CVE-2025-58410

Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permissions to memory buffers exported as read-only. This is caused by improper handling of the memory protections for the buffer resource...

Collaborative research by Microsoft and NVIDIA on real-time immunity

AI-Powered Threats Demand AI-Powered Defense While AI supports growth and innovation, it is also reshaping how organizations address faster, more adaptive security risks. AI-driven security threats, including “vibe-hacking”, are evolving faster than traditional defenses can adapt. Attackers can n...

EUVD-2025-197806

Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permissions to memory buffers exported as read-only. This is caused by improper handling of the memory protections for the buffer resource...

kernel: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush In KVM guests with Hyper-V hypercalls enabled, the hypercalls HVCALLFLUSHVIRTUALADDRESSLIST and HVCALLFLUSHVIRTUALADDRESSLISTEX allow a guest to request...

PT-2025-47175

Name of the Vulnerable Software and Affected Versions Software affected versions not specified Description Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permissions to memory buffers exported as read-only. This is caused by improper handli...

PT-2025-47178

Name of the Vulnerable Software and Affected Versions Nagios Log Server versions prior to 2026R1.0.1 Description Nagios Log Server versions prior to 2026R1.0.1 have an authenticated command injection issue through the 'Natural Language Queries' feature. The application reads configuration values...

Django: ASGIRequest header concatenation quadratic CPU DoS on Django via repeated headers leads to worker exhaustion

ASGIRequest header concatenation quadratic CPU DoS Reporter: Jiyong Yang / BAEKSEOK University Target: Django current main, affects all versions with ASGI support Type: Denial of Service CPU exhaustion Summary django.core.handlers.asgi.ASGIRequest builds the META dictionary by iterating over the...

Adobe Photoshop Heap Buffer Overflow Vulnerability (CNVD-2025-29701)

Adobe Photoshop is a set of image processing software from the American company Audobee Adobe. Adobe Photoshop suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the context of the current user...

CLSA-2025-1763033745 python: Fix of CVE-2025-8194

CVE-2025-8194: fix infinite loop and deadlock in TarFile extraction and entry enumeration APIs...

D-Link DIR-816A2 安全漏洞

D-Link DIR-816A2 is a router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-816A2 that stems from improper buffer sizing when the upload.cgi module handles /proc/version, which could result in a stack buffer overflow...

Siemens SIMATIC S7-1500 and Ruggedcom ROX Devices Inefficient Algorithmic Complexity (CVE-2024-12133)

A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate,...

CVE-2025-57812 [BIGSLEEP-434612419] CUPS-Filters has heap-buffer-overflow write in `cfImageLut()`

CUPS is a standards-based, open-source printing system, and libcupsfilters contains the code of the filters of the former cups-filters package as library functions to be used for the data format conversion tasks needed in Printer Applications. In CUPS-Filters versions up to and including 1.28.17...

CVE-2025-20622

Sensitive information uncleared in resource before release for reuse for some IntelR NPU Drivers for Windows before version 32.0.100.4023 within Ring 3: User Applications may allow an information disclosure. Unprivileged software adversary with an authenticated user combined with a low complexity...

CVE-2025-40130 scsi: ufs: core: Fix data race in CPU latency PM QoS request handling

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix data race in CPU latency PM QoS request handling The cpulatencyqosadd/remove/updaterequest interfaces lack internal synchronization by design, requiring the caller to ensure thread safety. The current...

SUSE CVE-2025-64512

Pdfminer.six is a community maintained fork of the original PDFMiner, a tool for extracting information from PDF documents. Prior to version 20251107, pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The CMapDB.loaddata function in...

OpenPrinting CUPS Filters 缓冲区错误漏洞

OpenPrinting CUPS Filters is an OpenPrinting open source printing system filter. A buffer error vulnerability exists in versions of OpenPrinting CUPS Filters prior to 1.28.18, which stems from an array out-of-bounds write when the pdftoraster tool processes PDF files...

Linux Distros Unpatched Vulnerability : CVE-2025-12748

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from data contention in CPU latency PM QoS request processing, which could lead to list corruption...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from dlserver not stopping before the CPU goes offline, which could cause the kernel to crash...

CVE-2025-40760

A vulnerability has been identified in Altair Grid Engine All versions V2026.0.0. Affected products do not properly handle error messages and discloses sensitive password hash information when processing user authentication requests. This could allow a local attacker to extract password hashes fo...