fuint 安全漏洞

fuint is an all-in-one system for store cashier, online loyalty center, and marketing by zach personal developer. A security vulnerability exists in fuint, which originates from a flaw in the authentication token processing component in file...

PT-2025-44863

Name of the Vulnerable Software and Affected Versions iOS versions prior to 26.1 iPadOS versions prior to 26.1 tvOS versions prior to 26.1 Safari versions prior to 26.1 visionOS versions prior to 26.1 Description A flaw exists due to improper state management. Processing specially designed web...

PT-2025-44832

Name of the Vulnerable Software and Affected Versions iOS versions prior to 18.7.2 iPadOS versions prior to 18.7.2 tvOS versions prior to 26.1 visionOS versions prior to 26.1 macOS versions prior to Sequoia 15.7.2 Description An out-of-bounds access issue exists due to insufficient bounds checkin...

CVE-2025-12044

Vault and Vault Enterprise “Vault” are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for +HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393...

Towards Ultra-Low Latency: Binarized Neural Network Architectures for In-Vehicle Network Intrusion Detection

The Control Area Network CAN protocol is essential for in-vehicle communication, facilitating high-speed data exchange among Electronic Control Units ECUs. However, its inherent design lacks robust security features, rendering vehicles susceptible to cyberattacks. While recent research has...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: tls: Make sure to abort the stream if the headers are invalid. Normally, we wait for the socket to buffer up the entire record before processing it. However, if the socket has a very small buffer, we read out the data sooner to...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: optee: ffa: fix sleep in atomic context The OP-TEE driver registers the function notifcallback for FF-A notifications. However, this function is called in an atomic context, leading to errors when processing asynchronous...

PYSEC-2025-224

Kitware VTK Visualization Toolkit up to 9.5.0 is vulnerable to Buffer Overflow in vtkGLTFDocumentLoader. The vulnerability occurs in the BufferDataExtractionWorker template function when processing GLTF accessor data...

OESA-2025-2610 gnutls security update

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, and other...

OESA-2025-2609 bind security update

Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols and provides an openly redistributable reference implementation of the major components of the Domain Name System. This package includes the components to operate a DNS server. Security Fixes: Certain...

CVE-2025-58147 x86: Incorrect input sanitisation in Viridian hypercalls

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Some Viridian hypercalls can specify a mask of vCPU IDs as an input, in one of three formats. Xen has boundary checking bugs with all three formats, which can cause...

CVE-2025-58148 x86: Incorrect input sanitisation in Viridian hypercalls

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Some Viridian hypercalls can specify a mask of vCPU IDs as an input, in one of three formats. Xen has boundary checking bugs with all three formats, which can cause...

Xen 安全漏洞

Xen is an open source virtual machine monitor product from Xen Open Source. The product enables different and incompatible operating systems to run on the same computer and supports migration at runtime to ensure uptime and avoid downtime. A security vulnerability exists in Xen that stems from a...

Summer Pearl Group Vacation Rental Management Platform 安全漏洞

Summer Pearl Group Vacation Rental Management Platform is a vacation rental property management software platform from Summer Pearl Group, Greece. A security vulnerability exists in Summer Pearl Group Vacation Rental Management Platform versions prior to 1.0.2, which is caused by a Slowloris-styl...

CVE-2025-57106

CVE-2025-57106 affects Kitware VTK up to 9.5.0, where a buffer overflow can occur in vtkGLTFDocumentLoader during GLTF accessor data processing in the BufferDataExtractionWorker template function. Red Hat and ENISA EUVD entries corroborate the same root cause and impact (buffer overflow). The CVE...

FreeBSD : Firefox -- use-after-free in the GPU or browser process (291773e6-b5b2-11f0-8f61-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 291773e6-b5b2-11f0-8f61-b42e991fc52e advisory. https://bugzilla.mozilla.org/showbug.cgi?id=1993113 reports: Starting with Firefox 142, it was possible...

GPU-Backed-Shellcode-Execution-PoC

GPU-Backed Shellcode...

Security update for libsoup

This update for libsoup fixes the following issues: CVE-2025-11021: Ignore invalid date when processing cookies to prevent out-of-bounds read bsc1250562. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

EUVD-2025-36736

The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs...

EUVD-2025-36738

Due to the design of the name constraint checking algorithm, the processing time of some inputs scals non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains...