AMD多款产品 安全漏洞

The AMD Instinct MI210 and AMD Instinct MI250 are both GPU acceleration cards developed by American semiconductor company AMD. Several AMD products have security vulnerabilities. These vulnerabilities stem from improper handling of insufficient permissions, which may allow attackers to provide...

CyberPanel 访问控制错误漏洞

CyberPanel is a virtual hosting control panel developed by Usman Nasir, which includes DNS and email servers. Versions of CyberPanel prior to 2.4.4 contained an access control vulnerability. This vulnerability stemmed from an authentication bypass in the AI Scanner worker API endpoints, allowing...

Apache Superset Input Validation Vulnerability

Apache Superset is a modern big data exploration and visualization platform from the Apache Foundation that allows users to easily and quickly build dashboards using a simple no-code visualization builder and a state-of-the-art SQL editor. Apache Superset has an input validation vulnerability in...

Apache Superset 安全漏洞

Apache Superset is a modern big data exploration and visualization platform from the Apache Foundation that allows users to easily and quickly build dashboards using a simple no-code visualization builder and a state-of-the-art SQL editor. Apache Superset has an input validation vulnerability in...

CVE-2025-68160

Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading ...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002059)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002059 advisory. The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNELDS option is set, which allows local...

CVE-2023-49581

SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to write data to a database table. By doing so the attacker could increase...

CVE-2025-65594

OpenSIS 9.2 and below is vulnerable to Incorrect Access Control in Student.php, which allows an authenticated low-privilege user to perform unauthorized database write operations relating to the data of other users...

CVE-2025-65594

OpenSIS 9.2 and below is vulnerable to Incorrect Access Control in Student.php, which allows an authenticated low-privilege user to perform unauthorized database write operations relating to the data of other users...

AIS-catcher 安全漏洞

AIS-catcher is an AIS receiver from Jasper Personal Developers. A security vulnerability exists in AIS-catcher versions prior to 0.64, which stems from a heap buffer overflow in the AIS::Message class that could lead to arbitrary data writes...

libtiff: Libtiff Write-What-Where

A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controll...

EUVD-2025-28481

Malicious code in bioql PyPI...

Broadcom Unified Infrastructure Management 安全漏洞

Broadcom Unified Infrastructure Management is an IT infrastructure monitoring and management platform from Broadcom, Inc. A security vulnerability exists in Broadcom Unified Infrastructure Management that stems from improper handling of access control lists for robotic components, which could...

Arbitrary File Creation

github.com/charmbracelet/soft-serve is vulnerable to Arbitrary file creation. The vulnerability is due to uncontrolled data being written through its SSH API, which allows an attacker to create or override arbitrary files...

CVE-2025-5296

Schneider Electric SESU (Software Update) contains CWE-59: Improper Link Resolution Before File Access ('Link Following'). A low-privileged attacker who tampers with the installation folder could cause arbitrary data to be written to protected locations, potentially enabling privilege escalation,...

CVE-2025-5296

CWE-59: Improper Link Resolution Before File Access 'Link Following' vulnerability exists that could cause arbitrary data to be written to protected locations, potentially leading to escalation of privilege, arbitrary file corruption, exposure of application and system information or persistent...

Security update for python3

This update for python3 fixes the following issues: CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory bsc1244056 CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the...

SUSE-SU-2025:02427-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory bsc1244056 - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the...

External Control of File Name or Path

Overview aim is a super-easy way to record, search and compare AI experiments. Affected versions of this package are vulnerable to External Control of File Name or Path via the restorerunbackup function. An attacker can write arbitrary data to arbitrary locations on the host server by controlling...

Dell Secure Connect Gateway 安全漏洞

The Dell Secure Connect Gateway Dell SCG is a secure connectivity gateway from Dell, USA. A security vulnerability exists in Dell Secure Connect Gateway SCG version 5.24.00.14, which originated from a default privilege vulnerability containing an error, and can be exploited by a local attacker wi...