17263 matches found
SUSE-SU-2025:21170-1 Security update for mozjs128
This update for mozjs128 fixes the following issues: - Update to version 128.14.0 bsc1248162: + CVE-2025-9179: Sandbox escape due to invalid pointer in the Audio/Video: GMP component + CVE-2025-9180: Same-origin policy bypass in the Graphics: Canvas2D component + CVE-2025-9181: Uninitialized memo...
CVE-2025-20384
In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.6, and 9.3.2411.117.125, an unauthenticated attacker can inject American National Standards Institute ANSI escape codes into Splunk log files due to improper...
CVE-2025-20384 Unauthenticated Log Injection in Splunk Enterprise
In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.6, and 9.3.2411.117.125, an unauthenticated attacker can inject American National Standards Institute ANSI escape codes into Splunk log files due to improper...
CVE-2025-20384
CVE-2025-20384 affects Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, 9.2.10 and Splunk Cloud Platform below 10.1.2507.4, 10.0.2503.6, 9.3.2411.117.125. An unauthenticated attacker can inject ANSI escape codes into Splunk log files via improper validation at the /en-US/static/ endpoint, p...
CVE-2025-20384 Unauthenticated Log Injection in Splunk Enterprise
In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.6, and 9.3.2411.117.125, an unauthenticated attacker can inject American National Standards Institute ANSI escape codes into Splunk log files due to improper...
SUSE CVE-2025-13632
Inappropriate implementation in DevTools in Google Chrome prior to 143.0.7499.41 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Chromium security severity: High...
Splunk Enterprise 9.2.0 < 9.2.10, 9.3.0 < 9.3.8, 9.4.0 < 9.4.6, 10.0 < 10.0.1 (SVD-2025-1203)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2025-1203 advisory. - In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4,...
RockyLinux 9 : podman (RLSA-2025:21702)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:21702 advisory. runc: container escape and denial of service due to arbitrary write gadgets and procfs write redirects CVE-2025-52881 Tenable has extracted the preceding...
PT-2025-50583
Name of the Vulnerable Software and Affected Versions glib affected versions not specified Description A flaw exists in glib that can lead to a denial-of-service DoS condition. The issue is a heap buffer overflow caused by an integer overflow within the escape byte string function, part of GLib's...
Linux Distros Unpatched Vulnerability : CVE-2025-13632
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in DevTools in Google Chrome prior to 143.0.7499.41 allowed an attacker who convinced a user to install a malicious extension to...
CLSA-2025-1764716872 tomcat: Fix of CVE-2025-31651
CVE-2025-31651: fix improper neutralization of escape, meta, or control sequences...
SQL Injection
Overview asyncmy is an A fast asyncio MySQL driver Affected versions of this package are vulnerable to SQL Injection through the escapedict function. An attacker can execute arbitrary SQL commands by using untrusted JSON input because keys are not properly escaped. Remediation A fix was pushed in...
EUVD-2025-200317
Inappropriate implementation in DevTools in Google Chrome prior to 143.0.7499.41 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Chromium security severity: High...
CVE-2025-13632
Inappropriate implementation in DevTools in Google Chrome prior to 143.0.7499.41 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Chromium security severity: High...
CVE-2025-13632
Inappropriate implementation in DevTools in Google Chrome prior to 143.0.7499.41 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Chromium security severity: High...
CVE-2025-13632
Inappropriate implementation in DevTools in Google Chrome prior to 143.0.7499.41 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Chromium security severity: High...
CVE-2025-13632
Inappropriate implementation in DevTools in Google Chrome prior to 143.0.7499.41 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Chromium security severity: High...
CVE-2025-13632
CVE-2025-13632 affects Google Chrome/Chromium DevTools, where an inappropriate DevTools implementation allowed sandbox escape when a user installed a crafted malicious extension. The vulnerable component is DevTools in Chrome, with exploitation tied to extension installation. The issue stems from...
SQL Injection
Overview smoosense is a Smoothly make sense of your large multi-modal datasets Affected versions of this package are vulnerable to SQL Injection via improper handling of user-supplied filter values. The parseFilters.ts and helpers.ts utility functions fail to escape single quotes before...
Improper Null Termination
python-ldap is vulnerable to an Improper Null Termination. The vulnerability is due to incorrect handling of the NUL byte in escapednchars, where it emits a backslash plus a literal NUL instead of the RFC-4514 \00, allowing attackers to supply crafted input that consistently breaks DN constructio...