CVE-2025-28344

CVE-2025-28344 affects striso-control-firmware version 54c9722 . The vulnerability is a buffer overflow in the function AuxJack that can impact availability. CVSS:3.1 vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (base score 7.5, HIGH). Connected entries (EUVD-2025-209826, NVD, CVE record e...

Linux Distros Unpatched Vulnerability : CVE-2026-8463

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2verify on empty encoded input. The auto-detect form of...

CVE-2025-28344

striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function AuxJack...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from configuring the VRR timing before enabling TRANSDDIFUNCCTL. This vulnerability may cause the ICL...

DCVD: Dual-Channel Cross-Modal Fusion for Joint Vulnerability Detection and Localization

Software vulnerability detection plays a critical role in ensuring system security, where real-world auditing requires not only determining whether a function is vulnerable but also pinpointing the specific lines responsible. However, existing approaches either rely on a single information source...

PT-2026-40703

striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function AuxJack...

MongoDB Server 资源管理错误漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. Versions of MongoDB Server prior to 7.0.34, 8.0.23, 8.2.9, and 8.3.2 contain a...

CPython 代码问题漏洞

CPython is a Python interpreter implemented in C language by the Python Foundation. CPython has code vulnerabilities, which originate from the ftpcp function in Lib/ftplib.py. These vulnerabilities could allow attackers to control IP addresses and ports...

PT-2026-40802

Name of the Vulnerable Software and Affected Versions CPython affected versions not specified Description The ftpcp function in Lib/ftplib.py fails to use the actual peer address, instead trusting the host address supplied by the server during a PASV command. This occurs because ftpcp calls...

CVE-2025-29338

CVE-2025-29338 affects the NXP moal.ko Wi‑Fi kernel driver (driver version 5.1.7.10) across firmware builds from v17.92.1.p149.43 to v17.92.1.p149.157. The root cause is a stack‑based buffer overflow in the parsing path: woal_setup_module_param allocates a fixed stack buffer and parse_cfg_get_lin...

Hono 资源管理错误漏洞

Hono is a web framework built in TypeScript for the Hono community. Versions of Hono prior to 4.12.16 contained a resource management vulnerability. This vulnerability stemmed from the fact that the bodyLimit function did not reliably enforce the maxSize for requests without an available...

CVE-2025-29338

NXP moal.ko Wi-Fi driver 5.1.7.10 FW version from v17.92.1.p149.43 To v17.92.1.p149.157 was discovered to contain a buffer overflow via the modpara parameter in the woalinitmoduleparam function...

Flowise < 3.0.5 - Missing Authentication for Critical Function

Exploit Title: Flowise 3.0.5 - Missing Authentication for Critical Function Date: 10/11/2025 Exploit Author: nltt0 https://github.com/nltt-br Vendor Homepage: https://flowiseai.com/ Software Link: https://github.com/FlowiseAI/Flowise Version: 3.0.5 CVE: CVE-2025-58434 from requests import post fr...

Linux Distros Unpatched Vulnerability : CVE-2026-43477

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/i915/vrr: Configure VRR timings after enabling TRANSDDIFUNCCTL Apparently ICL may hang with an MCE if we write TRANSVRRVMAX/FLIPLINE before enabling...

EUVD-2026-29604

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

EUVD-2026-29511

The Adversarial Robustness Toolbox ART thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe eval function to dynamically evaluate user-supplied strings for the LossFn and Optimizer parameters...

CVE-2026-41088

Access of resource using incompatible type 'type confusion' in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

CVE-2026-35416

Access of resource using incompatible type 'type confusion' in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

CVE-2026-34345

Access of resource using incompatible type 'type confusion' in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

CVE-2026-34344

Access of resource using incompatible type 'type confusion' in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...