AMD StoreMI DLL Hijacking Vulnerability

AMD StoreMI is an intelligent storage management technology developed by AMD that automatically optimizes data storage locations to improve system performance by combining the benefits of solid state drives SSDs and mechanical hard drives HDDs. AMD StoreMI suffers from a DLL hijacking vulnerabili...

AMD StoreMI Default Privilege Misconfiguration Vulnerability

AMD StoreMI is an intelligent storage management technology developed by AMD that automatically optimizes the location of data storage to improve system performance by combining the benefits of solid state drives SSDs and mechanical hard drives HDDs. AMD StoreMI suffers from a default privilege...

Mageia: Security Advisory (MGASA-2025-0312)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Visual Studio Tools for Applications Elevation of Privilege (CVE-2025-29803)

In VSTA 2019 prior 16.0.35907.0 and VSTA 2022 prior to 17.0.35906.0, the software contains a vulnerability CVE-2025-29803 that could allow remote or local attackers to execute arbitrary code or escalate privileges within the host application, potentially compromising systems that rely on VSTA for...

CVE-2025-13204

npm package expr-eval is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue. Mitigation Mitigation for this issue is eithe...

CVE-2025-63434

The update mechanism in Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is insecure. The application downloads and extracts update packages containing executable code without performing a cryptographic integrity or authenticity check on their contents. An attacker who can control th...

Buffer Overflow

spdk is vulnerable to Buffer Overflow. The vulnerability is due to improper bounds handling in the NVMe-oF target component lib/nvmf, which allows an attacker to craft malicious input that can overflow buffers and potentially execute arbitrary code or cause a crash...

CVE-2025-12970 CVE-2025-12970

The extractname function in Fluent Bit indocker input plugin copies container names into a fixed size stack buffer without validating length. An attacker who can create containers or control container names, can supply a long name that overflows the buffer, leading to process crash or arbitrary...

CVE-2025-12970 CVE-2025-12970

The extractname function in Fluent Bit indocker input plugin copies container names into a fixed size stack buffer without validating length. An attacker who can create containers or control container names, can supply a long name that overflows the buffer, leading to process crash or arbitrary...

CVE-2025-63434

CVE-2025-63434 affects Xtooltech Xtool AnyScan Android Application (versions up to 4.40.40). The update mechanism downloads and extracts update packages containing executable code without cryptographic integrity or authenticity checks. If an attacker can control update metadata, they can serve a ...

PT-2025-47932

A reflected cross-site scripting XSS vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the charge parameter...

Ruijie NBR Router 安全漏洞

Ruijie NBR Router is a wireless router from Ruijie China. A security vulnerability exists in the Ruijie NBR Router that originates from an unauthenticated file upload function and could lead to arbitrary code execution...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: libtiff (UTSA-2025-990943)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990943 advisory. A flaw was found in Libtiff. This vulnerability is a write-what-where condition, triggered when the library processes a specially crafted TIFF image file. By providi...

EUVD-2025-198965

The update mechanism in Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is insecure. The application downloads and extracts update packages containing executable code without performing a cryptographic integrity or authenticity check on their contents. An attacker who can control th...

CVE-2025-63674

An issue in Blurams Lumi Security Camera A31C v23.1227.472.2926 allows local physical attackers to execute arbitrary code via overriding the bootloader on the SD card...

CVE-2025-63434

The update mechanism in Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is insecure. The application downloads and extracts update packages containing executable code without performing a cryptographic integrity or authenticity check on their contents. An attacker who can control th...

CVE-2025-63434

The update mechanism in Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is insecure. The application downloads and extracts update packages containing executable code without performing a cryptographic integrity or authenticity check on their contents. An attacker who can control th...

EUVD-2024-19529

Incorrect default permissions in AMD StoreMI™ could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution...

CVE-2024-21922

A DLL hijacking vulnerability in AMD StoreMI™ could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution...

CVE-2024-21923

Incorrect default permissions in AMD StoreMI™ could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution...