GHSA-95FX-JJR5-F39C jsPDF Vulnerable to Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder

Impact User control of the first argument of the addImage method results in Denial of Service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful BMP file that results in out of memory errors and denial of service. Harmful BMP file...

jsPDF Vulnerable to Stored XMP Metadata Injection (Spoofing & Integrity Violation)

Impact User control of the first argument of the addMetadata function allows users to inject arbitrary XML. If given the possibility to pass unsanitized input to the addMetadata method, a user can inject arbitrary XMP metadata into the generated PDF. If the generated PDF is signed, stored or...

USN-7997-1: CRaC JDK 17 vulnerabilities

It was discovered that the RMI component of CRaC JDK 17 would establish RMI TCP endpoint connections to a remote host without setting an endpoint identification algorithm. An unauthenticated remote attacker could possibly use this issue to steal sensitive information. CVE-2026-21925 Mingijung...

USN-7996-1: CRaC JDK 25 vulnerabilities

It was discovered that the RMI component of CRaC JDK 25 would establish RMI TCP endpoint connections to a remote host without setting an endpoint identification algorithm. An unauthenticated remote attacker could possibly use this issue to steal sensitive information. CVE-2026-21925 Mingijung...

USN-7995-1: OpenJDK 25 vulnerabilities

It was discovered that the RMI component of OpenJDK 25 would establish RMI TCP endpoint connections to a remote host without setting an endpoint identification algorithm. An unauthenticated remote attacker could possibly use this issue to steal sensitive information. CVE-2026-21925 Mingijung...

CVE-2025-47366

Technical details for CVE-2025-47366 are not publicly available in the provided documents. Monitor for updates from vendors and security advisories.

CVE-2025-47366 Exposed Dangerous Method or Function in HLOS

Cryptographic issue when a Trusted Zone with outdated code is triggered by a HLOS providing incorrect input...

CVE-2025-47366 Exposed Dangerous Method or Function in HLOS

Cryptographic issue when a Trusted Zone with outdated code is triggered by a HLOS providing incorrect input...

jsPDF 竞争条件问题漏洞

jsPDF is a JavaScript-based PDF document generation library developed by Parallax. Versions of jsPDF prior to 4.1.0 contained a race condition vulnerability. This vulnerability stemmed from the use of shared module scope variables in the addJS method, which could lead to cross-user data leaks...

PT-2026-5721

Name of the Vulnerable Software and Affected Versions jsPDF versions prior to 4.1.0 Description A flaw exists in jsPDF, a JavaScript library for generating PDFs, where user control over properties and methods within the Acroform module can lead to the injection of arbitrary PDF objects, including...

PT-2026-5719

Name of the Vulnerable Software and Affected Versions jsPDF versions prior to 4.1.0 Description jsPDF is a JavaScript library used to generate PDFs. A flaw exists where user-controlled input to the addImage method can lead to a denial of service. Specifically, providing a malicious BMP image with...

SUSE-SU-2026:20215-1 Security update for java-25-openjdk

This update for java-25-openjdk fixes the following issues: Update to upstream tag jdk-25.0.2+10 January 2026 CPU Security fixes: - CVE-2026-21925: Fixed Oracle Java SE component RMI bsc1257034. - CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX bsc1257036. - CVE-2026-21933: Fixed...

CVE-2024-4027

A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames can cause an OutOfMemoryError when the client sends a request with large parameter names. This issue can be exploited by an unauthorized user to cause a remote denial-of-service DoS attack...

Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: Upgrade to upstream tag jdk-11.0.30+7 January 2026 CPU Security fixes: CVE-2026-21925: Fixed Oracle Java SE component RMI bsc1257034. CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX bsc1257036. CVE-2026-21933: Fixed Oracle...

SUSE-SU-2026:0338-1 Security update for abseil-cpp

This update for abseil-cpp fixes the following issues: - CVE-2025-0838: Fixed heap buffer overflow in sized constructors, reserve, and rehash methods of absl:flat,nodehashset,map bsc1237543...

CVE-2026-24889

CVE-2026-24889 — soroban-sdk overflow in slice/gen_range (u64) Affected components: the soroban-sdk Rust SDK (core functions Bytes::slice, Vec::slice, Prng::gen_range for u64). Root cause: arithmetic overflow when handling range bounds, particularly under overflow-checks = false (default for rele...

SUSE-SU-2026:20190-1 Security update for java-21-openjdk

This update for java-21-openjdk fixes the following issues: Update to upstream tag jdk-21.0.10+7 January 2026 CPU Security fixes: - CVE-2026-21925: Fixed Oracle Java SE component RMI bsc1257034. - CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX bsc1257036. - CVE-2026-21933: Fixed...

Why RAMS Software Is Becoming Essential for Construction Safety and Compliance

Digital RAMS software helps construction teams manage risk assessments, method statements, and safety compliance across sites with real-time access...

Delta Electronics DIAView Exposed Dangerous Method Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAView. User interaction is required to exploit this vulnerability in that the target must open and run a malicious project. The specific flaw exists within the DIAView script...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the FindContainer function. An attacker can gain unauthorized interactive shell access to containers outside their permitted label scope by directly targeting container IDs through th...