CVE-2025-62000

BullWall Ransomware Containment may not always detect an encrypted file. This issue affects a specific file inspection method that evaluates file content based on header bytes. An authenticated attacker could encrypt files, preserving the first four bytes and preventing this particular method fro...

cpython: python: CPython DecodeError Handling Vulnerability

A vulnerability has been identified in CPython's bytes.decode function when used with the "unicodeescape" encoding and the "ignore" or "replace" error handling modes. This flaw can result in the incorrect decoding of byte strings. While this may not directly lead to traditional security breaches...

PT-2025-52338

Name of the Vulnerable Software and Affected Versions BullWall Ransomware Containment versions 4.6.0.0 through 4.6.1.4 Description BullWall Ransomware Containment does not fully inspect files to identify ransomware. An attacker with valid credentials can bypass detection by encrypting a file whil...

CVE-2025-67873

Capstone CVE-2025-67873 affects the disassembly framework in 6.0.0-Alpha5 and earlier. A missing bounds check on a user-provided skipdata callback allows memcpy beyond 24 bytes into cs_insn.bytes, causing a heap buffer overflow in the disassembly path. The exploit path and impact are described in...

SUSE CVE-2025-68250

In the Linux kernel, the following vulnerability has been resolved: hungtask: fix warnings caused by unaligned lock pointers The blocker tracking mechanism assumes that lock pointers are at least 4-byte aligned to use their lower bits for type encoding. However, as reported by Eero Tamminen, some...

GO-2025-4173 Eclipse Paho Go MQTT may incorrectly encode strings if length exceeds 65535 bytes in github.com/eclipse/paho.mqtt.golang

Eclipse Paho Go MQTT may incorrectly encode strings if length exceeds 65535 bytes in github.com/eclipse/paho.mqtt.golang...

CVE-2023-53879 NVClient 5.0 Stack Buffer Overflow Vulnerability via User Configuration

NVClient 5.0 contains a stack buffer overflow vulnerability in the user configuration contact field that allows attackers to crash the application. Attackers can overwrite 846 bytes of memory by pasting a crafted payload into the contact box, causing a denial of service condition...

CVE-2023-53879

CVE-2023-53879 affects NVClient 5.0. A stack buffer overflow in the user configuration contact field allows an attacker to overwrite 846 bytes, causing a denial of service by crashing the application. Connected sources confirm the issue and describe the vulnerability consistently; no remediation ...

CVE-2024-58313

CVE-2024-58313 affects xbtitFM 4.1.18 and describes an insecure file upload in the file_hosting feature. The root cause is a bypass of file-type checks through Content-Type header manipulation (image/gif), GIF89a bytes, and alternate PHP tags, enabling authenticated attackers with administrative ...

CVE-2024-58313 xbtitFM 4.1.18 Insecure File Upload in file_hosting Feature

xbtitFM 4.1.18 contains an insecure file upload vulnerability that allows authenticated attackers with administrative privileges to upload and execute arbitrary PHP code through the filehosting feature. Attackers can bypass file type restrictions by modifying the Content-Type header to image/gif,...

CVE-2024-58313 xbtitFM 4.1.18 Insecure File Upload in file_hosting Feature

xbtitFM 4.1.18 contains an insecure file upload vulnerability that allows authenticated attackers with administrative privileges to upload and execute arbitrary PHP code through the filehosting feature. Attackers can bypass file type restrictions by modifying the Content-Type header to image/gif,...

PT-2025-50764

Name of the Vulnerable Software and Affected Versions xbtitFM version 4.1.18 Description The software contains an insecure file upload issue. Authenticated attackers with administrative privileges can upload and execute arbitrary PHP code through the file hosting feature. File type restrictions c...

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-991175)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991175 advisory. In the Linux kernel, the following vulnerability has been resolved: um: Fix out-of-bounds read in LDT setup syscallstubdata expects the datacount parameter to be the...

DEBIAN-CVE-2023-53778

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Clean up integer overflow checking in mapuserpages The encodedma function has some validation on intrans-size but it would be more clear to move those checks to findandmapuserpages. The encodedma had two checks: if...

CVE-2023-53778 accel/qaic: Clean up integer overflow checking in map_user_pages()

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Clean up integer overflow checking in mapuserpages The encodedma function has some validation on intrans-size but it would be more clear to move those checks to findandmapuserpages. The encodedma had two checks: if...

PT-2025-49638

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the accel/qaic component related to integer overflow checking within the map user pages function. The encode dma function previously had validation on...

CVE-2025-14261

The Litmus platform uses JWT for authentication and authorization, but the secret being used for signing the JWT is only 6 bytes long at its core, which makes it extremely easy to crack...

PT-2025-49585

Name of the Vulnerable Software and Affected Versions Litmus Platform affected versions not specified Description The Litmus platform utilizes JWT for authentication and authorization; however, the JWT signing secret key is only 6 bytes in length, making it susceptible to cracking. This allows fo...

Envoy's TLS certificate matcher for `match_typed_subject_alt_names` may incorrectly treat certificates containing an embedded null byte

Summary Envoy’s mTLS certificate matcher for matchtypedsubjectaltnames may incorrectly treat certificates containing an embedded null byte \0 inside an OTHERNAME SAN value as valid matches. Details This occurs when the SAN is encoded as a BMPSTRING or UNIVERSALSTRING, and its UTF-8 conversion...

util-linux 缓冲区错误漏洞

util-linux is an open source package for util-linux. A buffer error vulnerability exists in util-linux that stems from an over-read of the heap buffer when processing a 256-byte username, which could lead to security issues with the SUID login tool...