9133 matches found
EUVD-2025-200308
Inappropriate implementation in Google Updater in Google Chrome on Mac prior to 143.0.7499.41 allowed a remote attacker to perform privilege escalation via a crafted file. Chromium security severity: High...
CVE-2025-13634
Inappropriate implementation in Downloads in Google Chrome on Windows prior to 143.0.7499.41 allowed a local attacker to bypass mark of the web via a crafted HTML page. Chromium security severity: Medium...
CVE-2025-13632
Inappropriate implementation in DevTools in Google Chrome prior to 143.0.7499.41 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Chromium security severity: High...
CVE-2025-13631
Inappropriate implementation in Google Updater in Google Chrome on Mac prior to 143.0.7499.41 allowed a remote attacker to perform privilege escalation via a crafted file. Chromium security severity: High...
EUVD-2025-200251
A weakness has been identified in Yohann0617 oci-helper up to 3.2.4. This issue affects the function addCfg of the file src/main/java/com/yohann/ocihelper/service/impl/OciServiceImpl.java of the component OCI Configuration Upload. Executing manipulation of the argument File can lead to path...
CVE-2025-13875 Yohann0617 oci-helper OCI Configuration Upload OciServiceImpl.java addCfg path traversal
A weakness has been identified in Yohann0617 oci-helper up to 3.2.4. This issue affects the function addCfg of the file src/main/java/com/yohann/ocihelper/service/impl/OciServiceImpl.java of the component OCI Configuration Upload. Executing manipulation of the argument File can lead to path...
CVE-2025-13875 Yohann0617 oci-helper OCI Configuration Upload OciServiceImpl.java addCfg path traversal
A weakness has been identified in Yohann0617 oci-helper up to 3.2.4. This issue affects the function addCfg of the file src/main/java/com/yohann/ocihelper/service/impl/OciServiceImpl.java of the component OCI Configuration Upload. Executing manipulation of the argument File can lead to path...
CVE-2025-13875
CVE-2025-13875 affects Yohann0617 oci-helper
CVE-2025-11778 Stack-based buffer overflow vulnreability in Circutor SGE-PLC1000/SGE-PLC50
Stack-based buffer overflow in Circutor SGE-PLC1000/SGE-PLC50 v0.9.2. This vulnerability allows an attacker to remotely exploit memory corruption through the 'readpacket' function of the TACACSPLUS implementation...
[SECURITY] Fedora 43 Update: unbound-1.24.2-1.fc43
Unbound is a validating, recursive, and caching DNSSEC resolver. The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is designed as a set of modula...
[SECURITY] Fedora 43 Update: sudo-rs-0.2.10-1.fc43
A memory safe implementation of sudo and su...
GHSA-XV5P-FJW5-VRJ6 Fugue is Vulnerable to Remote Code Execution by Pickle Deserialization via FlaskRPCServer
Summary The Fugue framework implements an RPC server system for distributed computing operations. In the core functionality of the RPC server implementation, I found that the decode function in fugue/rpc/flask.py directly uses cloudpickle.loads to deserialize data without any sanitization. This...
GO-2025-4159 Babylon's BIP322 signature implementation is not fully compliant to the spec in github.com/babylonlabs-io/babylon
Babylon's BIP322 signature implementation is not fully compliant to the spec in github.com/babylonlabs-io/babylon...
Categorical Framework for Quantum-Resistant Zero-Trust AI Security
The rapid deployment of AI models necessitates robust, quantum-resistant security, particularly against adversarial threats. Here, we present a novel integration of post-quantum cryptography PQC and zero trust architecture ZTA, formally grounded in category theory, to secure AI model access. Our...
CVE-2025-12888
Vulnerability in X25519 constant-time cryptographic implementations due to timing side channels introduced by compiler optimizations and CPU architecture limitations, specifically with the Xtensa-based ESP32 chips. If targeting Xtensa it is recommended to use the low memory implementations of...
Linux Distros Unpatched Vulnerability : CVE-2025-12888
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in X25519 constant-time cryptographic implementations due to timing side channels introduced by compiler optimizations and CPU architecture...
CVE-2025-12888
Vulnerability in X25519 constant-time cryptographic implementations due to timing side channels introduced by compiler optimizations and CPU architecture limitations, specifically with the Xtensa-based ESP32 chips. If targeting Xtensa it is recommended to use the low memory implementations of...
DEBIAN-CVE-2025-12888
Vulnerability in X25519 constant-time cryptographic implementations due to timing side channels introduced by compiler optimizations and CPU architecture limitations, specifically with the Xtensa-based ESP32 chips. If targeting Xtensa it is recommended to use the low memory implementations of...
UBUNTU-CVE-2025-12888
Vulnerability in X25519 constant-time cryptographic implementations due to timing side channels introduced by compiler optimizations and CPU architecture limitations, specifically with the Xtensa-based ESP32 chips. If targeting Xtensa it is recommended to use the low memory implementations of...
EUVD-2025-198523
Vulnerability in X25519 constant-time cryptographic implementations due to timing side channels introduced by compiler optimizations and CPU architecture limitations, specifically with the Xtensa-based ESP32 chips. If targeting Xtensa it is recommended to use the low memory implementations of...