PT-2025-50243

Name of the Vulnerable Software and Affected Versions COMMAX WebViewer ActiveX Control version 2.1.4.5 Description The COMMAX WebViewer ActiveX Control contains a buffer overflow issue. An attacker can execute arbitrary code by supplying overly long string arrays through multiple functions...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from improper PCI device checking, which could lead to resource management errors...

CVE-2025-40303

CVE-2025-40303 is a Linux kernel btrfs issue resolved by ensuring no dirty metadata is written back when the filesystem is in an error state. The root cause was that, after an error is detected, some metadata modifications remained in the btrie inode page cache and could be written back during ip...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from mishandling of errors that could result in metadata being written to the file system in the wrong state...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from mm secretmem not properly handling concurrent page errors, which could lead to reuse after release...

MGASA-2025-0321 Updated xkbcomp packages fix security vulnerabilities

Endless recursion in xkbcomp/expr.c resulting in a crash. CVE-2018-15853 NULL pointer dereference when parsing invalid atoms in ExprResolveLhs resulting in a crash. CVE-2018-15859 NULL pointer dereference in ExprResolveLhs resulting in a crash. CVE-2018-15861 NULL pointer dereference in...

CVE-2025-65899

Kalmia CMS version 0.2.0 contains a user enumeration vulnerability in its authentication mechanism. The application returns different error messages for invalid users usernotfound versus valid users with incorrect passwords invalidpassword. This observable response discrepancy allows...

CVE-2025-12996

Medtronic CareLink Network allows a local attacker with access to log files on an internal API server to view plaintext passwords from errors logged under certain circumstances. This issue affects CareLink Network: before December 4, 2025...

UBUNTU-CVE-2025-66287

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...

CVE-2025-40251

In the Linux kernel, the following vulnerability has been resolved: devlink: rate: Unset parent pointer in devlratenodesdestroy The function devlratenodesdestroy is documented to "Unset parent for all rate objects". However, it was only calling the driver-specific rateleafparentset or...

BIT-GOLANG-2025-61729 Excessive resource consumption when printing error string for host certificate validation in crypto/x509

Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from unverified user virtual address alignment, which could lead to memory access errors...

📄 Microsoft Windows 11 Administrator Protection Bypass / Privilege Escalation

Microsoft Windows 11 suffers from an administrator protection bypass local privilege escalation vulnerability. Proof of concept Metasploit module included. =============================================================================================================================================...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an uncaught test context allocation failure that could lead to memory access errors...

GHSA-XQ4M-MC3C-VVG3 Claude Code Command Validation Bypass Allows Arbitrary Code Execution

Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. Users on...

Claude Code Command Validation Bypass Allows Arbitrary Code Execution

Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. Users on...

ROS-20251202-03

Vulnerability in DecodeConfig component of Golang programming language is related to uncontrolled consumption of resources. resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial-of-service condition. denial of service A vulnerability in the Downloa...

ROS-20251202-07

A vulnerability in the Google Chrome browser's DevTools web development toolkit is related to synchronization errors when using a shared resource. synchronization errors when using a shared resource. Exploitation of the vulnerability could allow an attacker, acting remotely, to bypass the sandbox...

CVE-2025-58408

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger reads of stale data that can lead to kernel exceptions and write use-after-free. The Use After Free common weakness enumeration was chosen as the stale data can include handles to resources in whi...

EUVD-2025-199978

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger reads of stale data that can lead to kernel exceptions and write use-after-free. The Use After Free common weakness enumeration was chosen as the stale data can include handles to resources in whi...