AZL-69980 CVE-2025-59777 affecting package libmicrohttpd 0.9.76-1

NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service DoS...

UBUNTU-CVE-2025-59777

NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service DoS...

UBUNTU-CVE-2025-62689

NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service DoS...

CVE-2025-62689

NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service DoS...

CVE-2025-62689

CVE-2025-62689 affects GNU Libmicrohttpd up to version 1.0.2 (and earlier). The root cause is a NULL pointer dereference and related heap-based overflow triggered by specially crafted packets, leading to DoS. The fix was committed (ff13abc) after the v1.0.2 tag in the libmicrohttpd repository. Co...

CVE-2025-59777

NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service DoS...

CVE-2025-59777

CVE-2025-59777 affects GNU libmicrohttpd up to v1.0.2, with a NULL pointer dereference that can be triggered by a crafted network packet, leading to a DoS. The fix was applied after v1.0.2 (commit ff13abc on the master branch). Multiple connected advisories note affected SUSE/openSUSE packages an...

PT-2025-45598

NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service DoS...

PT-2025-45599

NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service DoS...

CVE-2025-63617

ktg-mes before commit a484f96 2025-07-03 has a fastjson deserialization vulnerability. This is because it uses a vulnerable version of fastjson and deserializes unsafe input data...

PT-2025-45587

Name of the Vulnerable Software and Affected Versions rymcu forest affected versions not specified Description A security flaw exists due to missing authorization. The issue affects the getAll/addDic/getAllDic/deleteDic function within the...

PT-2025-45586

A vulnerability was identified in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. This issue affects the function GlobalResult of the file src/main/java/com/rymcu/forest/web/api/bank/BankController.java. The manipulation leads to missing authorization. The attack may be initiated...

PT-2025-46192

Name of the Vulnerable Software and Affected Versions ktg-mes versions prior to commit a484f96 2025-07-03 Description The software contains a fastjson deserialization issue. This occurs due to the use of a vulnerable version of fastjson and the deserialization of untrusted input data...

CVE-2025-40108

CVE-2025-40108 concerns the Linux kernel’s serial driver for Qualcomm GenI (qcom-geni). The issue manifested as a hang of a worker task (kworker) on Qualcomm RB1/QRB2210 during normal boot when PM runtime support was enabled by commits enabling PM runtime for the serial driver. The regression was...

EUVD-2025-38273

Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 2025-09-14 allows a remote attacker to execute arbitrary code via the orderby parameter...

EUVD-2025-38285

There is an arbitrary file download vulnerability in GuoMinJim PersonManage thru commit 5a02b1ab208feacf3a34fc123c9381162afbaa95 2020-11-23 in the document query function under the Download Center menu in the PersonManage system...

CVE-2025-63686

There is an arbitrary file download vulnerability in GuoMinJim PersonManage thru commit 5a02b1ab208feacf3a34fc123c9381162afbaa95 2020-11-23 in the document query function under the Download Center menu in the PersonManage system...

CVE-2025-63689

Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 2025-09-14 allows a remote attacker to execute arbitrary code via the orderby parameter...

Chasing One-Day Vulnerabilities across Open Source Forks

Tracking vulnerabilities inherited from third-party open-source components is a well-known challenge, often addressed by tracing the threads of dependency information. However, vulnerabilities can also propagate through forking: a repository forked after the introduction of a vulnerability, but...

CVE-2025-63689

CVE-2025-63689 affects the ycf1998 money-pos system prior to commit 11f276bd20a41f089298d804e43cb1c39d041e59. Multiple SQL injection vulnerabilities exist in the orderby parameter, enabling a remote attacker to execute arbitrary code. Root cause: unsafely constructed SQL with user-controlled orde...