CVE-2013-7310

The OSPF implementation on Yamaha routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement LSA packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service routing disruption or obtain sensitive...

CVE-2013-7306

The OSPF implementation on Brocade routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement LSA packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service routing disruption or obtain sensitiv...

CVE-2019-16754

RIOT 2019.07 contains a NULL pointer dereference in the MQTT-SN implementation asymcute, potentially allowing an attacker to crash a network node running RIOT. This requires spoofing an MQTT server response. To do so, the attacker needs to know the MQTT MsgID of a pending MQTT protocol message an...

CVE-2019-12731

The Windows versions of Snapview Mikogo, versions before 5.10.2 are affected by insecure implementations which allow local attackers to escalate privileges...

CVE-2019-12586

The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266NONOSSDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows attackers in radio range to cause a denial of service crash via a crafted message...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000210)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000210 advisory. A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS...

CVE-2025-68752 iavf: Implement settime64 with -EOPNOTSUPP

In the Linux kernel, the following vulnerability has been resolved: iavf: Implement settime64 with -EOPNOTSUPP ptpclocksettime assumes every ptpclock has implemented settime64. Stub it with -EOPNOTSUPP to prevent a NULL dereference. The fix is similar to commit 329d050bbe63 "gve: Implement...

CVE-2025-66379

Pexip Infinity before 39.0 has Improper Input Validation in the media implementation, allowing a remote attacker to trigger a software abort via a crafted media stream, resulting in a denial of service...

CVE-2025-66379

Pexip Infinity before 39.0 has Improper Input Validation in the media implementation, allowing a remote attacker to trigger a software abort via a crafted media stream, resulting in a denial of service...

CVE-2025-66379

Pexip Infinity prior to 39.0 is affected by an improper input validation flaw in the media implementation. A remote attacker can exploit a crafted media stream to trigger a software abort, resulting in a denial of service. Affected product/version: Pexip Infinity

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from a lack of a default implementation of akcipher when setting a private key...

PT-2025-52869

Name of the Vulnerable Software and Affected Versions OpenXRechnungToolbox versions through 2024-10-05-3.0.0 Description The software contains an XML External Entity XXE issue due to the missing disallow-doctype-decl feature in the visualization/VisualizerImpl.java component. Recommendations Upda...

CVE-2024-58335

OpenXRechnungToolbox: AXXE vulnerability exists in versions through 2024-10-05-3.0.0 up to commit 6c50e89, caused by the disallow-doctype-decl feature not being enabled in visualization/VisualizerImpl.java. The issue enables external entity processing and is supported by multiple sources; exploit...

CVE-2024-58335

OpenXRechnungToolbox through 2024-10-05-3.0.0 before 6c50e89 allows XXE because the disallow-doctype-decl feature is not enabled in visualization/VisualizerImpl.java...

CVE-2025-65562

The free5GC UPF suffers from a lack of bounds checking on the SEID when processing PFCP Session Deletion Requests. An unauthenticated remote attacker can send a request with a very large SEID e.g., 0xFFFFFFFFFFFFFFFF that causes an integer conversion/underflow in LocalNode.DeleteSess /...

Security by Design: Why Multi-Factor Authentication Matters More Than Ever

In an era marked by escalating cyber threats and evolving risk landscapes, organisations face mounting pressure to strengthen their security posture whilst maintaining seamless user experiences. At Thales, we recognise that robust security must be foundational - embedded into products and service...

Exploit for Deserialization of Untrusted Data in Facebook React

next88 - React Server Components RCE Scanner High-performance...

Linux Distros Unpatched Vulnerability : CVE-2025-14373

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Toolbar in Google Chrome on Android prior to 143.0.7499.110 allowed a remote attacker to perform domain spoofing via a crafted...

CVE-2025-64702

CVE-2025-64702 affects quic-go (Go QUIC implementation) and is documented across multiple feeds. The issue occurs in versions 0.56.0 and earlier where the HTTP/3 client and server decode QPACK HEADERS frames into http.Header without enforcing a decoded-header size limit, leading to memory exhaust...

EUVD-2025-202714

quic-go HTTP/3 QPACK Header Expansion DoS...