CVE-2025-3887

GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may...

CVE-2025-3887

GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may...

FreeFloat FTP Server Buffer Overflow Vulnerability (CNVD-2025-14503)

FreeFloat FTP Server is an FTP service from Freefloat. A buffer overflow vulnerability exists in FreeFloat FTP Server that stems from the component MLS Command Handler failing to properly validate the length size of input data, no details of the vulnerability are provided at this time...

CVE-2025-37947

CVE-2025-37947 affects ksmbd (Linux kernel SMBv3 server). Root cause: ksmbd_vfs_stream_write() could perform an out-of-bounds write when *pos >= v_len due to missing bounds check; patch adds a check to ensure *pos

TOTOLINK A3002R formMapDelDevice interface bandstr parameter buffer overflow vulnerability

TOTOLINK A3002R is a wireless router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in the TOTOLINK A3002R, which stems from the bandstr parameter in the formMapDelDevice interface failing to correctly validate the length size of the input data, no detailed...

GNU PSPP Buffer Overflow Vulnerability

GNU PSPP is an application for data sampling, statistics and analysis from the American GNU community. GNU PSPP suffers from a buffer overflow vulnerability that stems from inflateread failing to properly validate the length and size of input data, which can be exploited by an attacker to cause a...

Tenda AC10 formSetPPTPUserList Buffer Overflow Vulnerability

Tenda AC10 is a dual-band Gigabit wireless router from Tenda China. The Tenda AC10 suffers from a buffer overflow vulnerability that originates from the formSetPPTPUserList handler failing to properly validate the length of input data, which can be exploited by an attacker to execute arbitrary co...

TOTOLINK NR1800X setWiFiEasyGuestCfg Function Buffer Overflow Vulnerability

TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE from China's Gion Electronics TOTOLINK. The TOTOLINK NR1800X suffers from a buffer overflow vulnerability that stems from the ssid5g parameter in the setWiFiEasyGuestCfg function failing to properly validate the length size of the...

The vulnerability of the RepairKit component in iPadOS, iOS, and visionOS allows attackers to compromise the confidentiality of protected information.

The vulnerability of the RepairKit component in iPadOS, iOS, and visionOS is related to insufficient validation of input data. Exploiting this vulnerability could allow attackers to compromise the confidentiality of protected information...

The vulnerability of the MacOS operating system, related to insufficient validation of input data, allows a hacker to gain access to and modify system files.

The vulnerability of the MacOS operating system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain access to and modify system files...

IBM Cloud Pak for Business Automation Denial of Service Vulnerability

IBM Cloud Pak for Business Automation is a modular set of integrated software components from International Business Machines IBM, built for any hybrid cloud, designed to automate work and accelerate business growth. A denial of service vulnerability exists in IBM Cloud Pak for Business Automatio...

Google Chrome Security Bypass Vulnerability (CNVD-2025-10056)

Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome prior to version 136.0.7103.59, which stems from insufficient data validation in DevTools, and can be exploited by an attacker to cause an access control bypass...

PT-2025-23258 · Freescout · Freescout

Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.180 Description: The issue is related to Cross-Site Scripting XSS attacks due to insufficient data validation and sanitization during data reception. This allows attackers to execute malicious scripts on the...

PT-2025-20925 · Unknown · Bootstrap-Multiselect

Name of the Vulnerable Software and Affected Versions: bootstrap-multiselect version 1.1.2 Description: An issue was discovered in post.php, where a PHP script echoes arbitrary POST data. This could create a Reflective Cross-Site Scripting XSS vulnerability exploitable through Cross-Site Request...

NVIDIA TensorRT-LLM python executor code issue vulnerability

NVIDIA TensorRT-LLM is a high-performance inference acceleration library from NVIDIA for defining, optimizing, and executing inference in production environments for large language models LLMs. A code issue vulnerability exists in NVIDIA TensorRT-LLM that stems from insufficient data validation a...

openSUSE 15 Security Update : chromium (openSUSE-SU-2025:0145-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025:0145-1 advisory. - Chromium 136.0.7103.48 stable release 2025-04-29 boo1242153 CVE-2025-4096: Heap buffer overflow in HTML. Reported by Anonymous on 2025-04-11...

Fedora 41 : chromium (2025-8fbc37e703)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-8fbc37e703 advisory. Update to 136.0.7103.59 CVE-2025-4096: Heap buffer overflow in HTML CVE-2025-4050: Out of bounds memory access in DevTools CVE-2025-4051: Insufficie...

CVE-2025-4051

Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-4051

Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-4051

Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. Chromium security severity: Medium...