The vulnerability in the displaydebug_section function of the readelf.c component of the GNU Binutils development environment allows a attacker to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the displaydebugsection function in the readelf.c component of the GNU Binutils development environment is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to access confidential data, compromise its integrity, and cause...

CVE-2025-22012

In the Linux kernel, the following vulnerability has been resolved: Revert "arm64: dts: qcom: sdm845: Affirm IDR0.CCTW on appssmmu" There are reports that the pagetable walker cache coherency is not a given across the spectrum of SDM845/850 devices, leading to lock-ups and resets. It works fine o...

CVE-2025-22012 Revert "arm64: dts: qcom: sdm845: Affirm IDR0.CCTW on apps_smmu"

In the Linux kernel, the following vulnerability has been resolved: Revert "arm64: dts: qcom: sdm845: Affirm IDR0.CCTW on appssmmu" There are reports that the pagetable walker cache coherency is not a given across the spectrum of SDM845/850 devices, leading to lock-ups and resets. It works fine o...

CVE-2025-22012

CVE-2025-22012 concerns a Linux kernel issue where a change in arm64 dts for qcom SDM845/850 could affect pagetable walker cache coherency. The vulnerability description states that this led to lock-ups and resets on some devices (e.g., Yoga C630) while others (Dragonboard 845c) were unaffected. ...

PT-2025-15273

Name of the Vulnerable Software and Affected Versions EDK2 affected versions not specified Description The issue is related to a vulnerability in the HashPeImageByType function, where a user can cause a read out of bounds by sending corrupted data via the network. This could lead to a loss of...

AutonomyAI Emerges from Stealth with $4M Pre-Seed Funding to Transform Front-End Development with Autonomous AI Agents

The first-of-its-kind solution integrates with company codebases, enabling AI agents to work in-context and generate production-grade, front-end code in minutes...

Exploit for CVE-2025-30208

CVE-2025-30208 - Vite Arbitrary File Read PoC This is a Proof...

PT-2025-14786

Name of the Vulnerable Software and Affected Versions Vite versions 6.0.0 through 6.0.13 Vite versions 6.1.0 through 6.1.3 Vite versions 6.2.0 through 6.2.4 Vite version 4.5.11 and earlier Vite version 5.4.16 and earlier Description The issue allows the contents of arbitrary files to be returned ...

Vite 6.2.2 - Arbitrary File Read

Exploit Title: Vite Arbitrary File Read - CVE-2025-30208 Date: 2025-04-03 Exploit Author: Sheikh Mohammad Hasan https://github.com/4m3rr0r Vendor Homepage: https://vitejs.dev/ Software Link: https://github.com/vitejs/vite Version: = 6.2.2, = 6.1.1, = 6.0.11, = 5.4.14, = 4.5.9 Tested on: Ubuntu...

CVE-2025-30209

Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker can access release notes content or information via the FRS REST endpoints it should not have access to. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742812323 and Tule...

CVE-2025-30203

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap allows cross-site scripting XSS via the content of RSS feeds in the RSS widgets. A project administrator or someone with control over an used RSS feed could use this vulnerability to force...

CVE-2025-29766

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap has missing CSRF protections on artifact submission & edition from the tracker view. An attacker could use this vulnerability to trick victims into submitting or editing artifacts or follow-up...

[SECURITY] Fedora 42 Update: php-kissifrot-php-ixr-1.8.4-1.fc42

PHP-IXR is an XML-RPC library designed primarily for ease of use. It incorporates both client and server classes, and is designed to hide as much of the workings of XML-RPC from the user as possible. A key feature of the library is automatic type conversion from PHP types to XML-RPC types and vic...

CVE-2025-31820

Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic Featured Images from Videos: from n/a through = 1.2.4...

The vulnerability of the Git-based software platform for collaborative code development on GitLab EE/CE arises from deficiencies in the authentication mechanism, allowing unauthorized access to protected information.

The vulnerability of the Git-based software platform for collaborative code development in GitLab EE/CE is related to deficiencies in the authentication mechanism. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

CVE-2025-29929

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap is missing CSRF protection on tracker hierarchy administration. An attacker could use this vulnerability to trick victims into submitting or editing artifacts or follow-up comments. This...

CVE-2025-30155

CVE-2025-30155 affects Tuleap: the REST API did not enforce read permissions on parent trackers, allowing potential unauthorized visibility. Affected versions include Tuleap Community Edition prior to 16.5.99.1742392651 and Tuleap Enterprise Edition prior to 16.5-5 and 16.4-8. The issue is resolv...

CVE-2025-30209 Tuleap has improper permission handling in the REST endpoints and release notes display of the FRS plugin

Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker can access release notes content or information via the FRS REST endpoints it should not have access to. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742812323 and Tule...

CVE-2025-30209 Tuleap has improper permission handling in the REST endpoints and release notes display of the FRS plugin

Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker can access release notes content or information via the FRS REST endpoints it should not have access to. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742812323 and Tule...

CVE-2025-30203 Tuleap allows XSS via the content of RSS feeds in the RSS widgets

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap allows cross-site scripting XSS via the content of RSS feeds in the RSS widgets. A project administrator or someone with control over an used RSS feed could use this vulnerability to force...