CVE-2025-7388 Authenticated Command Injection via configuration parameter manipulation in exposed RMI interface

It was possible to perform Remote Command Execution RCE via Java RMI interface in the OpenEdge AdminServer, allowing authenticated users to inject and execute OS commands under the delegated authority of the AdminServer process. An RMI interface permitted manipulation of a configuration property...

Improper Neutralization

Active Record is vulnerable to Improper Neutralization. The vulnerability is due to unescaped ANSI sequences being logged when IDs are passed to find or similar methods...

CVE-2025-57611

An issue was discovered in rust-ffmpeg 0.3.0 after comit 5ac0527 Null pointer dereference vulnerability in the dump method allows an attacker to cause a denial of service. The vulnerability exists because the method fails to check the return value of avfiltergraphdump for NULL, leading to a crash...

PT-2025-36018

Name of the Vulnerable Software and Affected Versions: ConnectivityService affected versions not specified Description: A missing permission check in the offerNetwork function of ConnectivityService.java may lead to local information disclosure. Exploitation does not require user interaction or...

PT-2025-36021

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: A flaw exists in IInputMethodSessionWrapper.java within the Android operating system. An untrusted application may inject key and motion events into the default Input Method Editor IME due ...

PT-2025-35938

Name of the Vulnerable Software and Affected Versions OpenEdge AdminServer affected versions not specified Description The OpenEdge AdminServer is susceptible to Remote Command Execution RCE via its Java RMI interface. Authenticated users can inject and execute OS commands under the delegated...

Progress Software OpenEdge 命令注入漏洞

Progress Software OpenEdge is a suite of integrated development environments IDEs from Progress Software, USA. A command injection vulnerability exists in Progress Software OpenEdge that stems from insufficient input validation of the Java RMI interface, which could lead to a remote command...

PT-2025-36011

Name of the Vulnerable Software and Affected Versions: AppOpsService.java affected versions not specified Description: The collectOps function in AppOpsService.java is susceptible to a denial-of-service condition due to inadequate input validation. This can result in a local denial of service...

md: Don't ignore read-only array in md_check_recovery()

...

Linux Distros Unpatched Vulnerability : CVE-2016-4861

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The 1 order and 2 group methods in ZendDbSelect in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging...

Linux Distros Unpatched Vulnerability : CVE-2025-22242

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Worker process denial of service through file read operation. .A vulnerability exists in the Master's pubret method which is exposed to all minions. The...

CVE-2025-57833

An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed QuerySet.annotate or QuerySet.alias...

CVE-2025-22427

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to grant notification access above the lock screen due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...

CVE-2025-57611

An issue was discovered in rust-ffmpeg 0.3.0 after comit 5ac0527 Null pointer dereference vulnerability in the dump method allows an attacker to cause a denial of service. The vulnerability exists because the method fails to check the return value of avfiltergraphdump for NULL, leading to a crash...

CVE-2025-57611

An issue was discovered in rust-ffmpeg 0.3.0 after comit 5ac0527 Null pointer dereference vulnerability in the dump method allows an attacker to cause a denial of service. The vulnerability exists because the method fails to check the return value of avfiltergraphdump for NULL, leading to a crash...

CVE-2025-57611

An issue was discovered in rust-ffmpeg 0.3.0 after comit 5ac0527 Null pointer dereference vulnerability in the dump method allows an attacker to cause a denial of service. The vulnerability exists because the method fails to check the return value of avfiltergraphdump for NULL, leading to a crash...

CVE-2025-57614

The CVE-2025-57614 entry concerns rust-ffmpeg 0.3.0 (post-commit 5ac0527). The flaw is an integer overflow/invalid input in the cached method triggered when dimension parameters are zero or exceed i32::MAX, causing an unchecked cast that violates the underlying C function preconditions and leads ...

CVE-2025-57612

An issue was discovered in rust-ffmpeg 0.3.0 after comit 5ac0527 Null pointer dereference vulnerability in the name method allows an attacker to cause a denial of service. The vulnerability exists because the method fails to check for a NULL return value from the avgetsamplefmtname C function,...

CVE-2025-57612

The CVE-2025-57612 issue affects rust-ffmpeg 0.3.0 (after commit 5ac0527) where name() can dereference NULL when av_get_sample_fmt_name() returns NULL for an unrecognized sample format, leading to denial of service. Documented impact is a high-severity, network-exploitable vulnerability with avai...

PT-2025-35578

Name of the Vulnerable Software and Affected Versions: rust-ffmpeg versions 0.3.0 and later Description: An integer overflow and invalid input issue exists in the cached method, potentially leading to a denial of service or arbitrary code execution. The issue occurs when dimension parameters are...