CVE-2025-66270

The CVE-2025-66270 entry concerns KDE Connect protocol 8 prior to 2025-11-28, with affected releases across multiple platforms: desktop KDE Connect before 25.12, iOS KDE Connect before 0.5.4, Android KDE Connect before 1.34.4, GSConnect before 68, and Valent before 1.0.0.alpha.49. The underlying ...

UBUNTU-CVE-2025-62725

Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...

AMD AIM-T Manageability Software Security Update

AMD has informed HP of potential vulnerabilities in the AMD Integrated Management Technology AIM-T software, which might allow arbitrary code execution. AMD has released software updates to mitigate these vulnerabilities. AMD has released updates to mitigate this potential vulnerabilities. HP has...

CVE-2025-43346

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process...

GHSA-FFVR-GMP3-XX43 Apache EventMesh: raft Hessian Deserialization Vulnerability allowing remote code execution

CWE-502 Deserialization of Untrusted Data at the eventmesh-meta-raft plugin module in Apache EventMesh master branch without release version on windows\linux\mac os e.g. platforms allows attackers to send controlled message and remote code execute via hessian deserialization rpc protocol. Users c...

CVE-2024-44297

The issue was addressed with improved bounds checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing a maliciously crafted message may lead to a denial-of-service...

CVE-2024-44258

This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, tvOS 18.1. Restoring a maliciously crafted backup file may lead to modification of protected system files...

PKP Web Application Library Cross-Site Scripting Vulnerability

The PKP Web Application Library is a library shared by PKP's Open Journal System OJS, Open Conference System OCS, Open Monograph Press OMP, Open Preprint System OPS, and Open Harvester System OHS. A cross-site scripting vulnerability exists in versions prior to PKP Web Application Library 3.3.0-1...

CVE-2022-32826

An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to gain root privileges...

CVE-2020-36521

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iCloud for Windows 11.4, iOS 14.0 and iPadOS 14.0, watchOS 7.0, tvOS 14.0, iCloud for Windows 7.21, iTunes for Windows 12.10.9. Processing a maliciously crafted tiff file may lead to a denial-of-service or...

webkitgtk: Access issue in content security policy

An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing...

webkitgtk: Incorrect state management leading to universal cross-site scripting

A logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to universal cross site scripting...

DEBIAN-CVE-2018-4438

A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9...

DEBIAN-CVE-2018-4416

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8...

UBUNTU-CVE-2018-4416

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8...

UBUNTU-CVE-2018-4267

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6...

flash-plugin: multiple code execution issues fixed in APSB15-16

Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow attackers to cause a denial of service NULL pointer...

Invoker servlets authentication bypass (HTTP verb tampering)

The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication ...

flash-plugin: mulitple code execution flaws (APSB11-28)

Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service heap memory corruption via unspecified vectors...

Veritas NetBackup 3.54.55.0 - Multiple Local Memory Corruption Vulnerabilities (1)

Veritas NetBackup 3.54.55.0 - Multiple Local Memory Corruption Vulnerabilities 1 source: https://www.securityfocus.com/bid/10226/info Multiple unspecified local buffer overrun and format string vulnerabilities have been reported to exist in various setuid Veritas NetBackup binaries. These issues...