CVE-2025-6211

CVE-2025-6211 affects the DocugamiReader class in the run-llama/llama_index project (up to v0.12.28). It uses MD5 to generate IDs for document chunks, which can collide when chunks have identical text but different structure, causing one chunk to overwrite another and potentially losing semantica...

Huawei HarmonyOS and EMUI Trusted Relationship Inaccuracy Vulnerability (CNVD-2025-29310)

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scene distributed operating system based on a microkernel.Huawei EMUI is an emotional operating system developed by Huawei based on Android Android. Huawei HarmonyOS and EMUI suffer from a Trusted...

Huawei HarmonyOS and EMUI Trusted Relationship Inaccuracy Vulnerability (CNVD-2025-29309)

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scene distributed operating system based on a microkernel.Huawei EMUI is an emotional operating system developed by Huawei based on Android Android. Huawei HarmonyOS and EMUI suffer from a Trusted...

Huawei HarmonyOS and EMUI Trusted Relationship Inaccuracy Vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scene distributed operating system based on a microkernel.Huawei EMUI is an emotional operating system developed by Huawei based on Android Android. Huawei HarmonyOS and EMUI suffer from a Trusted...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scene distributed operating system based on a microkernel.Huawei EMUI is an emotional operating system developed by Huawei based on Android Android. Huawei HarmonyOS and EMUI suffer from a Trusted...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scene distributed operating system based on a microkernel.Huawei EMUI is an emotional operating system developed by Huawei based on Android Android. Huawei HarmonyOS and EMUI suffer from a Trusted...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scene distributed operating system based on a microkernel.Huawei EMUI is an emotional operating system developed by Huawei based on Android Android. Huawei HarmonyOS and EMUI suffer from a Trusted...

Global and Position liquidity accrual can significantly impact the performance

Lines of code Vulnerability details Impact Global and Position liquidity accrual can significantly impact the performance Proof of Concept The calculation of currWeek and nextWeek as shown in the provided code snippet aims to determine two time points within a week, primarily for the purpose of...

The code uses arithmetic operations without explicitly checking for possible overflows or underflows

Lines of code Vulnerability details Impact The impact of the Integer Overflow/Underflow vulnerability can be summarized as follows: Data Inaccuracy: The vulnerability can lead to incorrect calculations and inaccurate data, potentially compromising the integrity of voting processes and other...

Insufficient Chainlink price feed validation

Lines of code Vulnerability details JBChainlinkV3PriceFeedcurrentPrice reads the price value from the underlying Chainlink price feed, but ignores the other values returned by latestRoundData, which include the round timestamps and round ID in which the returned price was computed. These values...

unstreamed not updated in withdraw()

Handle gpersoon Vulnerability details Impact The function stake increases unstreamed, however the function withdraw, that does the inverse of stake doesn't decrease unstreamed. The function withdraw does update all the other relevant variables so this seems to be an omission. Thus the value of...

Fee double counting for underwater positions

Handle hyh Vulnerability details Impact Actual available fees are less than recorded. That's because a part of them corresponds to underwater positions, and will not have the correct amount stored with the contract: when calculation happens the fee is recorded first, then there is a check for...

PT-2020-17336 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.16.1 Description: The issue arises when Envoy logs an incorrect downstream address, considering only the directly connected peer and not the information in the proxy protocol header. This specifically affects...

FreeBSD : xen-tools -- populate-on-demand balloon size inaccuracy can crash guests (c0e76d33-8821-11e5-ab94-002590263bf5)

The Xen Project reports : Guests configured with PoD might be unstable, especially under load. In an affected guest, an unprivileged guest user might be able to cause a guest crash, perhaps simply by applying load so as to cause heavy memory pressure within the guest. %NASLMINLEVEL 70300 C Tenabl...

CVE-2006-2052

Cross-site scripting XSS vulnerability in Verosky Media Instant Photo Gallery allows remote attackers to inject arbitrary web script or HTML via the member parameter in a viewpro action in member.php. NOTE: the original report may be inaccurate, since the "viewpro" string does not appear in the...