3981 matches found
CVE-2025-12983
Removed by vendor...
PT-2025-47049
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 16.9 through 18.3.6 GitLab CE/EE versions 18.4 through 18.4.4 GitLab CE/EE versions 18.5 through 18.5.2 Description An authenticated attacker could cause a denial of service condition by submitting specially crafted...
OESA-2025-2673 expat security update
expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML...
OESA-2025-2672 expat security update
expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML...
Devolutions Server <= 2025.2.15.0 / 2025.3.2.0 <= 2025.3.5.0 Multiple Vulnerabilities (DEVO-2025-0016)
The version of Devolutions Server installed on the remote host is prior to 2025.2.17.0, or 2025.3.x prior to 2025.3.6.0, and is, therefore, affected by multiple vulnerabilities: - Improper privilege management during pre-MFA cookie handling in Devolutions Server allows a low-privileged...
Siemens SIMATIC S7-1500 Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2020-35527)
In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; ...
Linux Distros Unpatched Vulnerability : CVE-2025-40181
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - x86/kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP When running as an SNP or TDX guest under KVM, force the legacy PCI hole, i.e. memory...
CVE-2025-40181
In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP When running as an SNP or TDX guest under KVM, force the legacy PCI hole, i.e. memory between Top of Lower Usable DRAM and 4GiB, to be mapped as UC via a forc...
CVE-2025-40181 x86/kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP
In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP When running as an SNP or TDX guest under KVM, force the legacy PCI hole, i.e. memory between Top of Lower Usable DRAM and 4GiB, to be mapped as UC via a forc...
CVE-2025-40181
In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP When running as an SNP or TDX guest under KVM, force the legacy PCI hole, i.e. memory between Top of Lower Usable DRAM and 4GiB, to be mapped as UC via a forc...
CVE-2025-40181 x86/kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP
In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP When running as an SNP or TDX guest under KVM, force the legacy PCI hole, i.e. memory between Top of Lower Usable DRAM and 4GiB, to be mapped as UC via a forc...
Splunk Enterprise 9.2.0 < 9.2.9, 9.3.0 < 9.3.7, 9.4.0 < 9.4.5, 10.0.0 < 10.0.1 (SVD-2025-1103)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2025-1103 advisory. - jackson-core contains core low-level incremental streaming parser and generator abstractions used by Jackson Data Processor. ...
Stale Translation Lookaside Buffer (TLB) Entry Vulnerability
Summary An internally reported microcode bug in some EPYC™ AMD CPUs could allow a local admin-privileged attacker to run SEV-SNP Secure Encrypted Virtualization - Secure Nested Paging guests using stale TLB entries. This bug could allow SNP active vCPUs to reuse TLB entries from other virtual...
protobuf: StackOverflow vulnerability in Protocol Buffers
A flaw was found in Protocol Buffers protobuf. This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion...
protobuf: StackOverflow vulnerability in Protocol Buffers
A flaw was found in Protocol Buffers protobuf. This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion...
Prototype Pollution
messageformat is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of nested message keys containing special characters such as proto, which allows an attacker to inject arbitrary properties into the global object prototype, potentially leading to denial of service ...
CVE-2025-12808
Improper access control in Devolutions allows a View-only user to retrieve sensitive third-level nested fields, such as password lists custom values, resulting in password disclosure. This issue affects the following versions : Devolutions Server 2025.3.2.0 through 2025.3.5.0 Devolutions Server...
CVE-2025-12808
Improper access control in Devolutions allows a View-only user to retrieve sensitive third-level nested fields, such as password lists custom values, resulting in password disclosure. This issue affects the following versions : Devolutions Server 2025.3.2.0 through 2025.3.5.0 Devolutions Server...
CVE-2025-12808
CVE-2025-12808 affects Devolutions Server. The vulnerability is due to improper access control that allows a View-only user to retrieve sensitive third-level nested fields (e.g., password lists custom values), potentially leading to password disclosure. Affected versions include Devolutions Serve...
Prototype Pollution
@messageformat/runtime is vulnerable to Prototype Pollution. The vulnerability is due to insufficient validation of nested message keys during message data processing, which allows an attacker to inject arbitrary properties into the Object prototype and cause denial of service or unexpected...