Allocation of Resources Without Limits or Throttling

Overview std/encoding/asn1 is a Go standard library package std/encoding/asn1 Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: Parsing a maliciously crafted DER payload could allocate large amounts of memory, causin...

Allocation of Resources Without Limits or Throttling

Overview std/encoding/pem is a Go standard library package std/encoding/pem Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: The processing time for parsing some invalid inputs scales non-linearly with respect to th...

CVE-2025-34305

IPFire versions prior to 2.29 Core Update 198 contain multiple stored cross-site scripting XSS vulnerabilities caused by a bug in the cleanhtml function /var/ipfire/header.pl that fails to apply HTML-entity encoding to user input. When an authenticated user submits data to affected endpoints - fo...

CLSA-2025-1761744708 git: Fix of CVE-2024-50349

CVE-2024-50349: fix issue where URLs can obfuscate the host asking for credentials, by using strbufaddpercentencode to sanitise the host name and port...

Exploit for CVE-2020-14882

🌐 CVE-2020-14882 — Oracle WebLogic Server Remote Code Execut...

Google Go encoding 安全漏洞

Google Go encoding is a code library from Google, Inc. that provides multiple forms of encoding for data based on the Go language. A security vulnerability exists in Google Go encoding that stems from an interface conversion error when validating a certificate chain containing a DSA public key,...

Google Go encoding 安全漏洞

Google Go encoding is a code library from Google, Inc. that provides multiple forms of encoding for data based on the Go language. A security vulnerability exists in Google Go encoding that stems from a non-linear correlation between processing time and input size when parsing certain invalid...

Google Go 安全漏洞

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google USA. A security vulnerability exists in Google Go that stems from the possibility of allocating a large amount of memory when parsing a specially crafted DER payload, leading to...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the SharpShowTextField component when rendering user-supplied input containing Vue template syntax. An attacker can execute arbitrary JavaScript or inject malicious HTML by submitting specially crafted...

EUVD-2025-36519

IPFire versions prior to 2.29 Core Update 198 contain multiple stored cross-site scripting XSS vulnerabilities caused by a bug in the cleanhtml function /var/ipfire/header.pl that fails to apply HTML-entity encoding to user input. When an authenticated user submits data to affected endpoints - fo...

CVE-2025-34305

IPFire versions prior to 2.29 Core Update 198 contain multiple stored cross-site scripting XSS vulnerabilities caused by a bug in the cleanhtml function /var/ipfire/header.pl that fails to apply HTML-entity encoding to user input. When an authenticated user submits data to affected endpoints - fo...

UBUNTU-CVE-2025-40071

In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: Don't block input queue by waiting MSC Currently gsmqueue processes incoming frames and when opening a DLC channel it calls gsmdlciopen which calls gsmmodemupdate. If basic mode is used it calls gsmmodemupdviamsc and i...

Cross-site Scripting

com.liferay.account.admin.web is vulnerable to Cross-Site Scripting. The vulnerability is due to insufficient input validation and improper output encoding due to the Account "Name" text field. This allows an attacker can inject a crafted payload into that field which is stored and later rendered...

EUVD-2025-36457

In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: Don't block input queue by waiting MSC Currently gsmqueue processes incoming frames and when opening a DLC channel it calls gsmdlciopen which calls gsmmodemupdate. If basic mode is used it calls gsmmodemupdviamsc and i...

CVE-2025-40071 tty: n_gsm: Don't block input queue by waiting MSC

In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: Don't block input queue by waiting MSC Currently gsmqueue processes incoming frames and when opening a DLC channel it calls gsmdlciopen which calls gsmmodemupdate. If basic mode is used it calls gsmmodemupdviamsc and i...

Deserialization Of Untrusted Data

h2o is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to improper handling of JDBC connection parameters with insufficient input validation, which allows an attacker to bypass regular expression checks using double URL encoding and subsequently read arbitrary files or...

[SECURITY] Fedora 42 Update: pcre2-10.46-1.fc42

PCRE2 is a re-working of the original PCRE Perl-compatible regular expression library to provide an entirely new API. PCRE2 is written in C, and it has its own API. There are three sets of functions, one for the 8-bit library, which processes strings of bytes, one for the 16-bit library, which...

Amazon Linux 2 : golang, --advisory ALAS2-2025-3042 (ALAS-2025-3042)

The version of golang installed on the remote host is prior to 1.24.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3042 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses...

Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2025-1239)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1239 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL...

Linux Distros Unpatched Vulnerability : CVE-2025-40071

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tty: ngsm: Don't block input queue by waiting MSC Currently gsmqueue processes incoming frames and when opening a DLC channel it calls gsmdlciopen which calls...