The vulnerability of the fslog.c component in the Linux operating system’s kernel allows a hacker to cause a service failure.

The vulnerability of the fslog.c component in the Linux operating system’s kernel is related to integer overflow. Exploiting this vulnerability can allow an attacker to cause a service failure...

Microsoft Windows Telephony Service Remote Code Execution Vulnerability (CNVD-2025-07784)

Microsoft Windows Telephony Service is based on IBinder to provide phone status and telephony services. A remote code execution vulnerability exists in Microsoft Windows Telephony Service, which can be exploited by an attacker to execute code on the target host...

CVE-2024-46671

FortiWeb contains an Incorrect User Management (CWE-286) vulnerability affecting FortiWeb versions 7.6.2 and below, 7.4.6 and below, 7.2.10 and below, and 7.0.11 and below. An authenticated attacker with at least read-only admin privileges can perform operations on the dashboard of other administ...

PT-2025-15345

Name of the Vulnerable Software and Affected Versions: libsavsac.so versions prior to SMR Apr-2025 Release 1 Description: The issue is related to an out-of-bounds read in parsing audio data, which allows local attackers to read out-of-bounds memory. This can be exploited by local attackers...

Adobe ColdFusion 路径遍历漏洞

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion suffers from a path traversal vulnerability that can be exploited by an attacker to...

Microsoft AutoUpdate for Mac 安全漏洞

Microsoft AutoUpdate for Mac is a Microsoft product auto-update application for the Mac platform from Microsoft Corporation USA. A security vulnerability exists in Microsoft AutoUpdate for Mac. An attacker can exploit the vulnerability to elevate privileges...

Google Android elevation of privilege vulnerability (CNVD-2025-11432)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability, which arises from the program incorrectly retaining setup privileges, and can be exploited by an attacker to elevate privileges without requiring addition...

Google Chrome < 135.0.7049.41 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 135.0.7049.41. It is, therefore, affected by multiple vulnerabilities as referenced in the 202504stable-channel-update-for-desktop advisory. - Inappropriate implementation in Downloads in Google Chrome prior to...

CVE-2025-3026 Improper Neutralization of Special Elements vulnerability in EJBCA

The vulnerability exists in the EJBCA service, version 8.0 Enterprise. Not tested in higher versions. By modifying the ‘Host’ header in an HTTP request, it is possible to manipulate the generated links and thus redirect the client to a different base URL. In this way, an attacker could insert his...

The vulnerability of the sql_tree_hash_1 component in the Virtuoso-OpenSource web application development platform allows a attacker to trigger a service failure.

The vulnerability of the sqltreehash1 component in the Virtuoso-opensource web application development platform is related to improper elimination of special elements used in SQL commands. Exploiting this vulnerability can allow an attacker to cause service interruptions by sending specially...

The vulnerability in the kernel/workqueue.c module of the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the kernel/workqueue.c module in the Linux operating system is related to insufficient resource locking. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2024-45361 Mi Connect Service APP protocol flaws lead to leaking sensitive user information

A protocol flaw vulnerability exists in the Xiaomi Mi Connect Service APP. The vulnerability is caused by the validation logic is flawed and can be exploited by attackers to leak sensitive user information...

The vulnerability of the kernel component of the Linux operating system, which allows a hacker to cause a service failure

The vulnerability of the kernel component of the Linux operating system is related to the state of data race conditions. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the mptcp component in Linux kernel, which allows a hacker to cause a service failure

The vulnerability of the mptcp component in Linux operating systems is related to zero-division errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

ChuanhuChatGPT Denial of Service Vulnerability (CNVD-2025-06188)

ChuanhuChatGPT is an application that provides a lightweight and easy-to-use web GUI and many additional features for a wide range of LLMs such as ChatGPT. ChuanhuChatGPT suffers from a denial of service vulnerability that stems from the use of an insecure regular expression. An attacker can...

The vulnerability of the f2fs component of the Linux operating system’s kernel, which allows a hacker to cause a service failure

The vulnerability of the f2fs component of the Linux operating system’s kernel is related to improper blocking in the function. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the secretmem component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the secretmem component in the Linux operating system’s kernel is related to memory corruption. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the ext4_xattr_block_cache_find() function in the ext4 component of the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the ext4xattrblockcachefind function in the ext4 component of the Linux operating system is related to a memory overflow issue. Exploiting this vulnerability could allow an attacker to cause a service failure...

CVE-2024-10948

A vulnerability in the upload function of binary-husky/gptacademic allows any user to read arbitrary files on the system, including sensitive files such as config.py. This issue affects the latest version of the product. An attacker can exploit this vulnerability by intercepting the websocket...

GHSA-C7FQ-P62P-WVPC Open WebUI Has Improper Access Control Leading to Arbitrary Prompt Read

In version v0.3.8 of open-webui/open-webui, improper access control vulnerabilities allow an attacker to view any prompts. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the /api/v1/prompts/ interface to retrieve all prompt...