CVE-2025-48630

In drawLayersInternal of SkiaRenderEngine.cpp, there is a possible way to access the GPU cache due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48630

PT-2026 entries show CVE-2025-48630 included in upcoming patch previews (Critical/High list) for patch levels described, with March/June 2026 release timing and ongoing patch delivery cadence. No public technical details (root cause, affected product/version, exploit info) are provided in the con...

CVE-2025-47381

CVE-2025-47381 corresponds to a memory corruption issue that occurs while processing IOCTL calls when there is concurrent access to a shared buffer. The CVSS 3.1 vector indicates a HIGH impact on confidentiality, integrity, and availability, with LOCAL attack vector, LOW attack complexity, LOW pr...

CVE-2025-47381 Use After Free in Automotive Audio

Memory Corruption while processing IOCTL calls when concurrent access to shared buffer occurs...

CVE-2025-47377

Memory Corruption when accessing a buffer after it has been freed while processing IOCTL calls...

CLSA-2026-1772456640 podman: Fix of 4 CVEs

rebuild with newer golang version 1.22.9-1.el92.tuxcare.els6 to fix the following CVE's - CVE-2025-68121: fix TLS session resumption bypass by preventing shared auto-rotated ticket keys in Config and validating full certificate chain expiry - CVE-2025-61726: limit parsed URL query parameters to...

gnutls: GnuTLS: Denial of Service via excessive resource consumption during certificate verification

A flaw was found in GnuTLS. This vulnerability allows a denial of service DoS by excessive CPU Central Processing Unit and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names SANs...

CVE-2026-20445

In MDDP, there is a possible system crash due to a race condition. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10289875; Issue ID: MSV-5184...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability. The vulnerability is caused by a possible way to access the GPU cache due to side channel information leakage in drawLayersInternal of SkiaRenderEngine.cp...

PT-2026-23002

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.7.5 Description A crafted PDF file can cause excessive processing time when accessing a stream that utilizes the /ASCIIHexDecode filter. This issue affects the pypdf library. Recommendations Update to version 6.7.5 or...

RHEL 8 : openssl (RHSA-2026:3364)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:3364 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

OpenClaw Resource Management Error Vulnerability (CNVD-2026-13374)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a Resource Management Error vulnerability that stems from an ACP bridge accepting too large a block of prompt text, which can be exploited by an attacker to cause problems with the processing of abnorm...

CVE-2026-27947

Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.9, 25.0.87, and 6.8.154 have an authenticated Remote Code Execution vulnerability in the TNEF attachment processing flow. The vulnerable path extracts attacker-controlled files from winmail.d...

GHSA-JMH7-G254-2CQ9 Gradio has SSRF via Malicious `proxy_url` Injection in `gr.load()` Config Processing

Summary A Server-Side Request Forgery SSRF vulnerability in Gradio allows an attacker to make arbitrary HTTP requests from a victim's server by hosting a malicious Gradio Space. When a victim application uses gr.load to load an attacker-controlled Space, the malicious proxyurl from the config is...

Amazon Linux 2 : runfinch-finch, --advisory ALAS2DOCKER-2026-097 (ALASDOCKER-2026-097)

The version of runfinch-finch installed on the remote host is prior to 1.14.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-097 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing...

Debian dla-4493 : libstb-dev - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4493 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4493-1 [email protected]...

SvelteKit has deserialization expansion in unvalidated `form` remote function leading to Denial of Service (experimental only)

Some relatively small inputs can cause very large files arrays in form handlers. If the SvelteKit application code doesn't check files.length or individual files' sizes and performs expensive processing with them, it can result in Denial of Service. Only users with experimental.remoteFunctions:...

CVE-2026-25196

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the Wi-Fi SSID and/or password fields can lead to remote code execution when the configuration is...

CVE-2026-22206

SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to execute arbitrary SQL queries by manipulating union-based injection techniques. Attackers can exploit this SQL injection flaw combined with PHP tag processing to achieve remote cod...

CVE-2026-27947 Group-Office Vulnerable to Remote Code Execution (RCE)

Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.9, 25.0.87, and 6.8.154 have an authenticated Remote Code Execution vulnerability in the TNEF attachment processing flow. The vulnerable path extracts attacker-controlled files from winmail.d...