CVE-2025-45835

A null pointer dereference vulnerability was discovered in Netis WF2880 v2.1.40207. The vulnerability exists in the FUN004904c8 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the environment variable value CONTENTLENGTH, causing the program to crash and...

CVE-2025-45513

Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the function.P2pListFilter...

CVE-2025-3453

The Password Protected – Password Protect your WordPress Site, Pages, & WooCommerce Products – Restrict Content, Protect WooCommerce Category and more plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.7.7 via the 'passwordprotectedcookie'...

CVE-2025-46420 Libsoup: memory leak on soup_header_parse_quality_list() via soup-headers.c

A flaw was found in libsoup. It is vulnerable to memory leaks in the soupheaderparsequalitylist function when parsing a quality list that contains elements with all zeroes...

CVE-2025-3407

A vulnerability was found in Nothings stb up to f056911. It has been declared as critical. Affected by this vulnerability is the function stbhwbuildtilesetfromimage. The manipulation of the argument hcount/vcount leads to out-of-bounds read. The attack can be launched remotely. This product takes...

CVE-2025-29087

In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concatws SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string e.g., 2MB or more, an integer overflow occurs in calculating the size of the...

pgAdmin 安全漏洞

pgAdmin is pgAdmin open source an open source management and development platform for the open source database PostgreSQL. A security vulnerability exists in pgAdmin versions prior to 4 9.2 that stems from insecurely passing parameters to the eval function, which could lead to remote code executi...

CVE-2023-52987

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-mtrace: prevent underflow in sofipc4prioritymaskdfswrite The "id" comes from the user. Change the type to unsigned to prevent an array underflow...

CVE-2025-29488

libming v0.4.8 was discovered to contain a memory leak via the parseSWFINITACTION function...

CVE-2024-45483

A Missing Authentication for Critical Function vulnerability in the GRUB configuration used B APROL 4.4-01 may allow an unauthenticated physical attacker to alter the boot configuration of the operating system...

CVE-2025-29489

CVE-2025-29489 affects libming v0.4.8, with a memory leak discovered in the parseSWF_MORPHLINESTYLES function. The provided documents consistently describe this as the vulnerability detail; no exploit specifics, affected products beyond libming v0.4.8, or remediation steps are given. The CVSS con...

PT-2025-13294 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A node refcount leak issue has been identified in the function fwnode graph get next endpoint. This occurs because the parent returned by fwnode graph get port parent has its refcount...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the search functionality. An attacker can execute arbitrary JavaScript code by injecting malicious scripts into user inputs. This can lead to unauthorized actions such as stealing session cookies, redirectin...

CVE-2024-6825

CVE-2024-6825 affects litellm 1.40.12. The vulnerability lies in how the post_call_rules configuration is parsed: a callback can be set to a system method (for example os.system), with the final part treated as the function name and the rest imported as a Python module, enabling arbitrary command...

CVE-2024-23943 MB connect line: Cloud API access due to a lack of authentication for a critical function

An unauthenticated remote attacker can gain access to the cloud API due to a lack of authentication for a critical function in the affected devices. Availability is not affected...

CVE-2025-24924 GMOD Apollo Missing Authentication for Critical Function

Certain functionality within GMOD Apollo does not require authentication when passed with an administrative username...

CVE-2024-13686

The VW Storefront theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vwstorefrontresetallsettings function in all versions up to, and including, 0.9.9. This makes it possible for authenticated attackers, with Subscriber-level access and...

CVE-2025-1282

CVE-2025-1282 affects the Car Dealer Automotive WordPress Theme – Responsive (WordPress Theme) up to version 1.6.3. The vulnerability arises from insufficient file path validation in delete_post_photo() and add_car(), allowing authenticated users with Subscriber+ privileges to delete arbitrary se...

CVE-2025-26622

A flaw was found in Vyper’s sqrt builtin function. This vulnerability allows incorrect rounding of square root calculations via improper handling of oscillating final states in the Babylonian method. Mitigation Mitigation for this issue is either not available or the currently available options d...

CVE-2025-25667

Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the urls parameter in the function getparentControllistInfo...