DEBIAN-CVE-2025-38420

In the Linux kernel, the following vulnerability has been resolved: wifi: carl9170: do not ping device which has failed to load firmware Syzkaller reports 1, 2 crashes caused by an attempts to ping the device which has failed to load firmware. Since such a device doesn't pass 'ieee80211registerhw...

The vulnerability of the File Extension Handler component in the Mozilla Firefox browser allows a hacker to load any file they desire.

The vulnerability of the File Extension Handler component in the Mozilla Firefox browser is related to the ability to download files of a malicious nature without limitation. Exploiting this vulnerability allows an attacker to download any file at will...

CVE-2015-10140

The Ajax Load More plugin before 2.8.1.2 does not have authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber, to upload and delete arbitrary files...

perl: Perl threads have a working directory race condition where file operations may target unintended paths

A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations...

CVE-2015-10140

The Ajax Load More plugin before 2.8.1.2 does not have authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber, to upload and delete arbitrary files...

CVE-2015-10140 Ajax Load More < 2.8.1.2 - Subscriber+ File Upload & Deletion

The Ajax Load More plugin before 2.8.1.2 does not have authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber, to upload and delete arbitrary files...

CVE-2015-10140 Ajax Load More < 2.8.1.2 - Subscriber+ File Upload & Deletion

The Ajax Load More plugin before 2.8.1.2 does not have authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber, to upload and delete arbitrary files...

CVE-2015-10140

The CVE concerns the WordPress Ajax Load More plugin before version 2.8.1.2, which contains an authorization flaw in certain AJAX actions. This permits any authenticated user (e.g., a subscriber) to upload and delete arbitrary files. Affected component: Ajax Load More WordPress plugin; root cause...

PT-2025-30415

Name of the Vulnerable Software and Affected Versions Ajax Load More versions prior to 2.8.1.2 Description The Ajax Load More plugin does not have authorization in some of its AJAX actions, allowing any authenticated user, such as a subscriber, to upload and delete arbitrary files. Recommendation...

CVE-2025-49840

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in inferencewebui.py. The GPTdropdown variable takes user input and passes it to the changegptweights function. In changegptweights, the user input,...

The vulnerability of the naludmx_configure_pid component in the gf_sei_load_from_state function of the internal() function in the filters/sei_load.c file, a multimedia platform for GPAC, allows a attacker to cause a service failure by terminating the application abnormally or executing arbitrary code.

The vulnerability of the naludmxconfigurepid component in the gfseiloadfromstate function of the filters/seiload.c file, within the GPAC multimedia platform, is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure by...

CVE-2025-49839 GHSL-2025-051: GPT-SoVITS Deserialization of Untrusted Data vulnerability

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in bsroformer.py. The modelchoose variable takes user input e.g. a path to a model and passes it to the uvr function. In uvr, a new instance of...

CVE-2025-38261

In the Linux kernel, the following vulnerability has been resolved: riscv: save the SRSUM status over switches When threads/tasks are switched we need to ensure the old execution's SRSUM state is saved and the new thread has the old SRSUM state restored. The issue was seen under heavy load...

CVE-2025-42954

SAP NetWeaver Business Warehouse CCAW application allows a privileged attacker to cause a high CPU load by executing a RFC enabled function modules without any input parameters, which results in reduced performance or interrupted operation of the affected resource. This leads to low impact on...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a null pointer dereference issue in fpgamgrtestimgloadsgt, which could lead to a system crash...

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to storing authentication tokens unencrypted in config.xml files on the controller. An attacker can obtain sensitive authentication tokens by gaining Item/Extended Read permission or accessing th...

CVE-2025-6714

MongoDB Server's mongos component can become unresponsive to new connections due to incorrect handling of incomplete data. This affects MongoDB when configured with load balancer support. This issue affects MongoDB Server v6.0 prior to 6.0.23, MongoDB Server v7.0 prior to 7.0.20 and MongoDB Serve...

UBUNTU-CVE-2025-38261

In the Linux kernel, the following vulnerability has been resolved: riscv: save the SRSUM status over switches When threads/tasks are switched we need to ensure the old execution's SRSUM state is saved and the new thread has the old SRSUM state restored. The issue was seen under heavy load...

FreeBSD : MongoDB -- Incorrect Handling of incomplete data may prevent mongoS from Accepting New Connections (79251dc8-5bc5-11f0-834f-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 79251dc8-5bc5-11f0-834f-b42e991fc52e advisory. [email protected] reports: MongoDB Server's mongos component can become unresponsive to new connections d...

AZL-65048 CVE-2025-7345 affecting package gdk-pixbuf2 for versions less than 2.40.0-8

A flaw exists in gdk‑pixbuf within the gdkpixbufjpegimageloadincrement function io-jpeg.c and in glib’s gbase64encodestep glib/gbase64.c. When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds reads from heap memory,...