CVE-2025-50952

A null pointer dereference vulnerability has been discovered in the openjpeg library. This flaw, identified through a fuzzing tool, could allow an attacker to cause a crash in an application processing a specially crafted file. While no active exploit has been demonstrated, a successful attack...

GitHub: Sample report: Denial of service

The denial of service vulnerability was identified in the system. The vulnerability could have allowed an attacker to disrupt the availability of the system by exhausting its resources...

CVE-2025-47188

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 R6.4.0.4006, and the 6970 Conference Unit through 6.4 SP4 R6.4.0.4006 or version V1 R0.1.0, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient paramete...

DoS (Denial of Service) Third-Party Dependency in Jira Software Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 9.12.0, 10.3.0, 10.6.0, and 10.7.1 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allo...

CVE-2025-45764

A flaw was found in jsrsasign. The library uses weak encryption algorithms, potentially resulting in sensitive data being vulnerable to decryption by an attacker with local access. This weakness allows a malicious actor to compromise confidentiality without requiring authentication or user...

dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using

...

CVE-2025-3770

EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability...

DEBIAN-CVE-2025-3770

EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability...

UBUNTU-CVE-2025-3770

EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability...

CVE-2025-3770 SMM IDT Privilege Escalation Vulnerability

EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability...

The vulnerability of the default_version_is_new() function in Netgear’s JWNR2000v2 router software allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the defaultversionisnew function in Netgear’s JWNR2000v2 router software lies in the copying of buffers without checking the size of the input data when processing the host parameter. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrit...

The vulnerability of the InboundEmail module in the SuiteCRM customer relationship management system allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the InboundEmail module in the SuiteCRM customer relationship management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the...

EDK2 安全漏洞

EDK2 is a set of cross-platform firmware development environments based on UEFI and PI specifications from the Tianocore community. A security vulnerability exists in EDK2 that stems from a failure of protection mechanisms in the BIOS, which could lead to the execution of arbitrary code by a loca...

Linux Distros Unpatched Vulnerability : CVE-2025-38111

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: net/mdiobus: Fix potential out-of- bounds read/write access When using publicly available...

The vulnerability of the get_cur_lang_ver() function in Netgear’s JWNR2000v2 router software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the getcurlangver function in Netgear JWNR2000v2 router microprogramming software is related to the copying of buffers without checking the size of the input data when processing the host parameter. Exploiting this vulnerability can allow an attacker to compromise the...

CBL Mariner 2.0 Security Update: php (CVE-2025-6491)

The version of php installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-6491 advisory. - In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 when parsing XML...

CVE-2025-54645

Out-of-bounds array access issue due to insufficient data verification in the location service module. Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2025-54647

Out-of-bounds read vulnerability in the SSAP module of the NearLink protocol stack. Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2025-54648

Out-of-bounds read vulnerability in the SSAP module of the NearLink protocol stack. Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2025-54647

Out-of-bounds read vulnerability in the SSAP module of the NearLink protocol stack. Impact: Successful exploitation of this vulnerability may affect availability...