37007 matches found
DEBIAN-CVE-2025-46399
A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via gengeitpspline function...
CVE-2025-46399
A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via gengeitpspline function...
CVE-2025-46399
A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via gengeitpspline function...
CVE-2025-46400
In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via readarcobject function...
CVE-2025-46400
In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via readarcobject function...
CVE-2025-46399
CVE-2025-46399 affects fig2dev (part of transfig) with a segmentation fault in genge_itp_spline, enabling local input-based disruption and potential denial of service. Related advisories confirm multiple vendors acknowledge the issue; Debian LTS reports a fix in fig2dev 1:3.2.8-3+deb11u3. Other e...
CVE-2025-46399 Xfig: transfig: fig2dev segmentation fault vulnerability
A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via gengeitpspline function...
CVE-2025-46399
A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via gengeitpspline function...
CVE-2025-32968 org.xwiki.platform:xwiki-platform-oldcore allows SQL injection in short form select requests through the script query API
XWiki is a generic wiki platform. In versions starting from 1.6-milestone-1 to before 15.10.16, 16.4.6, and 16.10.1, it is possible for a user with SCRIPT right to escape from the HQL execution context and perform a blind SQL injection to execute arbitrary SQL statements on the database backend...
The vulnerability of the CreateProject method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, allowing a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the CreateProject method in the software for managing and monitoring removed objects in telemetry and telemechanics systems, such as the TeleControl Server Basic, is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a...
The vulnerability of the UpdateGateways method in the software for managing and monitoring remote devices in telemetering and telemechanics systems allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the UpdateGateways method in the software for managing and monitoring remote devices in telemetering and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to compromise the...
The vulnerability of the UpdateUsers method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, allowing a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the UpdateUsers method in software for managing and monitoring removed objects in telemetry and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to compromise the confidentiality,...
The vulnerability of the setRebootScheCfg function in the microprogrammed routing software of TOTOLINK CA300-PoE allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the setRebootScheCfg function in TOTOLINK CA300-PoE router microprogramming systems is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability can allow an attacker, operating remotely, to compromise the confidentiality,...
The vulnerability of the UpdateOpcSettings method in the software for managing and monitoring removed objects in telemetry and telemechanics systems, allowing a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the UpdateOpcSettings method in the software for managing and monitoring removed objects in telemetry and telemechanics systems, such as the TeleControl Server Basic, is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allo...
The vulnerability of the CreateTrace method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, allowing a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the CreateTrace method in software for managing and monitoring deleted objects in telemetry and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to compromise the confidentiality,...
PT-2025-17705 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.7 through 17.9.7 GitLab CE/EE versions 17.10 through 17.10.5 GitLab CE/EE versions 17.11 through 17.11.1 Description: An issue has been discovered affecting service availability via issue preview in GitLab CE/EE. The...
Node.js Test CI Security Incident
Node.js Test CI Security Incident Update 23-April-2025 Node.js Test CI Security Incident – Full Disclosure Summary On March 21, 2025, we received a security report via HackerOne link restricted at time of writing, detailing a successful compromise of several Node.js test CI hosts. According to th...
A Security Framework for General Blockchain Layer 2 Protocols
Layer 2 L2 solutions are the cornerstone of blockchain scalability, enabling high-throughput and low-cost interactions by shifting execution off-chain while maintaining security through interactions with the underlying ledger. Despite their common goals, the principal L2 paradigms -- payment...
Huawei HarmonyOS Buffer Overflow Vulnerability
Huawei HarmonyOS is an operating system from the Chinese company Huawei. Huawei HarmonyOS suffers from a buffer overflow vulnerability, which originates in the codec module, that can be exploited by an attacker to affect availability...
Unspecified vulnerability in Huawei HarmonyOS (CNVD-2025-15527)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from a security issue that can be exploited by attackers to affect availability...