3936 matches found
CVE-2025-29939
CVE-2025-29939 concerns AMD SEV with SNP, where improper access control during SNP initialization could let a privileged attacker write to the reverse map page (RMP), risking loss of guest memory confidentiality and integrity. Affected: AMD Secure Encrypted Virtualization (SEV) in AMD EPYC platfo...
CVE-2025-29939
Improper access control in secure encrypted virtualization SEV could allow a privileged attacker to write to the reverse map page RMP during secure nested paging SNP initialization, potentially resulting in a loss of guest memory confidentiality and integrity...
CVE-2025-29939
Improper access control in secure encrypted virtualization SEV could allow a privileged attacker to write to the reverse map page RMP during secure nested paging SNP initialization, potentially resulting in a loss of guest memory confidentiality and integrity...
CVE-2025-29948
CVE-2025-29948 affects AMD Secure Encrypted Virtualization (SEV) firmware. The issue is improper access control that could allow a malicious hypervisor to bypass RMP protections, potentially compromising SEV-SNP guest memory integrity. Affected software is SEV firmware; the root cause is access-c...
CVE-2026-1849
MongoDB Server is affected by an out-of-memory failure triggered while evaluating expressions that produce deeply nested documents. The root cause is that recursive functions do not periodically check expression depth, allowing unbounded nesting to exhaust memory. Impact is Availability (high) wi...
CVE-2026-1849
MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested documents. The issue arises in recursive functions because the server does not periodically check the depth of the expression...
CVE-2026-1849 Mongod can run out of stack memory when expressions create deeply nested documents
MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested documents. The issue arises in recursive functions because the server does not periodically check the depth of the expression...
CVE-2026-1849 Mongod can run out of stack memory when expressions create deeply nested documents
MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested documents. The issue arises in recursive functions because the server does not periodically check the depth of the expression...
Mongod can run out of stack memory when expressions create deeply nested documents
MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested documents. The issue arises in recursive functions because the server does not periodically check the depth of the expression...
cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service
A flaw was found in cpython. This vulnerability allows impacted availability via a quadratic algorithm in xml.dom.minidom methods, such as appendChild, when building excessively nested documents due to a dependency on clearidcache...
cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service
A flaw was found in cpython. This vulnerability allows impacted availability via a quadratic algorithm in xml.dom.minidom methods, such as appendChild, when building excessively nested documents due to a dependency on clearidcache...
cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service
A flaw was found in cpython. This vulnerability allows impacted availability via a quadratic algorithm in xml.dom.minidom methods, such as appendChild, when building excessively nested documents due to a dependency on clearidcache...
FUXA Affected by a Path Traversal Sanitization Bypass
Summary A flaw in the path sanitization logic allows an authenticated attacker with administrative privileges to bypass directory traversal protections. By using nested traversal sequences e.g., ....//, an attacker can write arbitrary files to the server filesystem, including sensitive directorie...
AMD EPYC Processor 安全漏洞
The AMD EPYC Processor is a series of multi-core processors developed by American semiconductor company AMD. There is a security vulnerability in the AMD EPYC Processor, which stems from improper access control. This vulnerability may lead to a loss of integrity in SEV-SNP guest memory...
PT-2026-7446
Improper access control in secure encrypted virtualization SEV could allow a privileged attacker to write to the reverse map page RMP during secure nested paging SNP initialization, potentially resulting in a loss of guest memory confidentiality and integrity...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: osbuild-composer (UTSA-2026-005319)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005319 advisory. Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Tenable...
PT-2026-7433
Name of the Vulnerable Software and Affected Versions MongoDB Server affected versions not specified Description The MongoDB Server may encounter an out-of-memory failure when processing expressions that result in deeply nested documents. This occurs due to a lack of periodic depth checks within...
AMD EPYC 9005 Series 安全漏洞
The AMD EPYC 9005 Series is a series of processors developed by Advanced Microelectronics Devices, Inc. AMD. There are security vulnerabilities in the AMD EPYC 9005 Series. These vulnerabilities stem from improper handling of error conditions during host failures, which may allow privileged local...
AMD EPYC™ and AMD EPYC™ Embedded Series Processor Vulnerabilities – February 2026
CVE Details Refer to Glossary for explanation of terms CVE| CVE Description| CVSS Score| CVSS Vector ---|---|---|--- CVE-2025-52533| Improper access control in an on-chip debug interface could allow a privileged attacker to enable a debug interface and potentially compromise data confidentiality ...
CVE-2026-25951 FUXA has a Path Traversal Sanitization Bypass
FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. Prior to 1.2.11, there is a flaw in the path sanitization logic allows an authenticated attacker with administrative privileges to bypass directory traversal protections. By using nested traversal sequences e.g., ....//, an...