UBUNTU-CVE-2025-14308

An integer overflow vulnerability exists in the write method of the Buffer class in Robocode version 1.9.3.6. The method fails to properly validate the length of data being written, allowing attackers to cause an overflow, potentially leading to buffer overflows and arbitrary code execution. This...

CVE-2025-14284

The CVE-2025-14284 entry applies to the @tiptap/extension-link package, specifically versions before 2.10.4. The issue is Cross-site Scripting (XSS) caused by unsanitized user input when setting or toggling links, allowing an attacker to inject a javascript: URL payload that can execute arbitrary...

CVE-2025-65300

A stored Cross-Site Scripting XSS vulnerability exists in the Coohom SaaS Platform feVersion=1760060603897 2025-10-28 in the Account Settings module, where unsanitized user input in Address fields City, State, Country/Region is rendered back to the page. Attackers can inject arbitrary JavaScript...

Exploit for Prototype Pollution in Typeorm

CVE-2020-8158: TypeORM Prototype Pollution Vulnerability O...

CVE-2025-40228

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: catch commit test ctx alloc failure Patch series "mm/damon/sysfs: fix commit test damonctx deallocation". DAMON sysfs interface dynamically allocates and uses a damonctx object for testing if given inputs for onli...

OESA-2025-2780 golang security update

. Security Fixes: Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.CVE-2025-58187 The processing time for parsing some...

SUSE CVE-2025-40228

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: catch commit test ctx alloc failure Patch series "mm/damon/sysfs: fix commit test damonctx deallocation". DAMON sysfs interface dynamically allocates and uses a damonctx object for testing if given inputs for onli...

UBUNTU-CVE-2025-40228

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: catch commit test ctx alloc failure Patch series "mm/damon/sysfs: fix commit test damonctx deallocation". DAMON sysfs interface dynamically allocates and uses a damonctx object for testing if given inputs for onli...

CVE-2025-40228 mm/damon/sysfs: catch commit test ctx alloc failure

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: catch commit test ctx alloc failure Patch series "mm/damon/sysfs: fix commit test damonctx deallocation". DAMON sysfs interface dynamically allocates and uses a damonctx object for testing if given inputs for onli...

CVE-2025-40228

CVE-2025-40228 targets Linux kernel code in mm/damon/sysfs where a damon_ctx used for testing online DAMON parameter updates was allocated without checking for allocation failure, causing potential invalid memory access and leakage on test success. The fix is in the patch series “mm/damon/sysfs: ...

CVE-2025-9624

A vulnerability in OpenSearch allows attackers to cause Denial of Service DoS by submitting complex querystring inputs. This issue affects all OpenSearch versions between 3.0.0 and 3.3.0 and OpenSearch 2.19.4...

EUVD-2025-200107

Grav is vulnerable to a DOS on the admin panel...

CVE-2025-63533

A cross-site scripting XSS vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and rprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript...

CVE-2025-66224

OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the application contains an input-neutralization flaw in its mail configuration and delivery workflow that allows user-controlled values to flow directly into the system’s sendmail command. Because these...

PT-2025-48462

A cross-site scripting XSS vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and rprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript...

CVE-2025-63527

A cross-site scripting XSS vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and hprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript...

Reverse Engineering and Control-Aware Security Analysis of the ArduPilot UAV Framework

Unmanned Aerial Vehicle UAV technologies are gaining high interest for many domains, which makes UAV security of utmost importance. ArduPilot is among the most widely used open-source autopilot UAV frameworks; yet, many studies demonstrate the vulnerabilities affecting such systems. Vulnerabiliti...

Exploit for Incomplete List of Disallowed Inputs in Mmaitre314 Picklescan

PO...

OESA-2025-2750 golang security update

. Security Fixes: Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.CVE-2025-58187 The processing time for parsing some...

OESA-2025-2749 golang security update

. Security Fixes: Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.CVE-2025-58187 The processing time for parsing some...