13562 matches found
CVE-2025-64117
CVE-2025-64117 affects Tuleap, where both Community Edition (pre-16.13.99.1761813675) and Enterprise Edition (pre-16.13-5 and pre-16.12-8) lack cross-site request forgery (CSRF) protection in SVN commit rules and immutable tags management. The root cause is missing CSRF protection in the affected...
Malicious code in commitizen-ursa-figures-winston (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36d2b2b10f8fe2f0581eb6d7fbf66437e6265cf09e3d3bd6f0e3e5ac26422761 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
PT-2025-46689
Name of the Vulnerable Software and Affected Versions airpig2011 IEC104 versions through Commit be6d841 2019-07-08 Description A heap-use-after-free issue exists in the software. During multi-threaded client execution, the Iec10x Scheduled function can access already freed memory, potentially...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990836)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990836 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check for toppipetoprogram in commitplanesforstream This commit address...
PT-2025-46724
Name of the Vulnerable Software and Affected Versions Tuleap Community Edition versions prior to 16.13.99.1762267347 Tuleap Enterprise Edition versions prior to 17.01 Tuleap Enterprise Edition versions prior to 16.13-6 Tuleap Enterprise Edition versions prior to 16.12-9 Description Tuleap is an...
IEC104 安全漏洞
IEC104 is an international standard of the International Electrotechnical Commission IEC standards organization widely used in the electric power, urban rail transit, and other industries. A security vulnerability exists in IEC104 Commit be6d841 and prior versions, which stems from the possibilit...
PT-2025-46700
Name of the Vulnerable Software and Affected Versions Tuleap Community Edition versions prior to 16.13.99.1761813675 Tuleap Enterprise Edition versions prior to 16.13-5 and 16.12-8 Description Tuleap lacks cross-site request forgery CSRF protection in the management of Subversion SVN commit rules...
airpig2011 IEC104 安全漏洞
airpig2011 IEC104 is a protocol used for power system automation communication by the individual developer dj chen in China. A security vulnerability exists in airpig2011 IEC104 Commit be6d841 and prior versions, which originates from a post-release reuse during multi-threaded execution that coul...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990845)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990845 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix idatasem unlock order in ext4indmigrate Fuzzing reports a possible deadlock in...
kernel: perf/x86/intel: Fix crash in icl_update_topdown_event()
In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Fix crash in iclupdatetopdownevent The perffuzzer found a hard-lockup crash on a RaptorLake machine: Oops: general protection fault, maybe for address 0xffff89aeceab400: 0000 CPU: 23 UID: 0 PID: 0 Comm: swapper/23...
SUSE CVE-2025-59777
NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service DoS...
SUSE CVE-2025-62689
NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service DoS...
EUVD-2025-50782
ktg-mes before commit a484f96 2025-07-03 has a fastjson deserialization vulnerability. This is because it uses a vulnerable version of fastjson and deserializes unsafe input data...
CVE-2025-63617
ktg-mes before commit a484f96 2025-07-03 has a fastjson deserialization vulnerability. This is because it uses a vulnerable version of fastjson and deserializes unsafe input data...
CVE-2025-63617
ktg-mes before commit a484f96 2025-07-03 has a fastjson deserialization vulnerability. This is because it uses a vulnerable version of fastjson and deserializes unsafe input data...
AZL-70049 CVE-2025-62689 affecting package libmicrohttpd for versions less than 0.9.77-4
NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service DoS...
CVE-2025-62689
NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service DoS...
CVE-2025-62689
NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service DoS...
AZL-69983 CVE-2025-62689 affecting package libmicrohttpd 0.9.76-1
NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service DoS...
AZL-69980 CVE-2025-59777 affecting package libmicrohttpd 0.9.76-1
NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service DoS...