AzeoTech DAQFactory CTL File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of AzeoTech DAQFactory. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

(0Day) Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the flatten, min, max, mean, and median functions when processing deeply nested or cyclic data structures. An attacker can cause the application to crash by supplying maliciously...

SUSE-SU-2025:4335-1 Security update for gegl

This update for gegl fixes the following issues: - CVE-2025-10921: lack of proper validation of user-supplied data when parsing HDR files can lead to RCE bsc1250496...

CVE-2025-14006

A security vulnerability has been detected in dayrui XunRuiCMS up to 4.7.1. Affected by this issue is some unknown functionality of the file /admind45f74adbd95.php?c=field=add=site=1=1 of the component Add Data Validation Page. The manipulation of the argument dataname leads to cross site...

abrt security update

2.10.9-25.0.1 - Replaces sosreport to sos report in sosreport-event.conf Orabug: 38590929 - abrt-dump-oops-Fix-vmcore-call-trace-parsing-arm Orabug: 34184473 - Disable autoreporting on Oracle Linux Orabug: 32890748 - Add orabug32082455-Upstreamreferenceinpython3-abrt-addon.patch Orabug: 32082455 ...

EUVD-2025-201188

A security vulnerability has been detected in dayrui XunRuiCMS up to 4.7.1. Affected by this issue is some unknown functionality of the file /admind45f74adbd95.php?c=field&m=add&rname=site&rid=1&page=1 of the component Add Data Validation Page. The manipulation of the argument dataname leads to...

CVE-2025-14006

A security vulnerability has been detected in dayrui XunRuiCMS up to 4.7.1. Affected by this issue is some unknown functionality of the file /admind45f74adbd95.php?c=field&m=add&rname=site&rid=1&page=1 of the component Add Data Validation Page. The manipulation of the argument dataname leads to...

CVE-2025-14006

CVE-2025-14006 affects dayrui XunRuiCMS up to version 4.7.1. The vulnerability lies in the file /admind45f74adbd95.php?c=field&m=add&rname=site&rid=1&page=1, where manipulating the argument data[name] enables cross-site scripting. The issue is exploitable remotely and the public exploit has been ...

CVE-2025-14006 dayrui XunRuiCMS Add Data Validation admind45f74adbd95.php cross site scripting

A security vulnerability has been detected in dayrui XunRuiCMS up to 4.7.1. Affected by this issue is some unknown functionality of the file /admind45f74adbd95.php?c=field&m=add&rname=site&rid=1&page=1 of the component Add Data Validation Page. The manipulation of the argument dataname leads to...

PT-2025-49028

Name of the Vulnerable Software and Affected Versions dayrui XunRuiCMS versions up to 4.7.1 Description A security issue exists in dayrui XunRuiCMS. The issue is related to cross site scripting, potentially allowing remote attacks. The manipulation of the dataname argument in the file...

gimp: GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

A heap-based buffer overflow vulnerability was discovered in GIMP’s DICOM DCM file parser. The flaw occurs because the application fails to properly validate the length of user-supplied data before copying it to a heap buffer. This can lead to arbitrary code execution when a user opens a speciall...

Interpretation Conflict

Overview node-forge is a JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities. Affected versions of this package are vulnerable to Interpretation Conflict via the asn1.validate function. An attacker can cause schema validation to...

(0Day) Digilent DASYLab DSB File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Digilent DASYLab. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DS...

Adobe USD-Fileformat-plugins Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe USD-Fileformat-plugins. Interaction with the USD library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within t...

[SECURITY] Fedora 43 Update: python-pydantic-2.12.4-1.fc43

Data validation and settings management using python type hinting...

[SECURITY] Fedora 43 Update: python-pydantic-2.12.3-1.fc43

Data validation and settings management using python type hinting...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989502)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989502 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: emux: improve patch ioctl data validation In loaddata, make the validation of and skipping...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989712)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989712 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: wext: add extra SIOCSIWSCAN data check In 'cfg80211wextsiwscan', add extra check...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990195)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990195 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: wext: add extra SIOCSIWSCAN data check In 'cfg80211wextsiwscan', add extra check...