CVE-2024-6030 Tesla Model S oFono Unnecessary Privileges Sandbox Escape Vulnerability

Tesla Model S oFono Unnecessary Privileges Sandbox Escape Vulnerability. This vulnerability allows local attackers to escape the sandbox on affected Tesla Model S vehicles. An attacker must first obtain the ability to execute code within the sandbox on the target system in order to exploit this...

PT-2025-18326 · Tesla · Tesla Model S Iris Modem

Name of the Vulnerable Software and Affected Versions: Tesla Model S Iris Modem affected versions not specified Description: This issue allows local attackers to execute arbitrary code on affected Tesla Model S vehicles. The flaw exists within the ql atfwd process due to the lack of proper...

The vulnerability of the octeontx2-pf component in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the octeontx2-pf component in the Linux operating system’s kernel is related to incorrect validation of input data. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2025-46579

There is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE expressions through the interface, and when users download and open the affected file, the DDE commands can be executed...

CVE-2025-42601

The CVE-2025-42601 entry concerns Meon KYC solutions with a flaw in server-side Captcha validation in certain API endpoints. The underlying issue is insufficient validation of the Captcha parameter, enabling a remote attacker to intercept a request and remove the Captcha parameter to bypass verif...

CVE-2024-33452

An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request...

Dell ECS Information Disclosure Vulnerability

Dell ECS is an enterprise-class object storage solution from Dell Technologies. Dell ECS suffers from an information disclosure vulnerability that originates from the system failing to properly validate certificates. An attacker could exploit the vulnerability to cause an information disclosure...

CVE-2025-43972

An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context...

Fortinet FortiClient Cross-Site Scripting Vulnerability

Fortinet FortiClient is a mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. Fortinet FortiClient suffers from a cross-site scripting...

Huawei HarmonyOS Buffer Overflow Vulnerability Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a buffer overflow vulnerability that can be exploited by attackers to affect availability...

ROS-20250417-07

Exim mail server vulnerability is related to memory usage after memory is freed. Exploitation of the vulnerability could allow an attacker to escalate his privileges...

Insecure Deserialization

lmdeploy is vulnerable to Insecure Deserialization. The vulnerability is due to unsafe handling in the loadweightckpt of the file lmdeploy/lmdeploy/vl/model/utils.py of the component PT File Handler, allowing local attackers to exploit it...

Oracle MySQL 安全漏洞

Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server, which originates from a flaw in the optimizer component and can be exploited by an attacker to cause a complete denial of service...

SAP Commerce Cloud Information Disclosure Vulnerability (CNVD-2025-07505)

SAP Commerce Cloud is a set of cloud-based e-commerce platform from Germany's SAP. The product supports sales management, marketing management, order management and operations management. An information disclosure vulnerability exists in SAP Commerce Cloud, which can be exploited by an attacker t...

The vulnerability of the svcrdma component in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the svcrdma component in the Linux operating system’s kernel is related to defects in exception handling in the svcrdmaprocinit function. Exploiting this vulnerability can allow an attacker to cause a service failure...

Vulnerability of the int3400_setup_gddv() function in the drivers/thermal/intel/int340x_thermal/int3400_thermal.c module – a Linux kernel temperature control driver that allows a hacker to cause a service failure.

Vulnerability of the int3400setupgddv function in the drivers/thermal/intel/int340xthermal/int3400thermal.c module – The Linux kernel temperature control driver contains errors in its code. Exploiting this vulnerability could allow an attacker to cause system failures...

The vulnerability of the ad7780 component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the ad7780 component in the Linux operating system is related to the lack of checks for division by zero. Exploiting this vulnerability could allow an attacker to cause a service failure...

Wyse Management Suite Denial of Service Vulnerability

Wyse Management Suite is a scalable solution for managing and optimizing Wyse endpoints, including centralized management of Wyse endpoints, asset tracking and automated device discovery from Dell. A denial of service vulnerability exists in Wyse Management Suite for Dell. The vulnerability stems...

CVE-2025-29989

Dell Client Platform BIOS contains a Security Version Number Mutable to Older Versions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to BIOS upgrade denial...

The vulnerability in the driver/gpu/drm/vc4/vc4_hdmi.c kernel component of the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the drivers/gpu/drm/vc4/vc4hdmi.c kernel component in the Linux operating system is related to errors during resource release. Exploiting this vulnerability can allow an attacker to cause service failures...