CVE-2025-10086 fuyang_lipengjun platform AdPositionController queryAll improper authorization

A weakness has been identified in fuyanglipengjun platform 1.0.0. This issue affects the function queryAll of the file /adposition/queryAll of the component AdPositionController. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been made...

MAL-2025-45576 Malicious code in position-mostly-bad (npm)

The package position-mostly-bad was found to contain malicious code...

Malicious code in position-mostly-bad (npm)

The package position-mostly-bad was found to contain malicious code...

glib: Buffer Underflow on GLib through glib/gstring.c via function g_string_insert_unichar

A flaw was found in GLib, which is vulnerable to an integer overflow in the gstringinsertunichar function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite...

Linux Distros Unpatched Vulnerability : CVE-2024-45306

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the curs...

Linux Distros Unpatched Vulnerability : CVE-2024-47538

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the vorbishandleidentificationpacket...

D-Link DI-500WF Buffer Overflow Vulnerability

D-Link DI-500WF is a panel type wireless AP access point, designed with international wireless standards, supporting 2.4GHz band, wireless transmission speed up to 300Mbps, in line with the green concept. A buffer overflow vulnerability exists in the D-Link DI-500WF. The vulnerability stems from...

ksmbd: prevent out-of-bounds stream writes by validating *pos

...

CVE-2025-7218

A vulnerability was found in Campcodes Payroll Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /ajax.php?action=deleteposition. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit ha...

CVE-2025-7217

A vulnerability has been found in Campcodes Payroll Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax.php?action=saveposition. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit ha...

CVE-2025-6839

A vulnerability, which was classified as critical, has been found in Conjure Position Department Service Quality Evaluation System up to 1.0.11. Affected by this issue is the function eval of the file public/assets/less/bootstrap-less/mixins/head.php. The manipulation of the argument payload lead...

CVE-2025-6839

A vulnerability, which was classified as critical, has been found in Conjure Position Department Service Quality Evaluation System up to 1.0.11. Affected by this issue is the function eval of the file public/assets/less/bootstrap-less/mixins/head.php. The manipulation of the argument payload lead...

CVE-2025-6839 Conjure Position Department Service Quality Evaluation System head.php eval backdoor

A vulnerability, which was classified as critical, has been found in Conjure Position Department Service Quality Evaluation System up to 1.0.11. Affected by this issue is the function eval of the file public/assets/less/bootstrap-less/mixins/head.php. The manipulation of the argument payload lead...

CVE-2025-6839 Conjure Position Department Service Quality Evaluation System head.php eval backdoor

A vulnerability, which was classified as critical, has been found in Conjure Position Department Service Quality Evaluation System up to 1.0.11. Affected by this issue is the function eval of the file public/assets/less/bootstrap-less/mixins/head.php. The manipulation of the argument payload lead...

CVE-2025-6839

A vulnerability (CVE-2025-6839) exists in the Conjure Position Department Service Quality Evaluation System (versions up to 1.0.11) where the eval function in public/assets/less/bootstrap-less/mixins/head.php can be manipulated via the payload argument to install a backdoor. The attack is reporta...

GNSS Spoofing Detection Based on Opportunistic Position Information

The limited or no protection for civilian Global Navigation Satellite System GNSS signals makes spoofing attacks relatively easy. With modern mobile devices often featuring network interfaces, state-of-the-art signals of opportunity SOP schemes can provide accurate network positions in replacemen...

Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to 20.19.2: CVE-2025-23166: improper error handling in async cryptographic operations crashes process bsc1243218. CVE-2025-23167: improper HTTP header block termination in llhttp bsc1243220. CVE-2025-23165: add missing call to...

Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to 20.19.2: CVE-2025-23166: improper error handling in async cryptographic operations crashes process bsc1243218. CVE-2025-23167: improper HTTP header block termination in llhttp bsc1243220. CVE-2025-23165: add missing call to...

I Know What You Said: Unveiling Hardware Cache Side-Channels in Local Large Language Model Inference

Large Language Models LLMs that can be deployed locally have recently gained popularity for privacy-sensitive tasks, with companies such as Meta, Google, and Intel playing significant roles in their development. However, the security of local LLMs through the lens of hardware cache side-channels...

[SECURITY] Fedora 42 Update: qt6-qtpositioning-6.9.1-1.fc42

The Qt Positioning APIs gives developers the ability to determine a position by using a variety of possible sources, including satellite, or wifi, or text file, and so on...