Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the ParseUDP function. An attacker can cause the application to crash or exhaust resources by sending a single crafted UDP packet with an invalid fragment sequence number. Remediation Upgrade...

CVE-2025-68144

In mcp-server-git versions prior to 2025.12.17, the gitdiff and gitcheckout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values e.g., --output=/path/to/file for gitdiff would be interpreted as command-line options rather than git refs,...

CVE-2025-34450 merbanan/rtl_433 <= 25.02 Stack-based Buffer Overflow

merbanan/rtl433 versions up to and including 25.02 and prior to commit 25e47f8 contain a stack-based buffer overflow vulnerability in the function parserfraw located in src/rfraw.c. When processing crafted or excessively large raw RF input data, the application may write beyond the bounds of a...

CVE-2025-34450

merbanan/rtl433 versions up to and including 25.02 and prior to commit 25e47f8 contain a stack-based buffer overflow vulnerability in the function parserfraw located in src/rfraw.c. When processing crafted or excessively large raw RF input data, the application may write beyond the bounds of a...

BIT-PARSE-2025-68150 Parse Server has Server-Side Request Forgery (SSRF) in Instagram OAuth Adapter

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.2 and 9.1.1, the Instagram authentication adapter allows clients to specify a custom API URL via the apiURL parameter in authData. This enables SSRF attacks and possibly...

BIT-PARSE-2025-68115 Parse Server vulnerable to Cross-Site Scripting (XSS) via Unescaped Mustache Template Variables

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 8.6.1 and 9.1.0, a Reflected Cross-Site Scripting XSS vulnerability exists in Parse Server's password reset and email verification HTML pages. The patch, available in...

BIT-PARSE-2025-67727 Parse Server GitHub CI workflow vulnerable to RCE through Improper Privilege Management

Parse Server is an open source backend that can be deployed to any infrastructure that runs Node.js. In versions prior to 8.6.0, a GitHub CI workflow is triggered in a way that grants the GitHub Actions workflow elevated permissions, giving it access to GitHub secrets and write permissions which...

CVE-2025-67172

RiteCMS v3.1.0 was discovered to contain an authenticated remote code execution RCE vulnerability via the parsespecialtags function...

rtl_433 安全漏洞

rtl433 is a general-purpose data receiver from the individual developer Benjamin Larsson. Program for decoding radio transmissions from devices in the Ism band and other frequencies. A security vulnerability exists in rtl433 versions 25.02 and earlier and 25e47f8 and earlier, which stems from a...

PT-2025-52352

Name of the Vulnerable Software and Affected Versions merbanan/rtl 433 versions up to and including 25.02 and prior to commit 25e47f8 Description The software contains a stack-based buffer overflow in the parse rfraw function, located in src/rfraw.c. Processing crafted or excessively large raw RF...

CVE-2025-68144

In mcp-server-git versions prior to 2025.12.17, the gitdiff and gitcheckout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values e.g., --output=/path/to/file for gitdiff would be interpreted as command-line options rather than git refs,...

mcp-server-git argument injection in git_diff and git_checkout functions allows overwriting local files

In mcp-server-git versions prior to 2025.12.18, the gitdiff and gitcheckout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values e.g., --output=/path/to/file for gitdiff would be interpreted as command-line options rather than git refs,...

GHSA-9XWC-HFWC-8W59 mcp-server-git argument injection in git_diff and git_checkout functions allows overwriting local files

In mcp-server-git versions prior to 2025.12.18, the gitdiff and gitcheckout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values e.g., --output=/path/to/file for gitdiff would be interpreted as command-line options rather than git refs,...

CVE-2025-68144

CVE-2025-68144 affects mcp-server-git. In versions prior to 2025.12.17, the git_diff and git_checkout functions forward user-controlled arguments directly to the git CLI without sanitization. This allows flag-like values (for example, --output=/path/to/file) to be interpreted as git options rathe...

CVE-2025-68150

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.2 and 9.1.1-alpha.1, the Instagram authentication adapter allows clients to specify a custom API URL via the apiURL parameter in authData. This enables SSRF attacks and...

CVE-2025-67172

RiteCMS v3.1.0 was discovered to contain an authenticated remote code execution RCE vulnerability via the parsespecialtags function...

CVE-2025-67172

RiteCMS v3.1.0 was discovered to contain an authenticated remote code execution RCE vulnerability via the parsespecialtags function...

cifs: fix memory leak in smb3_fs_context_parse_param error path

...

CVE-2025-68115

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 8.6.1 and 9.1.0-alpha.3, a Reflected Cross-Site Scripting XSS vulnerability exists in Parse Server's password reset and email verification HTML pages. The patch, available ...

SUSE CVE-2025-40346

In the Linux kernel, the following vulnerability has been resolved: archtopology: Fix incorrect error check in topologyparsecpucapacity Fix incorrect use of PTRERRORZERO in topologyparsecpucapacity which causes the code to proceed with NULL clock pointers. The current logic uses !PTRERRORZEROcpuc...