PT-2025-32137 · Eavb · Eavb

Name of the Vulnerable Software and Affected Versions: versions prior to 2025-27072 Description: An information disclosure issue exists while processing a packet at the EAVB BE side with an invalid header length. Recommendations: At the moment, there is no information about a newer version that...

CVE-2025-52951 Junos OS: IPv6 firewall filter fails to match payload-protocol

A Protection Mechanism Failure vulnerability in kernel filter processing of Juniper Networks Junos OS allows an attacker sending IPv6 traffic destined to the device to effectively bypass any firewall filtering configured on the interface. Due to an issue with Junos OS kernel filter processing, th...

Cockpit < 2.11.4 XSS

The version of Cockpit running on the remote web server prior to 2.11.4. A vulnerability was found in Cockpit up to 2.11.3. It has been rated as problematic. This issue affects some unknown processing of the file /system/users/save. The manipulation of the argument name/email leads to cross site...

CVE-2025-7053 Cockpit save cross site scripting

A vulnerability was found in Cockpit up to 2.11.3. It has been rated as problematic. This issue affects some unknown processing of the file /system/users/save. The manipulation of the argument name/email leads to cross site scripting. The attack may be initiated remotely. Upgrading to version...

CVE-2022-50171

CVE-2022-50171 is a Linux kernel issue in crypto: hisilicon/sec where a mutex lock is used during softirq, causing scheduling while atomic when kunpeng920 encryption driver processes packets in softirq. Affected component: Linux kernel crypto path for Hisilicon/sec; root cause: sleeping in softir...

CVE-2025-32798

The conda-build contains commands and tools to build conda packages. The conda-build recipe processing logic was found to be vulnerable to arbitrary code execution due to unsafe evaluation of recipe selectors. Currently, conda-build uses the eval function to process embedded selectors in meta.yam...

CVE-2025-5886

CVE-2025-5886 affects Emlog up to version 2.5.7. The issue is a cross-site scripting vulnerability arising from manipulating the active_post argument in /admin/article.php, with remote initiation and a publicly disclosed exploit. Connected sources confirm the vulnerability existence and the affec...

CVE-2024-53013

CVE-2024-53013 corresponds to a memory corruption issue in Qualcomm chipsets during processing of voice call registrations. The vulnerability affects the voice-call registration path and is described as memory corruption with an impact profile including confidentiality Low, integrity High, availa...

CVE-2025-0073

CVE-2025-0073 is a Use After Free vulnerability in ARM Valhall GPU Kernel Driver and ARM 5th Gen GPU Architecture Kernel Driver. The issue allows a local non-privileged user to perform improper GPU memory processing, gaining access to already freed memory. Affected versions are Valhall GPU Kernel...

Amazon Linux 2023 : ImageMagick, ImageMagick-c++, ImageMagick-c++-devel (ALAS2023-2025-972)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-972 advisory. In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used. CVE-2025-43965 Tenable has extracted the preceding description block directly from the...

Amazon Linux 2 : ImageMagick (ALAS-2025-2857)

The version of ImageMagick installed on the remote host is prior to 6.9.10.97-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2857 advisory. In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used...

Laravel Rest Api has a Search Validation Bypass

A validation bypass vulnerability was discovered prior to version 2.13.0, where multiple validations defined for the same attribute could be silently overridden. Due to how the framework merged validation rules across multiple contexts such as index, store, and update actions, malicious actors...

CVE-2025-0400

A vulnerability was found in StarSea99 starsea-mall 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/categories/update. The manipulation of the argument categoryName leads to cross site scripting. The attack may be initiated remotely. The exploi...

CVE-2024-9031

A vulnerability, which was classified as problematic, has been found in CodeCanyon CRMGo SaaS up to 7.2. This issue affects some unknown processing of the file /project/task/taskid/show. The manipulation of the argument comment leads to cross site scripting. The attack may be initiated remotely...

CVE-2023-42888

The issue was addressed with improved checks. This issue is fixed in iOS 16.7.5 and iPadOS 16.7.5, watchOS 10.2, macOS Ventura 13.6.4, macOS Sonoma 14.2, macOS Monterey 12.7.3, iOS 17.2 and iPadOS 17.2. Processing a maliciously crafted image may result in disclosure of process memory...

CVE-2021-21250

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which may lead to arbitrary file read. When BuildSpec is provided in XML format, the spec is processed by XmlBuildSpecMigrator.migratebuildSpecString; which processes the XML document withou...

CVE-2021-29533

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK failure by passing an empty image to tf.rawops.DrawBoundingBoxes. This is because the...

CVE-2021-37206

A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 All versions V8.80, SIPROTEC 5 relays with CPU variants CP100 All versions V8.80, SIPROTEC 5 relays with CPU variants CP300 All versions V8.80. Received webpackets are not properly processed. An unauthenticated remot...

CVE-2020-1901

Receiving a large text message containing URLs in WhatsApp for iOS prior to v2.20.91.4 could have caused the application to freeze while processing the message...

CVE-2011-1757

DJabberd 0.84 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564...