reading arbitrary files related to importing boards
Mattermost versions 10.4.x = 10.4.1, 9.11.x = 9.11.7, 10.3.x = 10.3.2, 10.2.x = 10.2.2 fail to properly validate board blocks when importing boards which allows an attacker could read any arbitrary file on the system via importing and exporting a specially crafted import archive in Boards...
CVE-2024-11346
: Access of Resource Using Incompatible Type 'Type Confusion' vulnerability in Lexmark International CX, XC, CS, et. Al. Postscript interpreter modules allows Resource Injection.This issue affects CX, XC, CS, et. Al.: from 001.001:0 through 081.231, from ..P001 through ..P233, from ..P001 through...