CVE-2025-38386

In the Linux kernel, the following vulnerability has been resolved: ACPICA: Refuse to evaluate a method if arguments are missing As reported in 1, a platform firmware update that increased the number of method parameters and forgot to update a least one of its callers, caused ACPICA to crash due ...

CVE-2025-38386

The CVE-2025-38386 entry relates to ACPICA in the Linux kernel. Root cause: AML/ACPICA could crash via use-after-free when a platform firmware update increased method parameter counts and callers weren’t updated. Fix: ACPICA now refuses to evaluate a method if the caller passes fewer arguments th...

CVE-2025-38386 ACPICA: Refuse to evaluate a method if arguments are missing

In the Linux kernel, the following vulnerability has been resolved: ACPICA: Refuse to evaluate a method if arguments are missing As reported in 1, a platform firmware update that increased the number of method parameters and forgot to update a least one of its callers, caused ACPICA to crash due ...

Security Bulletin: Spring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations. This may cause an authorization bypass, which affects IBM watsonx.data

Summary Spring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations on parameterized types or methods. This may cause an authorization bypass. You are not affected if you are not using @EnableMethodSecurity, or you do not have method security annotations on parameterized...

SAMSUNG Security Manager 安全漏洞

SAMSUNG Security Manager is a software from Samsung South Korea for managing Samsung security drives. A security vulnerability exists in SAMSUNG Security Manager version 1.32 and 1.4, which stems from an improperly restricted PUT method that could lead to remote code execution...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the fact that attempting to evaluate a method despite missing parameters may result in a crash...

PT-2025-30944 · Skops · Skops

Name of the Vulnerable Software and Affected Versions: skops versions 0.11.0 and below skops versions prior to 12.0.0 Description: skops is a Python library used for sharing and shipping scikit-learn based models. A vulnerability exists due to an inconsistency in the MethodNode component, allowin...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the getLast API when processing user-supplied table names. An attacker can execute arbitrary SQL statements on the underlying database by sending crafted API requests, potentially resulting in data theft, corruption,...

DREAM: Scalable Red Teaming for Text-To-Image Generative Systems Via Distribution Modeling

Despite the integration of safety alignment and external filters, text-to-image T2I generative models are still susceptible to producing harmful content, such as sexual or violent imagery. This raises serious concerns about unintended exposure and potential misuse. Red teaming, which aims to...

CVE-2025-7936

The CVE-2025-7936 entry affects the fuyang_lipengjun platform, specifically the ScheduleJobLogController.java in the queryPage function. The root cause is manipulation of the beanName/methodName argument, enabling SQL injection via a remote attack. Multiple trusted sources note that the exploit h...

Microsoft Input Method Editor Buffer Overflow Vulnerability

Microsoft Input Method Editor IME is a software component from Microsoft Corporation that enables users to enter text in languages that cannot be easily represented on a standard QWERTY keyboard. A security vulnerability exists in Microsoft Input Method Editor IME. An attacker could exploit the...

Microsoft Input Method Editor Resource Management Error Vulnerability

Microsoft Input Method Editor IME is a software component from Microsoft Corporation that enables users to enter text in languages that cannot be easily represented on a standard QWERTY keyboard. A security vulnerability exists in Microsoft Input Method Editor IME. An attacker could exploit the...

AirPlay Service Detection

TCP based detection of services supporting the AirPlay protocol. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for Deserialization of Untrusted Data in Microsoft

ToolShell Zero-Day: The Silent Killer Exploiting SharePoint C...

CVE-2025-7906

A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1 and classified as critical. This issue affects the function uploadFile of the file ruoyi-admin/src/main/java/com/ruoyi/web/controller/common/CommonController.java. The manipulation of the argument File leads to unrestricted upload. The...

RuoYi 代码注入漏洞

RuoYi is a backend management system for individual developers of RuoYi in China. RuoYi 4.8.1 and previous versions of code injection vulnerability exists, the vulnerability stems from the file com/ruoyi/web/controller/system/SysNoticeController.java function addSave incorrect operation leads to...

Enhancing Resilience against Jamming Attacks: a Cooperative Anti-Jamming Method Using Direction Estimation

The inherent vulnerability of wireless communication necessitates strategies to enhance its security, particularly in the face of jamming attacks. This paper uses the collaborations of multiple sensing nodes SNs in the wireless network to present a cooperative anti-jamming approach CAJ designed t...

PT-2025-30020 · Eset · Eset Security

Name of the Vulnerable Software and Affected Versions: ESET security software affected versions not specified Description: A time-of-check to time-of-use race condition could allow an attacker to use the installed ESET security software to clear the content of an arbitrary file on the file system...

CVE-2024-41921 Unsafe use of eval() method in rostopic echo tool

A code injection vulnerability has been discovered in the Robot Operating System ROS 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'echo' verb, which allows a user to introspect a ROS topic and accepts a user-provided Python...

CVE-2024-41921 Unsafe use of eval() method in rostopic echo tool

A code injection vulnerability has been discovered in the Robot Operating System ROS 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'echo' verb, which allows a user to introspect a ROS topic and accepts a user-provided Python...