CVE-2025-27057

Transient DOS while handling beacon frames with invalid IE header length...

CVE-2025-27057 Buffer Over-read in WLAN Host

Transient DOS while handling beacon frames with invalid IE header length...

CVE-2025-27057

CVE-2025-27057 is a Qualcomm WLAN/IEEE 802.11-related issue where a transient Denial of Service can occur while processing beacon frames that contain an invalid Information Element header length. The CVE entry lists a network attack vector with no user interaction and a high availability impact, ...

PT-2025-28452 · Qualcomm · Snapdragon +194

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue is related to a transient Denial of Service DOS that occurs when handling beacon frames with an invalid Information Element IE header length. No information is provided about the...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that results from a temporary denial of service when processing beacon frames with an invalid IE header length...

webkitgtk: UI spoofing while Visiting a website that frames malicious content

A vulnerability was found in webkitgtk, where an issue was addressed with improved UI handling. Visiting a website that frames malicious content may lead to UI spoofing...

PT-2025-28437 · Wlan · Wlan

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A transient Denial of Service DOS may occur when processing vendor-specific information elements while parsing a WLAN frame for BTM requests. Recommendations: At the moment, there is no...

PT-2025-33548

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists in the Linux kernel's mwifiex driver related to the handling of disassociation frames when operating in concurrent Station STA and Access Point AP mode with host Machine...

CVE-2025-4821

Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating ...

OESA-2025-1659 trafficserver security update

Apache Traffic Server is an OpenSource HTTP / HTTPS / HTTP/2 / QUIC reverse, forward and transparent proxy and cache. Security Fixes: Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.This issue affects Apache Traffic Server: from 9.0.0 through 9.2.2...

CVE-2025-4820

Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating ...

CVE-2025-4821 Incorrect congestion window growth by invalid ACK ranges

Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating ...

CVE-2025-4821 Incorrect congestion window growth by invalid ACK ranges

Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating ...

CVE-2025-4821

CVE-2025-4821 affects Cloudflare’s quiche (QUIC) prior to 0.24.4. The issue is “Incorrect congestion window growth” caused by processing invalid ACK ranges. An unauthenticated remote attacker can complete a handshake, initiate a congestion-controlled transfer, and send ACK frames covering a large...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: wifi: rtw88: Use ieee80211purgetxqueue to purge TX skb. When removing kernel modules using rmmod rtw888723cs rtw888703b rtw888723x rtw88sdio rtw88core, the driver uses skbqueuepurge to purge TX skb, but does not report the TX...

CVE-2025-40659

An Insecure Direct Object Reference IDOR vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelectionNetworks.asp...

"Vcd2df" -- Leveraging Data Science Insights for Hardware Security Research

In this work, we hope to expand the universe of security practitioners of open-source hardware by creating a bridge from hardware design languages HDLs to data science languages like Python and R through novel libraries that convert VCD value change dump files into data frames, the expected input...

Wireshark Analyzer 4.4.7

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. Thi...

CVE-2025-21463

Transient DOS while processing the EHT operation IE in the received beacon frame...

Local Frames: Exploiting Inherited Origins to Bypass Content Blockers

We present a study of how local frames i.e., iframes with non-URL sources like "about:blank" are mishandled by a wide range of popular Web security and privacy tools. As a result, users of these tools remain vulnerable to the very attack techniques they seek to protect against, including browser...