CVE-2025-0074

In processserviceattrrsp of sdpdiscovery.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-0074

In processserviceattrrsp of sdpdiscovery.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-22411

In processserviceattrrsp of sdpdiscovery.cc, there is a possible use after free due to a logic error in the code. This could lead to remote proximal/adjacent code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-22411

CVE-2025-22411 affects the Android Bluetooth SDP discovery path: use-after-free in process_service_attr_rsp (sdp_discovery.cc) due to a logic error, enabling remote code execution with no privileges and no user interaction. Exploitation is described as proximal/adjacent (Bluetooth range). Root ca...

CVE-2025-0075

CVE-2025-0075 is a use-after-free in process_service_search_attr_req of sdp_server.cc that can lead to remote code execution with no privileges or user interaction. Affected software is the Android platform (System component in the 2025-03-01/03 bulletin) and related Android sources describe this...

CVE-2025-0075

In processservicesearchattrreq of sdpserver.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-0074

In processserviceattrrsp of sdpdiscovery.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-0074

In processserviceattrrsp of sdpdiscovery.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-45753

In Mahara 23.04.8 and 24.04.4, the external RSS feed block can cause XSS if the external feed XML has a malicious value for the link attribute...

aide: improper output neutralization enables bypassing

A flaw was found in AIDE. This flaw allows an attacker to craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and tamper with the log output. A local user may exploit this to bypass AIDE's detection of malicious files...

aide: improper output neutralization enables bypassing

A flaw was found in AIDE. This flaw allows an attacker to craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and tamper with the log output. A local user may exploit this to bypass AIDE's detection of malicious files...

Mozilla Firefox for Android Information Disclosure Vulnerability (CNVD-2025-19560)

Mozilla Firefox for Android is a web browser designed for Android devices by the US-based Mozilla Foundation. An information disclosure vulnerability exists in Mozilla Firefox for Android prior to version 141, which originates from a sandboxed iframe without the allow-downloads attribute that can...

CVE-2024-45753

In Mahara 23.04.8 and 24.04.4, the external RSS feed block can cause XSS if the external feed XML has a malicious value for the link attribute...

CVE-2024-45753

In Mahara 23.04.8 and 24.04.4, the external RSS feed block can cause XSS if the external feed XML has a malicious value for the link attribute...

CVE-2024-45753

Affected software: Mahara 23.04.8 and 24.04.4. Vulnerability: In the external RSS feed block, an external feed XML containing a malicious value for the link attribute can cause a cross-site scripting (XSS) attack. Impact (as described): Cross-site scripting due to unsafe link values in RSS feed i...

Mahara 安全漏洞

Mahara is a free open source web-based ePortfolio management system from Mahara. A security vulnerability exists in Mahara versions 23.04.8 and 24.04.4, which stems from an external RSS feed link attribute containing malicious values that could lead to a cross-site scripting attack...

aide: improper output neutralization enables bypassing

A flaw was found in AIDE. This flaw allows an attacker to craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and tamper with the log output. A local user may exploit this to bypass AIDE's detection of malicious files...

PT-2025-44136

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Linux kernel's NTFS3 subsystem related to integer overflow in the run unpack function. The run unpack function decodes compressed runlist data from MFT attributes,...

Linux Distros Unpatched Vulnerability : CVE-2015-8861

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The handlebars package before 4.0.0 for Node.js allows remote attackers to conduct cross-site scripting XSS attacks by leveraging a template with an attribute...

Linux Distros Unpatched Vulnerability : CVE-2016-5303

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition before 5.2.16 allows remote attackers...