CVE-2025-23169

The Versa Director SD-WAN orchestration platform allows customization of the user interface, including the header, footer, and logo. However, the input provided for these customizations is not properly validated or sanitized, allowing a malicious user to inject and store cross-site scripting XSS...

SUSE: Security Advisory (SUSE-SU-2025:01884-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-4861

The CVE-2025-4861 entry affects PHPGurukul Beauty Parlour Management System v1.1, targeting the /admin/admin-profile.php function. The root cause is unsafely handling the contactnumber parameter, enabling SQL injection that can be triggered remotely. Multiple connected sources corroborate a publi...

CVE-2025-21881 uprobes: Reject the shared zeropage in uprobe_write_opcode()

In the Linux kernel, the following vulnerability has been resolved: uprobes: Reject the shared zeropage in uprobewriteopcode We triggered the following crash in syzkaller tests: BUG: Bad page state in process syz.7.38 pfn:1eff3 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0...

CVE-2022-49571 tcp: Fix data-races around sysctl_tcp_max_reordering.

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctltcpmaxreordering. While reading sysctltcpmaxreordering, it can be changed concurrently. Thus, we need to add READONCE to its readers...

CVE-2024-54658

A flaw was found in WebKitGTK. Processing malicious web content can cause a denial of service due to improper memory handling. Mitigation Do not process or load untrusted web content with WebKitGTK...

CVE-2024-57763

MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/addField...

CVE-2024-47032

In constructtransactionfromcmd of lwisioctl.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2022-44519 Acrobat Reader | Use After Free (CWE-416)

Acrobat Reader DC version 22.001.20085 and earlier, 20.005.3031x and earlier and 17.012.30205 and earlier are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitatio...

CVE-2022-20533

In getSlice of WifiSlice.java, there is a possible way to connect a new WiFi network from the guest mode due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...