CVE-2024-36320

CVE-2024-36320 describes an integer overflow in the Windows/AMD graphics driver component atihdwt6.sys that can allow a local attacker to perform out-of-bounds reads/writes, leading to potential loss of confidentiality, integrity, and availability. Connected sources corroborate a local-privilege-...

CVE-2025-48508

Improper Hardware reset flow logic in the GPU GFX Hardware IP block could allow a privileged attacker in a guest virtual machine to control reset operation potentially causing host or GPU crash or reset resulting in denial of service...

CVE-2025-15570

A vulnerability was found in ckolivas lrzip up to 0.651. This impacts the function lzmadecompressbuf of the file stream.c. Performing a manipulation results in use after free. Attacking locally is a requirement. The exploit has been made public and could be used. The project was informed of the...

CVE-2025-59386

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

CVE-2025-54147

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4...

CVE-2025-48725 QuTS hero

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: QuTS hero...

CVE-2025-58471 Qsync Central

An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of...

libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response

A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption...

Security update for python-Django

This update for python-Django fixes the following issues: CVE-2025-14550: Fixed potential denial-of-service via repeated headers when using ASGIbsc1257403 CVE-2026-1312: Fixed potential SQL injection via QuerySet.orderby and FilteredRelation bsc1257408 CVE-2026-1287: Fixed potential SQL injection...

SUSE-SU-2026:0440-1 Security update for python-Django

This update for python-Django fixes the following issues: - CVE-2025-14550: Fixed potential denial-of-service via repeated headers when using ASGIbsc1257403 - CVE-2026-1312: Fixed potential SQL injection via QuerySet.orderby and FilteredRelation bsc1257408 - CVE-2026-1287: Fixed potential SQL...

CVE-2026-1215

The MMA Call Tracking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.15. This is due to missing nonce validation when saving plugin configuration on the mmacalltrackingmenu admin page. This makes it possible for unauthenticated attackers...

CVE-2026-1809

The HTML Tag Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

CVE-2026-24328

SAP TAFAPPLAUNCHER within Business Server Pages allows unauthenticated attacker to craft malicious links that, when clicked by a victim, redirect them to attacker?controlled sites, potentially exposing or altering sensitive information in the victim�s browser. This results in a low impact on...

TRACE: Timely Retrieval and Alignment for Cybersecurity Knowledge Graph Construction and Expansion

The rapid evolution of cyber threats has highlighted significant gaps in security knowledge integration. Cybersecurity Knowledge Graphs CKGs relying on structured data inherently exhibit hysteresis, as the timely incorporation of rapidly evolving unstructured data remains limited, potentially...

CVE-2025-67135

Weak Security in the PF-50 1.2 keyfob of PGST PG107 Alarm System 1.25.05.hf allows attackers to compromise access control via a code replay attack...

CVE-2025-69873

ajv Another JSON Schema Validator before 8.18.0 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax $data reference, which is passed directly to the JavaScript RegExp constructor without...

CVE-2025-67135

Weak Security in the PF-50 1.2 keyfob of PGST PG107 Alarm System 1.25.05.hf allows attackers to compromise access control via a code replay attack...

CVE-2026-0958

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through memory or CPU exhaustion by bypassing JSON validation middleware limits...

CVE-2025-67135

CVE-2025-67135 affects PGST PG107 Alarm System 1.25.05.hf via the PF-50 1.2 keyfob. The root cause is weak security in the keyfob enabling code replay attacks that compromise access control. Exploitation is not described in the provided documents; CVSSv3.1 indicates a critical impact (AV:N/AC:L/P...

CVE-2025-67135

Weak Security in the PF-50 1.2 keyfob of PGST PG107 Alarm System 1.25.05.hf allows attackers to compromise access control via a code replay attack...