CVE-2025-8836

CVE-2025-8836 affects JasPer up to 4.2.5, where manipulation in jpc_floorlog2 (src/libjasper/jpc/jpc_enc.c - JPC Encoder) can trigger a reachable assertion. Exploitation is described as local; public exploit guidance exists. Remediation is available via patches, e.g., upgrade to JasPer 4.2.8 (ope...

PT-2025-32530

Name of the Vulnerable Software and Affected Versions: JasPer versions up to 4.2.5 Description: A use-after-free vulnerability exists in JasPer up to version 4.2.5. The issue affects the jpc dec dump function within the JPEG2000 File Handler component, located in the file src/libjasper/jpc/jpc...

CVE-2025-8813

CVE-2025-8813 affects atjiu pybbs up to 6.0.0. The vulnerability resides in the changeLanguage function of src/main/java/co/yiiu/pybbs/controller/front/IndexController.java, where manipulation of the referer argument leads to an open redirect. It can be triggered remotely and the exploit has been...

CVE-2025-8805 Open5GS SMF gsm-sm.c smf_gsm_state_wait_pfcp_deletion denial of service

A vulnerability was determined in Open5GS up to 2.7.5. Affected by this issue is the function smfgsmstatewaitpfcpdeletion of the file src/smf/gsm-sm.c of the component SMF. The manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the publ...

CVE-2025-8804

A vulnerability was found in Open5GS up to 2.7.5. Affected by this vulnerability is the function ngapbuilddownlinknastransport of the component AMF. The manipulation leads to reachable assertion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used...

CVE-2025-8801

Open5GS AMF contains a denial-of-service vulnerability in the gmm_state_exception function of src/amf/gmm-sm.c affecting versions up to 2.7.5. The issue can be triggered remotely, and an exploit has been disclosed publicly. Upgrading to Open5GS 2.7.6 addresses the vulnerability (patch id f47f2bd4...

PT-2025-32489 · Unknown · Atjiu Pybbs

Name of the Vulnerable Software and Affected Versions: atjiu pybbs versions up to 6.0.0 Description: A problematic issue exists in the setCookie function within the src/main/java/co/yiiu/pybbs/util/CookieUtil.java file. This allows for cross-site request forgery, potentially initiated remotely. T...

PT-2025-32487 · Unknown · Atjiu Pybbs

Name of the Vulnerable Software and Affected Versions: atjiu pybbs versions up to 6.0.0 Description: A problematic issue exists in atjiu pybbs up to version 6.0.0, affecting an unknown part of the file /api/settings within the Admin Panel component. The issue allows for cross site scripting and c...

CVE-2025-20697

In Power HAL, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09915681; Issue ID: MSV-3795...

CVE-2025-20696

In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09915215;...

CVE-2025-20697

In Power HAL, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09915681; Issue ID: MSV-3795...

CVE-2025-20696

In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09915215;...

UBUNTU-CVE-2025-8225

A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function processdebuginfo of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patc...

AZL-65981 CVE-2025-8176 affecting package libtiff for versions less than 4.6.0-8

A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function gethistogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the publi...

DEBIAN-CVE-2025-7462

A vulnerability was found in Artifex GhostPDL up to 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. It has been classified as problematic. This affects the function pdfferror of the file devices/vector/gdevpdf.c of the component New Output File Open Error Handler. The manipulation leads to null pointer...

CVE-2025-20686

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote proximal/adjacent code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00415570; Issue ID: MSV-3404...

CVE-2025-20692

In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418040; Issue ID: MSV-3476...

CVE-2025-20685

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote proximal/adjacent code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00416226; Issue ID: MSV-3409...

CVE-2025-20688

In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418047; Issue ID: MSV-3480...

CVE-2025-20680

In Bluetooth driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418044; Issue ID: MSV-3482...