CVE-2025-5642

A vulnerability classified as problematic has been found in Radare2 5.9.9. Affected is the function rconspalinit in the library /libr/cons/pal.c of the component radiff2. The manipulation leads to memory corruption. The attack needs to be approached locally. The complexity of an attack is rather...

CVE-2025-5644

A vulnerability, which was classified as problematic, has been found in Radare2 5.9.9. Affected by this issue is the function rconsflush in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to use after free. Local access is required to approach thi...

CVE-2025-5644 Radare2 radiff2 cons.c r_cons_flush use after free

A vulnerability, which was classified as problematic, has been found in Radare2 5.9.9. Affected by this issue is the function rconsflush in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to use after free. Local access is required to approach thi...

CVE-2025-5644

Radare2 5.9.9/radiff2 contains a use-after-free in r_cons_flush when manipulating the -T argument. Affected file: libr/cons/cons.c (function r_cons_flush). Local access required; attack complexity is high. Patch identified as 5705d99cc1f23f36f9a84aab26d1724010b97798. Documentation notes -T is exp...

CVE-2025-5643

Radare2 5.9.9 is affected by CVE-2025-5643 through the cons_stack_load function in libr/cons/cons.c. The vulnerability arises from manipulating the -T argument, causing memory corruption. Exploitation is local with high attack complexity; exploits have been disclosed but the real existence is dou...

CVE-2025-5642 Radare2 radiff2 pal.c r_cons_pal_init memory corruption

A vulnerability classified as problematic has been found in Radare2 5.9.9. Affected is the function rconspalinit in the library /libr/cons/pal.c of the component radiff2. The manipulation leads to memory corruption. The attack needs to be approached locally. The complexity of an attack is rather...

CVE-2025-5642

Radare2 5.9.9 contains a memory corruption flaw in function r_cons_pal_init (libr/cons/pal.c) within the radiff2 component. Exploitation requires local access; attack complexity is high and exploitability is low to moderate according to sources. The issue is tied to manipulation of the -T argumen...

CVE-2025-5641

Radare2 5.9.9 contains CVE-2025-5641 affecting the function r_cons_is_breaked in libr/cons/cons.c of radiff2. The -T argument manipulation leads to memory corruption and local access is required. Reported attack complexity is high, with exploitation described as difficult; public disclosure of ex...

PT-2025-23902 · Radare2 · Radare2

Name of the Vulnerable Software and Affected Versions: Radare2 version 5.9.9 Description: A vulnerability has been found in the function r cons flush in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to use after free. Local access is required to...

ALSA-2025:8427 Moderate: pandoc security update

Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. It can read several dialects of Markdown and subsets of HTML, reStructuredText, LaTeX, DocBook, JATS, MediaWiki markup, TWiki markup, TikiWiki markup, Creole 1.0, Haddock...

Nearly-Linear Time Private Hypothesis Selection with the Optimal Approximation Factor

Estimating the density of a distribution from its samples is a fundamental problem in statistics. Hypothesis selection addresses the setting where, in addition to a sample set, we are given $n$ candidate distributions -- referred to as hypotheses -- and the goal is to determine which one best...

CVE-2025-5320

A vulnerability classified as problematic has been found in gradio-app gradio up to 5.29.1. This affects the function isvalidorigin of the component CORS Handler. The manipulation of the argument localhostaliases leads to erweiterte Rechte. It is possible to initiate the attack remotely. The...

CVE-2025-27706

CVE-2025-27706 is a cross-site scripting vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with system administrator permissions can interfere with another system administrator’s use of the management console when the second administrator visits t...

CVE-2025-27703

CVE-2025-27703 is a privilege escalation vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to a specific subset of privileged features in the console can elevate their permissions to access additional features in the...

CVE-2025-27702

CVE-2025-27702 is a vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly modify settings. The attack complexi...

Security Bulletin: IBM App Connect Enterprise is vulnerable to Inefficient Regular Expression Complexity due to Babel ( CVE-2025-27789 )

Summary IBM App Connect Enterprise Discovery Connectors and IBM App Connect Enterprise Runtime are vulnerable to Inefficient Regular Expression Complexity due to Babel. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript. When using...

CVE-2025-5323

A vulnerability, which was classified as problematic, has been found in fossasia open-event-server 1.19.1. This issue affects the function sendemailchangeuseremail of the file /fossasia/open-event-server/blob/development/app/api/helpers/mail.py of the component Mail Verification Handler. The...

CVE-2025-5323

CVE-2025-5323 affects fossasia open-event-server 1.19.1, specifically the Mail Verification Handler’s function send_email_change_user_email . The issue is described as relying on obfuscation or encryption of security-relevant inputs without integrity checks, with possible remote activation and hi...

Gradio CORS Origin Validation Bypass Vulnerability

A vulnerability classified as problematic has been found in gradio-app gradio up to 5.29.1. This affects the function isvalidorigin of the component CORS Handler. The manipulation of the argument localhostaliases leads to origin validation error. It is possible to initiate the attack remotely. Th...

CVE-2025-5320

A vulnerability classified as problematic has been found in gradio-app gradio up to 5.29.1. This affects the function isvalidorigin of the component CORS Handler. The manipulation of the argument localhostaliases leads to erweiterte Rechte. It is possible to initiate the attack remotely. The...