CVE-2023-54150 drm/amd: Fix an out of bounds error in BIOS parser

In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix an out of bounds error in BIOS parser The array is hardcoded to 8 in atomfirmware.h, but firmware provides a bigger one sometimes. Deferencing the larger array causes an out of bounds error. commit 4fc1ba4aa589...

UBUNTU-CVE-2023-53992

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: ocb: don't leave if not joined If there's no OCB state, don't ask the driver/mac80211 to leave, since that's just confusing. Since set/clear the chandef state, that's a simple check...

CVE-2025-64225

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in colabrio Stockie Extra stockie-extra allows Code Injection.This issue affects Stockie Extra: from n/a through = 1.2.11...

CVE-2025-12035 Bluetooth: Integer Overflow in Bluetooth Classic (BR/EDR) L2CAP

An integer overflow condition exists in Bluetooth Host stack, within the btbraclrecv routine a critical path for processing inbound BR/EDR L2CAP traffic...

PT-2025-51278

Name of the Vulnerable Software and Affected Versions Bluetooth affected versions not specified Description An integer overflow condition exists in the Bluetooth Host stack, specifically within the bt br acl recv routine. This routine is a critical path for processing inbound BR/EDR L2CAP traffic...

CVE-2025-58770

APTIOV contains a vulnerability in BIOS where a user may cause “Improper Handling of Insufficient Permissions or Privileges” by local access. Successful exploitation of this vulnerability can lead to escalation of authorization and potentially impact Integrity and Availability...

CVE-2025-14393

The Wpik WordPress Basic Ajax Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'dname' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

EUVD-2025-203009

The Wpik WordPress Basic Ajax Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'dname' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress plugin Wpik WordPress Basic Ajax Form 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Wpik WordPress Basic Ajax Form plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Wpik WordPress Basic Ajax Form versions = 1.0...

Huawei EulerOS: Security Advisory for cups (EulerOS-SA-2025-2477)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP13 : cups (EulerOS-SA-2025-2497)

According to the versions of the cups package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the AuthTyp...

EulerOS 2.0 SP11 : cups (EulerOS-SA-2025-2477)

According to the versions of the cups package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the AuthTyp...

EUVD-2025-202616

Pega Platform versions 7.1.0 through Infinity 25.1.0 are affected by a User Enumeration. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not. This only applies to deprecated...

CVE-2025-62181

Pega Platform versions 7.1.0 through Infinity 25.1.0 are affected by a User Enumeration. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not. This only applies to deprecated...

CVE-2025-62181 Pega Platform versions 7.1.0 through Infinity 25.1.0 are affected by a User Enumeration where during user authentication process, a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not.

Pega Platform versions 7.1.0 through Infinity 25.1.0 are affected by a User Enumeration. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not. This only applies to deprecated...

CVE-2025-66039

CVE-2025-66039 affects FreePBX Endpoint Manager. The vulnerability is an authentication bypass when the Webserver Authorization Mode is enabled: sending an Authorization header with an arbitrary value associates a session with the target user despite valid credentials. This can lead to unauthoriz...

Exploit for CVE-2025-54100

CVE-2026-0386 Powershell's curl uses Invoke-WebRequest u...

EUVD-2025-201661

Malicious code in solana-dexco-basic npm...

Malicious code in solana-dexco-basic (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c85fd31c83f8c435f8ac1833cf404a39af10af647c6305eab6e8ff993eadf9a The package solana-dexco-basic was found to contain malicious code. Source: ghsa-malware...