CVE-2025-66379

Pexip Infinity prior to 39.0 is affected by an improper input validation flaw in the media implementation. A remote attacker can exploit a crafted media stream to trigger a software abort, resulting in a denial of service. Affected product/version: Pexip Infinity

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from a lack of a default implementation of akcipher when setting a private key...

CVE-2024-58335

OpenXRechnungToolbox through 2024-10-05-3.0.0 before 6c50e89 allows XXE because the disallow-doctype-decl feature is not enabled in visualization/VisualizerImpl.java...

PT-2025-52869

Name of the Vulnerable Software and Affected Versions OpenXRechnungToolbox versions through 2024-10-05-3.0.0 Description The software contains an XML External Entity XXE issue due to the missing disallow-doctype-decl feature in the visualization/VisualizerImpl.java component. Recommendations Upda...

CVE-2024-58335

OpenXRechnungToolbox: AXXE vulnerability exists in versions through 2024-10-05-3.0.0 up to commit 6c50e89, caused by the disallow-doctype-decl feature not being enabled in visualization/VisualizerImpl.java. The issue enables external entity processing and is supported by multiple sources; exploit...

CVE-2025-65562

The free5GC UPF suffers from a lack of bounds checking on the SEID when processing PFCP Session Deletion Requests. An unauthenticated remote attacker can send a request with a very large SEID e.g., 0xFFFFFFFFFFFFFFFF that causes an integer conversion/underflow in LocalNode.DeleteSess /...

Security by Design: Why Multi-Factor Authentication Matters More Than Ever

In an era marked by escalating cyber threats and evolving risk landscapes, organisations face mounting pressure to strengthen their security posture whilst maintaining seamless user experiences. At Thales, we recognise that robust security must be foundational - embedded into products and service...

Exploit for Deserialization of Untrusted Data in Facebook React

next88 - React Server Components RCE Scanner High-performance...

Linux Distros Unpatched Vulnerability : CVE-2025-14373

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Toolbar in Google Chrome on Android prior to 143.0.7499.110 allowed a remote attacker to perform domain spoofing via a crafted...

CVE-2025-64702

CVE-2025-64702 affects quic-go (Go QUIC implementation) and is documented across multiple feeds. The issue occurs in versions 0.56.0 and earlier where the HTTP/3 client and server decode QPACK HEADERS frames into http.Header without enforcing a decoded-header size limit, leading to memory exhaust...

EUVD-2025-202714

quic-go HTTP/3 QPACK Header Expansion DoS...

Google Chrome < 143.0.7499.109 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 143.0.7499.109. It is, therefore, affected by multiple vulnerabilities as referenced in the 202512stable-channel-update-for-desktop10 advisory. - Use after free in Password Manager in Google Chrome prior to 143.0.7499.110...

wasmi_c_api_impl (=0.50.0), wasmi_runtime_layer (=0.50.0) potentially affected by CVE-2025-66627 via wasmi (=0.50.0)

wasmi CARGO version =0.50.0 is affected by a known vulnerability. The following packages have a transitive dependency on wasmi and may be impacted: - wasmicapiimpl =0.50.0 - wasmiruntimelayer =0.50.0 Source cves: CVE-2025-66627 Source advisory: OSV:GHSA-G4V2-CJQP-RFMQ...

CVE-2025-48596

CVE-2025-48596 is an Android/local privilege-escalation flaw caused by an out-of-bounds read in Parcel.cpp:appendFrom due to a missing bounds check. The issue allows local escalation without extra privileges or user interaction. Public references and Red Hat/EUVD/NVD entries describe the same aff...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182: React Server Components RCE Scanner A compreh...

PrivLLMSwarm: Privacy-Preserving LLM-Driven UAV Swarms for Secure IoT Surveillance

Large Language Models LLMs are emerging as powerful enablers for autonomous reasoning and natural-language coordination in unmanned aerial vehicle UAV swarms operating within Internet of Things IoT environments. However, existing LLM-driven UAV systems process sensitive operational data in...

Google Chrome elevation of privilege vulnerability (CNVD-2025-30386)

Google Chrome is a web browser from Google, an American company. A security vulnerability exists in Google Chrome prior to version 143.0.7499.41, which stems from an improper implementation of Google Updater and could lead to an elevation of privilege attack. No details of the vulnerability are...

Chromium: CVE-2025-13634 Inappropriate implementation in Downloads

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

EUVD-2025-201249

Anthropic Sandbox Runtime Incorrectly Implemented Network Sandboxing...

Fedora 43 : cef (2025-604e02ca72)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-604e02ca72 advisory. Update to 142.0.7444.162 High CVE-2025-12725: Out of bounds write in WebGPU High CVE-2025-12726: Inappropriate implementation in Views High...