UBUNTU-CVE-2025-11931

Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt. This issue is hit specifically with a call to the function wcXChaCha20Poly1305Decrypt which is not used with TLS connections, only from direct calls from an application...

CVE-2025-13524

Improper resource release in the call termination process in AWS Wickr before version 6.62.13 on Windows, macOS and Linux may allow a call participant to continue receiving audio input from another user after they close their call window. This issue occurs under certain conditions, which require...

CVE-2025-13524

Improper resource release in the call termination process in AWS Wickr before version 6.62.13 on Windows, macOS and Linux may allow a call participant to continue receiving audio input from another user after they close their call window. This issue occurs under certain conditions, which require...

CVE-2025-13524

Improper resource release in the call termination process in AWS Wickr before version 6.62.13 on Windows, macOS and Linux may allow a call participant to continue receiving audio input from another user after they close their call window. This issue occurs under certain conditions, which require...

CVE-2025-13524

CVE-2025-13524 affects AWS Wickr, Wickr Gov, and Wickr Enterprise desktop builds prior to 6.62.13 on Windows, macOS, and Linux. The issue is improper resource release in the call termination process, which may allow a call participant to continue receiving audio input from another user after clos...

EUVD-2025-198502

Improper resource release in the call termination process in AWS Wickr before version 6.62.13 on Windows, macOS and Linux may allow a call participant to continue receiving audio input from another user after they close their call window. This issue occurs under certain conditions, which require...

Grub2: missing unregister call for normal_exit command may lead to use-after-free

...

Grub2: missing unregister call for normal commands may lead to use-after-free

...

Grub2: missing unregister call for gettext command may lead to use-after-free

...

PT-2025-47800

Name of the Vulnerable Software and Affected Versions AWS Wickr versions prior to 6.62.13 Description A flaw exists in the call termination process that may allow a call participant to continue receiving audio input from another user after closing their call window. This issue occurs in AWS Wickr...

Amazon Web Services Wickr 安全漏洞

Amazon Web Services Wickr is an end-to-end encryption service from Amazon.com, Inc. A security vulnerability exists in Amazon Web Services Wickr versions prior to 6.62.13 that stems from improper resource release during call termination, which could result in continued receipt of audio input...

EUVD-2025-198237

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to version 1.35.1, there is potential cross-site scripting on index and tree page. This issue has been patched in version 1.35.1...

CVE-2025-11265

The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'vkExUnitctaurl' and 'vkExUnitctabuttontext' parameters in all versions up to, and including, 9.112.1. This is due to a logic error in the CTA save function that reads sanitization callbacks...

CVE-2025-36463

Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to memory corruption. An...

CVE-2025-31649

A hard-coded password vulnerability exists in the ControlVault WBDI Driver functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to execute priviledged operation. An attacker can issue an api call...

CVE-2025-32089

A buffer overflow vulnerability exists in the CvManagerSBI functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to a arbitrary code execution. An attacker can issue an api call to trigger this...

CVE-2025-61664

CVE-2025-61664 (GRUB2) is a Use-After-Free in the normal module where the normal_exit command is not properly unregistered when a module is unloaded. An attacker could invoke the orphaned/normal_exit path after the module removal, causing the system to access a previously freed memory location an...

CVE-2025-61663 Grub2: missing unregister call for normal commands may lead to use-after-free

A vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service DoS risk. This flaw is a Use-after-Free issue, caused because the normal command is not properly unregistered when the module is unloaded. An attacker who can execute this comman...

CVE-2025-61663 Grub2: missing unregister call for normal commands may lead to use-after-free

A vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service DoS risk. This flaw is a Use-after-Free issue, caused because the normal command is not properly unregistered when the module is unloaded. An attacker who can execute this comman...

CVE-2025-61662

CVE-2025-61662 involves a Use-After-Free in GRUB2’s gettext module where the gettext command remains registered after unloading, enabling an attacker to invoke an orphaned command and crash grub (DoS). The Initial Description notes potential data integrity/confidentiality risks but provides no pa...