CVE-2023-53822

CVE-2023-53822 affects the Linux kernel wifi stack (ath11k) where fragmented frames from an uninitialized peer could crash the datapath. In scenarios with many virtual AP interfaces across bands, ACS, and frequent hostapd restarts, a fragment for self peer could be processed with rx_tid/rx_frags ...

CVE-2023-53822

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Ignore frags from uninitialized peer in dp. When max virtual ap interfaces are configured in all the bands with ACS and hostapd restart is done every 60s, a crash is observed at random times. In this certain scenari...

SUSE CVE-2023-53762

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Fix UAF in hcidisconnectallsync Use-after-free can occur in hcidisconnectallsync if a connection is deleted by concurrent processing of a controller event. To prevent this the code now tries to iterate over th...

Amazon Linux 2023 : firefox (ALAS2023-2025-1305)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1305 advisory. A heap buffer over-read vulnerability exists in libpng's pngdoquantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palettelookup array boun...

Progress Telerik Document Processing Libraries Installed (Windows)

Binary data progresstelerikdocumentprocessinglibrarieswininstalled.nbin...

Amazon Linux 2023 : libpng, libpng-devel, libpng-static (ALAS2023-2025-1306)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1306 advisory. A heap buffer over-read vulnerability exists in libpng's pngdoquantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palettelookup array boun...

Amazon Linux 2023 : cups-filters, cups-filters-devel, cups-filters-libs (ALAS2023-2025-1291)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1291 advisory. CUPS is a standards-based, open-source printing system, and libcupsfilters contains the code of the filters of the former cups-filters package as library functions to be used for the data form...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from amdgpu not validating the offsetinbo of drmamdgpugemva, which could lead to out-of-bounds access...

CVE-2025-66301

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, due to improper authorization checks when modifying critical fields on a POST request to /admin/pages/pagename, an editor with only permissions to change basic content on the form is now able to change the functioning of the form through...

EUVD-2025-201715

A vulnerability was determined in code-projects Simple Shopping Cart 1.0. This issue affects some unknown processing of the file /Admin/additems.php. Executing manipulation of the argument itemname can lead to sql injection. The attack can be executed remotely. The exploit has been publicly...

CVE-2025-14227 Philipinho Simple-PHP-Blog edit.php sql injection

A security flaw has been discovered in Philipinho Simple-PHP-Blog up to 94b5d3e57308bce5dfbc44c3edafa9811893d958. This issue affects some unknown processing of the file /edit.php. The manipulation results in sql injection. The attack may be performed from remote. The exploit has been released to...

drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices

...

DEBIAN-CVE-2023-53769

In the Linux kernel, the following vulnerability has been resolved: virt/coco/sev-guest: Double-buffer messages The encryption algorithms read and write directly to shared unencrypted memory, which may leak information as well as permit the host to tamper with the message integrity. Instead, copy...

CVE-2023-53769

In the Linux kernel, the following vulnerability has been resolved: virt/coco/sev-guest: Double-buffer messages The encryption algorithms read and write directly to shared unencrypted memory, which may leak information as well as permit the host to tamper with the message integrity. Instead, copy...

Important: thunderbird

Issue Overview: A heap buffer over-read vulnerability exists in libpng's pngdoquantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palettelookup array bounds are not validated against externally-supplied image data, allowing an attacker to craf...

Linux Distros Unpatched Vulnerability : CVE-2025-66471

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed...

PT-2025-49492

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.5.0-rc1+ 10 Description A use-after-free condition can occur in the Bluetooth stack within the Linux kernel, specifically in the hci disconnect all sync function. This issue arises when a connection is deleted...

Linux Distros Unpatched Vulnerability : CVE-2025-40225

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/panthor: Fix kernel panic on partial unmap of a GPU VA region This commit address a kernel panic issue that can happen if Userspace tries to partially unmap...

📄 Craft CMS 5.0 Logic Flaw

A flaw in the Craft CMS image transform endpoint allows an unauthenticated attacker to trigger backend processing without prior authentication. While the original Metasploit module targeted remote code execution, this proof of concept does not execute code, does not write files, and does not inje...

Important: firefox

Issue Overview: A heap buffer over-read vulnerability exists in libpng's pngdoquantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palettelookup array bounds are not validated against externally-supplied image data, allowing an attacker to craf...