CVE-2026-35672

phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in API v4.0 where the default empty api.apiClientToken allows unauthenticated users to create and modify FAQ entries. Attackers can send an empty x-pmf-token header to bypass token validation and inject malicious content via PO...

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.3 contained security vulnerabilities. These vulnerabilities stemmed from the default empty value of api.apiClientToken in API v4.0, which allowed unverified users to create...

GHSA-GP95-J463-VV28 phpMyFAQ: Default Empty API Token Authentication Bypass

Summary A default empty API client token allows any unauthenticated user to create and modify FAQ entries, categories, and questions via the REST API. The vulnerability exists in all versions since API v4.0 was introduced because the installation process seeds api.apiClientToken with an empty...

Insecure Default Initialization of Resource

Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Insecure Default Initialization of Resource via the hasValidToken function. An attacker can gain unauthorized access to create and modify FAQ entries,...

CVE-2025-48520

An improper input validation vulnerability within the AMD Platform Management Framework PMF driver can allow a local attacker to read Out-of-Bounds potentially resulting in information disclosure or a crash...

EUVD-2020-24939

Malware in sbrugna...

EUVD-2025-22664

Malicious code in bioql PyPI...

CVE-2025-38421

In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: pmf: Use device managed allocations If setting up smart PC fails for any reason then this can lead to a double free when unloading amd-pmf. This is because dev-buf was freed but never set to NULL and is again...

UBUNTU-CVE-2025-38421

In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: pmf: Use device managed allocations If setting up smart PC fails for any reason then this can lead to a double free when unloading amd-pmf. This is because dev-buf was freed but never set to NULL and is again...

CVE-2025-38421

In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: pmf: Use device managed allocations If setting up smart PC fails for any reason then this can lead to a double free when unloading amd-pmf. This is because dev-buf was freed but never set to NULL and is again...

CVE-2025-38421 platform/x86/amd: pmf: Use device managed allocations

In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: pmf: Use device managed allocations If setting up smart PC fails for any reason then this can lead to a double free when unloading amd-pmf. This is because dev-buf was freed but never set to NULL and is again...

CVE-2025-38421 platform/x86/amd: pmf: Use device managed allocations

In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: pmf: Use device managed allocations If setting up smart PC fails for any reason then this can lead to a double free when unloading amd-pmf. This is because dev-buf was freed but never set to NULL and is again...

CVE-2025-38421

CVE-2025-38421 affects the Linux kernel’s amd-pmf code in platform/x86/amd, where a path that fails smart PC setup could lead to a double free of dev->buf during module removal. The root cause is a freed pointer that isn’t NULL’d, causing amd_pmf_remove() to free it again. The provided fixes c...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the amd pmf module not using device management allocations, which could lead to a double release...

CVE-2020-3668

u'Buffer overflow while parsing PMF enabled MCBC frames due to frame length being lesser than what is expected while parsing' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdrag...

PT-2025-30826 · Amd-Pmf +1 · Amd-Pmf +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists in the Linux kernel’s platform/x86/amd pmf module. A failure during smart PC setup can lead to a double free when unloading amd-pmf, specifically because a device buffer...

CVE-2021-29112 Esri ArcReader PMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

An out-of-bounds read vulnerability exists when parsing a specially crafted file in Esri ArcReader 10.8.1 and earlier which allow an unauthenticated attacker to induce an information disclosure issue in the context of the current user...

CVE-2021-29118 Esri ArcReader PMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

An out-of-bounds read vulnerability exists when parsing a specially crafted file in Esri ArcReader 10.8.1 and earlier which allow an unauthenticated attacker to induce an information disclosure issue in the context of the current user...

Esri ArcReader PMF File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Esri ArcReader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PMF...

Esri ArcReader PMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Esri ArcReader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing...