CVE-2025-11215

Off by one error in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...

EUVD-2025-60938

The Squirrels Auto Inventory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

CVE-2025-12538

CVE-2025-12538 relates to the WordPress plugin Fleet Manager. The vulnerability is a Stored Cross‑Site Scripting (Stored XSS) in admin settings, affecting versions up to and including 2.5.1. Exploitation requires an attacker with at least editor-level permissions and only impacts multisite instal...

AZL-69878 CVE-2025-11215 affecting package nodejs 20.14.0-13

Off by one error in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-11215

Off by one error in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-11215

CVE-2025-11215 refers to an off-by-one error in the V8 engine of Google Chrome/Chromium that allows a remote attacker to cause an out-of-bounds memory read via a crafted HTML page. The documented impact is a medium severity (CVSS 3.1: 4.3) with network attack vector, no privileges, and user inter...

CVE-2025-11215

Off by one error in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-43496

The issue was addressed by adding additional logic. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Remote content may be loaded even when the 'Load Remote Images' setting is turned off...

CVE-2025-54332

An issue was discovered in NPU in Samsung Mobile Processor Exynos 1380 through July 2025. There is a NULL Pointer Dereference of profiler.node in the npuvertexprofileoff function...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988759)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988759 advisory. In the Linux kernel, the following vulnerability has been resolved: of: fdt: fix off-by-one error in unflattendtnodes Commit 78c44d910d3e drivers/of: Fix depth when...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990248)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990248 advisory. In the Linux kernel, the following vulnerability has been resolved: arm64: asm-bug: Add .align 2 to the end of BUGENTRY When CONFIGDEBUGBUGVERBOSE=n, we fail to add...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988686)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988686 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix off by one in BIOS boundary checking Bounds checking when parsing init scripts...

CVE-2025-43496

The issue was addressed by adding additional logic. This issue is fixed in watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Sequoia 15.7.2, visionOS 26.1. Remote content may be loaded even when the 'Load Remote Images' setting is turned off...

CVE-2025-43496

The issue was addressed by adding additional logic. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Remote content may be loaded even when the 'Load Remote Images' setting is turned off...

CVE-2025-63462

Totolink A7000R v9.1.0u.6115B20201022 was discovered to contain a stack overflow via the wifiOff parameter in the sub421A04 function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

CVE-2025-63463

Totolink LR350 v9.3.5u.6369B20220309 was discovered to contain a stack overflow via the wifiOff parameter in the sub4232EC function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

CVE-2025-63463

Totolink LR350 v9.3.5u.6369B20220309 was discovered to contain a stack overflow via the wifiOff parameter in the sub4232EC function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

CVE-2025-63463

Totolink LR350 v9.3.5u.6369B20220309 was discovered to contain a stack overflow via the wifiOff parameter in the sub4232EC function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

PT-2025-44659

Name of the Vulnerable Software and Affected Versions Totolink LR350 version 9.3.5u.6369 B20220309 Description The software contains a stack overflow issue via the wifiOff parameter in the sub 4232EC function. This allows attackers to cause a Denial of Service DoS through a crafted request...

TOTOLINK A7000R 安全漏洞

TOTOLINK A7000R is a wireless router from China's Gion Electronics TOTOLINK that supports WiFi7 technology for home or small business network environments. The TOTOLINK A7000R suffers from a stack buffer overflow vulnerability, which stems from the failure of the wifiOff parameter in the sub421A0...