CVE-2025-57801 gnark is vulnerable to signature malleability in EdDSA and ECDSA due to missing scalar checks

gnark is a zero-knowledge proof system framework. In versions prior to 0.14.0, the Verify function in eddsa.go and ecdsa.go used the S value from a signature without asserting that 0 ≤ S order, leading to a signature malleability vulnerability. Because gnark’s native EdDSA and ECDSA circuits lack...

Linux Distros Unpatched Vulnerability : CVE-2022-24764

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affect...

BIT-LIBPHP-2020-7066 get_headers() silently truncates after a null byte

In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using getheaders with user-supplied URL, if the URL contains zero \0 character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the getheade...

Linux Distros Unpatched Vulnerability : CVE-2025-38251

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: atm: clip: prevent NULL deref in clippush Blamed commit missed that vccdestroysocket calls...

AZL-65978 CVE-2025-8177 affecting package libtiff for versions less than 4.6.0-8

A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It...

CVE-2025-53642 haxcms-nodejs and haxcms-php Improperly Terminate Sessions

haxcms-nodejs and haxcms-php are backends for HAXcms. The logout function within the application does not terminate a user's session or clear their cookies. Additionally, the application issues a refresh token when logging out. This vulnerability is fixed in 11.0.6...

OESA-2025-1645 nodejs-brace-expansion security update

Brace expansion as known from sh/bash Security Fixes: A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular...

The vulnerability of the parse_amd_vsdb() function in the drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c file of the amdgpu kernel in the Linux operating system allows a attacker to compromise the confidentiality and accessibility of protected information.

The vulnerability of the parseamdvsdb function in the drivers/gpu/drm/amd/display/amdgpudm/amdgpudm.c file of the amdgpu kernel in the Linux operating system is related to reading memory beyond the allocated buffer. Exploiting this vulnerability could allow an attacker to compromise the...

PT-2025-26143 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A race condition between the write2 and close2 system calls in the Linux kernel's FUSE Filesystem in Userspace implementation allows pages to be dirtied after the fuse flush function h...

PT-2025-26910 · Git +1 · Ndpi

Name of the Vulnerable Software and Affected Versions: ndpi affected versions not specified Description: The software contains a use-of-uninitialized-value issue. This occurs within the ndpi strdup function, which is called during ndpi detection process packet processing, as reported in fuzzing...

AZL-63689 CVE-2025-5889 affecting package js-jquery 3.5.0-4

A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely...

CVE-2025-1778

The Art Theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'artthemethemeoptionrestore' AJAX function in all versions up to, and including, 3.12.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to delet...

CVE-2024-9187

The Read more By Adam plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deleteRm function in all versions up to, and including, 1.1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete read...

CVE-2024-24564

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in extract32b, start, if the start index provided has for side effect to update b, the byte array to extract 32 bytes from, it could be that some dirty memory is read and returned by extract32. This...

CVE-2023-32675

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In contracts with more than one regular nonpayable function, it is possible to send funds to the default function, even if the default function is marked nonpayable. This applies to contracts compiled with vyper version...

CVE-2023-42222

WebCatalog before 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances...

CVE-2022-34639

CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a treats non-standard fence instructions as illegal which can affect the function of the application...

CVE-2020-14413

NeDi 1.9C is vulnerable to XSS because of an incorrect implementation of sanitize in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a Devices-Config.php?sta=...

CVE-2020-22038

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ffv4l2m2mcreatecontext function in v4l2m2m.c...

CVE-2017-13311

In the read function of ProcessStats.java, there is a possible read/write serialization issue leading to a permissions bypass. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User interactio...