CVE-2025-1371

A vulnerability has been found in GNU elfutils 0.192 and classified as problematic. This vulnerability affects the function handledynamicsymtab of the file readelf.c of the component eu-read. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has...

PT-2025-7062 · Unknown · Luxcal Web Calendar

Name of the Vulnerable Software and Affected Versions: LuxCal Web Calendar versions prior to 5.3.3M MySQL version LuxCal Web Calendar versions prior to 5.3.3L SQLite version Description: The issue concerns an SQL injection vulnerability in the retrieve.php file. If exploited, this vulnerability m...

CVE-2025-1365

GNU elfutils 0.192 (eu-readelf) is affected; the vulnerability lives in readelf.c, function process_symtab, where manipulating the D/a argument causes a buffer overflow. Local access is required; exploitation has been disclosed. A patch is identified by git: 5e5c0394d82c53e97750fe7b18023e6f84157b...

CVE-2025-1182

A vulnerability, which was classified as critical, was found in GNU Binutils 2.43. Affected is the function bfdelfrelocsymboldeletedp of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. It is possible to launch the attack remotely. The complexity of an atta...

CVE-2025-1181

A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects the function bfdelfgcmarkrsec of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather...

CVE-2025-1181

GNU Binutils 2.43 contains a memory corruption vulnerability in ld: the function _bfd_elf_gc_mark_rsec in bfd/elflink.c is affected, enabling a remote exploit with high attack complexity as per CVSS-derived notes. The exposure is linked to memory corruption in the ld component, and a patch is ref...

CVE-2025-1152

A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The...

CVE-2025-1152 GNU Binutils ld xstrdup.c xstrdup memory leak

A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The...

CVE-2025-1149

A vulnerability was found in GNU Binutils 2.43. It has been classified as problematic. This affects the function xstrdup of the file libiberty/xmalloc.c of the component ld. The manipulation leads to memory leak. It is possible to initiate the attack remotely. The complexity of an attack is rathe...

CVE-2025-1149

CVE-2025-1149 affects GNU Binutils 2.43, specifically the xstrdup path in libiberty/xmalloc.c used by ld, causing a memory leak. The issue can be exploited remotely and is described as high attack complexity with the exploit publicly disclosed. Reports indicate fixes have been committed to the ma...

GHSA-MX2J-7CMV-353C wasmvm: Malicious smart contract can slow down block production

CWA-2025-002 Severity Medium Moderate + Likely^1 Affected versions: - wasmvm = 2.2.0, = 2.1.0, = 2.0.0, 2.0.6 - wasmvm 1.5.8 Patched versions: - wasmvm 1.5.8, 2.0.6, 2.1.5, 2.2.2 Description of the bug The vulnerability can be used to slow down block production. The attack requires a malicious...

GHSA-23QP-3C2M-XX6W wasmvm: Malicious smart contract can crash the chain

CWA-2025-001 Severity Medium Moderate + Likely^1 Affected versions: - wasmvm = 2.2.0, = 2.1.0, = 2.0.0, 2.0.6 - wasmvm 1.5.8 Patched versions: - wasmvm 1.5.8, 2.0.6, 2.1.5, 2.2.2 Description of the bug The vulnerability can be used to crash the chain. The underlying bug that causes this is presen...

PT-2025-13418 · Dell · Dell Unity

Name of the Vulnerable Software and Affected Versions: Dell Unity versions 5.4 and prior Description: The issue is related to an Improper Neutralization of Special Elements used in an OS Command, also known as an 'OS Command Injection' vulnerability. This vulnerability can be exploited by an...

CVE-2018-25106 webuidesigning NebulaX Theme Legacy.php nebula_send_to_hubspot sql injection

A vulnerability, which was classified as critical, has been found in webuidesigning NebulaX Theme up to 5.0 on WordPress. This issue affects the function nebulasendtohubspot of the file libs/Legacy/Legacy.php. The manipulation leads to sql injection. The attack may be initiated remotely. The patc...

CVE-2024-12894

CVE-2024-12894 affects TreasureHuntGame TreasureHunt up to commit 963e0e0, targeting the file TreasureHunt/acesso.php. The vulnerability arises from manipulating the input parameter usuario , enabling SQL injection . This can be exploited remotely, and the project uses a rolling release, with no ...

GHSA-2Q97-M5RC-P3GP CosmWasm VM Incorrect metering

CWA-2024-007 Severity Medium Moderate + Likely^1 Affected versions: - wasmvm = 2.1.0, = 2.0.0, = 2.1.0, = 2.0.0, query wasm libwasmvm-version. It must show 1.5...

CVE-2024-10965

Vulnerability summary (CVE-2024-10965): EMQX Neuron up to version 2.10.0 is affected by an information disclosure issue in the JSON File Handler, specifically the vulnerable function at /api/v2/schema. Exploitation is possible remotely through manipulation of this endpoint due to an unknown funct...

PT-2024-30613 · Microchip · Timeprovider 4100

Name of the Vulnerable Software and Affected Versions: Microchip TimeProvider 4100 versions 1.0 through 2.4.7 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS attacks. The...

PT-2024-7268

Name of the Vulnerable Software and Affected Versions: CPython versions prior to 3.13.0 Description: The issue is related to the 'http.cookies' standard library module in CPython. When parsing cookies that contain backslashes for quoted characters in the cookie value, the parser uses an algorithm...

PT-2024-29956 · Elliptic +1 · Elliptic +1

Name of the Vulnerable Software and Affected Versions: Elliptic package version 6.5.6 Description: The issue concerns ECDSA signature malleability due to a missing check for whether the leading bit of r and s is zero. This results in a cryptographic weakness. There is no information provided abou...