5832 matches found
PT-2025-40053
Summary Unpatched Argo CD versions are vulnerable to malicious API requests which can crash the API server and cause denial of service to legitimate clients. With the default configuration, no webhook.gogs.secret set, Argo CD’s /api/webhook endpoint will crash the entire argocd-server process whe...
PT-2025-44111
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to insufficient input validation in the NFC Near Field Communication subsystem. Specifically, the nci init req function had limited validation,...
GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DCM files. The...
ROS-20250924-02
A vulnerability in Performance Co-Pilot's performance monitoring and visualization software PCP is related to a symbolic link issue in the pmpost tool, which under certain under certain circumstances. Exploitation of the vulnerability could allow an attacker to escalate privileges on the system...
ROS-20250923-04
A vulnerability in the Python programming language interpreter CPython is related to insufficient validation of user data in Lib/email/headervalueparser.py. user data in Lib/email/headervalueparser.py. Exploitation of the vulnerability could allow an attacker acting remotely to execute a spoofing...
security-guide-for-developers
This is a security guide for web developers, covering various security topics such as authentication, authorization, data validation, and encryption. The guide is divided into several sections, including a security checklist, authentication and authorization, data validation and sanitation, and...
CVE-2025-7989
Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must...
CVE-2025-7992
Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must...
CVE-2022-50394 i2c: ismt: Fix an out-of-bounds bug in ismt_access()
In the Linux kernel, the following vulnerability has been resolved: i2c: ismt: Fix an out-of-bounds bug in ismtaccess When the driver does not check the data from the user, the variable 'data-block0' may be very large to cause an out-of-bounds bug. The following log can reveal it: 33.995542 i2c...
CVE-2025-8003 Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must...
Ashlar-Vellum Cobalt 安全漏洞
Ashlar-Vellum Cobalt is a 3D modeling software developed by Ashlar Vellum, which supports Windows and Mac systems, and is mainly used for 3D modeling and CAD drawing in industrial product design, architectural design and other fields. A type confusion vulnerability exists in Ashlar-Vellum Cobalt,...
Mattermost Server 9.11.x < 9.11.18 / 10.5.x < 10.5.9 / 10.8.x < 10.8.4 / 10.9.x < 10.9.4 / 10.10.x < 10.10.1 / 10.11.0 Improper Validation (MMSA-2025-00506)
The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in the MMSA-2025-00506 advisory. - Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.0, 10.9.x = 10.9.3 fail to validate import data which allows a syst...
Security update for gimp
This update for gimp fixes the following issues: CVE-2025-2760: lack of proper validation of user-supplied data in DDS parser can lead to integer overflow and remote code execution bsc1241690. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 : UDisks vulnerability (USN-7723-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 host has packages installed that are affected by a vulnerability as referenced in the USN-7723-1 advisory. Michael Imfeld discovered that UDisks did not check the validity of input data correctly when...
ROS-20250826-04
Vulnerability of Wireshark computer network traffic analyzer related to insufficient validation of user data in the column utility module of the Dissection engine. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service Vulnerability in the CBOR...
CVE-2025-8402
Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.0, 10.9.x = 10.9.3 fail to validate import data which allows a system admin to crash the server via the bulk import feature...
GHSA-H469-4FCF-P23H Mattermost has Potential Server Crash due to Unvalidated Import Data
Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.0, 10.9.x = 10.9.3 fail to validate import data which allows a system admin to crash the server via the bulk import feature...
CVE-2025-8402
Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.0, 10.9.x = 10.9.3 fail to validate import data which allows a system admin to crash the server via the bulk import feature...
CVE-2025-8402
CVE-2025-8402 affects Mattermost Server releases with versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.10.x <= 10.10.0, and 10.9.x
CVE-2025-8402 Nil pointer dereference in bulk import crashes server
Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.0, 10.9.x = 10.9.3 fail to validate import data which allows a system admin to crash the server via the bulk import feature...