UBUNTU-CVE-2026-40386

In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs...

USN-8157-1: Squid vulnerabilities

It was discovered that Squid incorrectly handled certain ICP traffic. In environments where ICP support is enabled, a remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or obtain small amounts of sensitive information...

PT-2026-32181

Name of the Vulnerable Software and Affected Versions libexif versions through 0.6.25 Description An integer underflow in size checking during the decoding of Fuji and Olympus MakerNote data within libexif could allow attackers to cause a crash or leak information from programs that use libexif...

Dell Avamar 路径遍历漏洞

Dell Avamar is a specially designed backup application developed by the American company Dell. It provides a convenient, packaged, affordable, and data-duplication-removal-based backup solution. Prior to version 19.12 of Dell Avamar, there was a path traversal vulnerability. This vulnerability...

EUVD-2023-54258

Malicious code in bioql PyPI...

podman: Build Context Bind Mount

A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build context directory on the host, leaving the created files...

CVE-2025-24496

CVE-2025-24496 affects Tenda AC6 V5.0 V02.03.01.110. The information-disclosure flaw resides in /goform/getproductInfo; Talos notes an authentication bypass when requesting this URL, allowing a non-authenticated retrieval of module data via the generic getter, potentially exposing configuration d...

Linux Distros Unpatched Vulnerability : CVE-2024-5535

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be se...

CVE-2025-39202

A vulnerability exists in in the Monitor Pro interface of the MicroSCADA X SYS600 product. An authenticated user with low privileges can see and overwrite files causing information leak and data corruption...

CVE-2024-40775

A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. An app may be able to leak sensitive user information...

CVE-2025-4085

An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability affects Firefox 138 and Thunderbird 138...

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2025-1007)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : RDMA/cma: Fix rdmaresolveroute memory leakCVE-2021-47345 HID: usbhid: free rawreport buffers in usbhidstopCVE-2021-47405 net: fix information...

Vulnerabilities fixed in IBM InfoSphere

IBM has fixed vulnerabilities in InfoSphere Information Server. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to obtain sensitive information. IBM has released updates to fix the vulnerabilities. See attached references for more information...

CVE-2024-25606

XXE vulnerability in Liferay Portal 7.2.0 through 7.4.3.7, and older unsupported versions, and Liferay DXP 7.4 before update 4, 7.3 before update 12, 7.2 before fix pack 20, and older unsupported versions allows attackers with permission to deploy widgets/portlets/extensions to obtain sensitive...

PT-2023-9823 · Igor Pavlov +6 · 7-Zip +6

Name of the Vulnerable Software and Affected Versions: 7-Zip versions prior to 24.01 Description: The issue is related to an out-of-bounds read in the NTFS handler of 7-Zip. This allows an attacker to read beyond the intended buffer, with the bytes read presented as part of a filename in the file...

SUSE CVE-2017-5925

Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR...

ImageMagick: heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled

A heap-based buffer over-read was discovered in ImageMagick in the way it selects an individual threshold for each pixel based on the range of intensity values in its local neighborhood due to a width of zero mishandle error. Applications compiled against ImageMagick libraries that accept...

Nginx Remote Integer Overflow Vulnerability

Nginx is a very widely used high-performance web server. An integer overflow vulnerability exists in the Nginx Range Filter module, which allows remote attackers to exploit the vulnerability to submit a special request, obtain sensitive information or crash the application...

flash-plugin: multiple code execution issues fixed in APSB16-29

Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-4271 and...