Cherry Studio 代码注入漏洞

Cherry Studio is a multi-model AI assistant from China's Thousand Comets Cherry Studio. A code injection vulnerability exists in Cherry Studio, which stems from the direct execution of commands in base64-encoded configuration data when processing URLs of type cherrystudio://mcp, which could lead ...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses xmldom-0.8.10.tgz which is vulnerable to this CVE-2021-32796

Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses xmldom-0.8.10.tgz which is vulnerable to this CVE-2021-32796 Vulnerability Details CVEID:CVE-2021-32796 DESCRIPTION: xmldom is an open source pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParse...

CVE-2025-47341

memory corruption while processing an image encoding completion event...

CVE-2025-27049

Transient DOS while processing IOCTL call for image encoding...

CVE-2025-47341

CVE-2025-47341 describes a memory corruption issue in Qualcomm chipsets triggered while processing an image encoding completion event. Affected component is tied to image encoding handling; underlying root cause is memory handling during completion processing. The CVE is tracked with high severit...

EUVD-2025-33239

memory corruption while processing an image encoding completion event...

CVE-2025-47341 Buffer Copy Without Checking Size of Input in Camera

memory corruption while processing an image encoding completion event...

CVE-2025-47341 Buffer Copy Without Checking Size of Input in Camera

memory corruption while processing an image encoding completion event...

CVE-2025-27049 Buffer Over-read in Camera

Transient DOS while processing IOCTL call for image encoding...

EUVD-2025-33246

Transient DOS while processing IOCTL call for image encoding...

CVE-2025-27049

CVE-2025-27049 affects Qualcomm chipsets. The vulnerability is described as a transient denial of service when processing an IOCTL call for image encoding, with a MEDIUM base CVSSv3.1 score (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) and a HIGH impact on availability. Connected documents corroborate a ...

CVE-2025-27049 Buffer Over-read in Camera

Transient DOS while processing IOCTL call for image encoding...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that could result in a denial of service when processing IOCTL calls for image encoding...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from a memory corruption when processing image encoding completion events...

PT-2025-41341

Name of the Vulnerable Software and Affected Versions affected versions not specified Description A temporary denial of service can occur when processing an IOCTL call for image encoding. Recommendations At the moment, there is no information about a newer version that contains a fix for this...

PT-2025-41348

Name of the Vulnerable Software and Affected Versions Versions prior to 2.3 Description A memory corruption issue exists when processing an image encoding completion event. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability...

USN-7812-1: ImageMagick vulnerabilities

Woojin Park, Hojun Lee, Yougin Won and Siyeon Han discovered that ImageMagick did not properly sanitize image file names. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information, or execute arbitrary code. CVE-2025-55298 Lumina Mescuwa discovered that...

USN-7812-1 imagemagick vulnerabilities

Woojin Park, Hojun Lee, Yougin Won and Siyeon Han discovered that ImageMagick did not properly sanitize image file names. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information, or execute arbitrary code. CVE-2025-55298 Lumina Mescuwa discovered that...

netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions

A flaw in Netty’s HTTP/1.1 chunked encoding parser allows newline LF characters in chunk extensions to be incorrectly treated as the end of the chunk-size line instead of requiring the proper CRLF sequence. This discrepancy can be exploited in rare cases where a reverse proxy interprets the same...

SUSE CVE-2025-61765

python-socketio is a Python implementation of the Socket.IO realtime client and server. A remote code execution vulnerability in python-socketio versions prior to 5.14.0 allows attackers to execute arbitrary Python code through malicious pickle deserialization in multi-server deployments on which...