GPUHammer: Rowhammer Attacks on GPU Memories are Practical

Revisions Revision Date| Description ---|--- 2025-12-03| Initial publication...

FreeBSD : MongoDB -- Improper Validation of Specified Quantity in Input (ea64d2ec-ced4-11f0-a958-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ea64d2ec-ced4-11f0-a958-b42e991fc52e advisory. https://jira.mongodb.org/browse/SERVER-108565 reports: Inconsistent object size validation in time seri...

BIT-GITLAB-2025-7449 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user with specific permissions to cause a denial of service condition through HTTP response processing...

Numeric Truncation Error

Overview Affected versions of this package are vulnerable to Numeric Truncation Error due to improper conversion of string length from an int64/int32 to an int16 without checks for overflows. values in the process handling UTF-8 encoded data. An attacker can cause packet corruption or unintended...

EUVD-2025-200146

In GPU pdma, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS10117741; Issue ID: MSV-4538...

EUVD-2025-200147

In GPU pdma, there is a possible memory corruption due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS10117735; Issue ID: MSV-4539...

CVE-2025-20788

In GPU pdma, there is a possible memory corruption due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS10117735; Issue ID: MSV-4539...

CVE-2025-20789

In GPU pdma, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS10117741; Issue ID: MSV-4538...

CVE-2025-20789

In GPU pdma, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS10117741; Issue ID: MSV-4538...

CVE-2025-20789

In GPU pdma, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS10117741; Issue ID: MSV-4538...

CVE-2025-20789

In GPU pdma on affected MediaTek platforms, a missing bounds check can lead to local information disclosure. The vulnerability allows leakage of information without extra privileges, with exploitation requiring user interaction. A patch is referenced (ALPS10117741; MSV-4538). Affected component i...

GHSA-V8X2-FJV7-8HJH Grav has Broken Access Control which allows an Editor to modify the page's YAML Frontmatter to alter form processing actions

Summary Due to a broken access control vulnerability in the /admin/pages/pagename endpoint, an editor user with full permissions to pages can change the functionality of a form after submission. Details Due to improper authorization checks when modifying critical fields on a POST request to...

Grav has Broken Access Control which allows an Editor to modify the page's YAML Frontmatter to alter form processing actions

Summary Due to a broken access control vulnerability in the /admin/pages/pagename endpoint, an editor user with full permissions to pages can change the functionality of a form after submission. Details Due to improper authorization checks when modifying critical fields on a POST request to...

PT-2025-48635

In GPU pdma, there is a possible memory corruption due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS10117735; Issue ID: MSV-4539...

PT-2025-48636

In GPU pdma, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS10117741; Issue ID: MSV-4538...

PDF-XChange Editor EMF File EMR_SMALLTEXTOUT Out-Of-Bounds Read Vulnerability

Talos Vulnerability Report TALOS-2025-2280 PDF-XChange Editor EMF File EMRSMALLTEXTOUT Out-Of-Bounds Read Vulnerability December 2, 2025 CVE Number CVE-2025-58113 SUMMARY An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Co. Ltd PDF-XChange Editor 10.7.3.401. By...

Improper Neutralization of Special Elements Used in a Template Engine

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the Twig processing feature enabled through page frontmatter. An...

CVE-2025-66301 Grav ihas Broken Access Control which allows an Editor to modify the page's YAML Frontmatter to alter form processing actions

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, due to improper authorization checks when modifying critical fields on a POST request to /admin/pages/pagename, an editor with only permissions to change basic content on the form is now able to change the functioning of the form through...

CVE-2025-66301

Grav CMS contains a broken access control vulnerability (CVE-2025-66301) where an editor with only basic content permissions can modify the YAML frontmatter data[_json][header][form] in POST to /admin/pages/{page_name}, altering the form processing logic. Root cause: improper authorization checks...

CVE-2025-66301 Grav ihas Broken Access Control which allows an Editor to modify the page's YAML Frontmatter to alter form processing actions

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, due to improper authorization checks when modifying critical fields on a POST request to /admin/pages/pagename, an editor with only permissions to change basic content on the form is now able to change the functioning of the form through...