18887 matches found
GHSA-RMJR-87WV-GF87 Mammoth is vulnerable to Directory Traversal
Versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth before 1.11.0; versions of the package org.zwobble.mammoth:mammoth before 1.11.0 are vulnerable to Directory Traversal due to the lack of...
CVE-2025-55092
In Eclipse Foundation NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in nxipv4optionprocess when processing an IPv4 packet with the timestamp option...
CVE-2025-11849
Versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth before 1.11.0; versions of the package org.zwobble.mammoth:mammoth before 1.11.0 are vulnerable to Directory Traversal due to the lack of...
CVE-2025-11849
Versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth before 1.11.0; versions of the package org.zwobble.mammoth:mammoth before 1.11.0 are vulnerable to Directory Traversal due to the lack of...
CVE-2025-55093 Out of bound read and write in _nx_ipv4_packet_receive() when handling unicast DHCP messages
In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in nxipv4packetreceive when handling unicast DHCP messages that could cause corruption of 4 bytes of memory...
CVE-2025-55092 Potential out of bound read in _nx_ipv4_option_process()
In Eclipse Foundation NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in nxipv4optionprocess when processing an IPv4 packet with the timestamp option...
Mammoth 安全漏洞
Mammoth is a tool for converting Word documents to HTML by the individual developer Michael Williamson. A security vulnerability exists in mammoth version 0.3.25 and versions prior to 1.11.0, which stems from a lack of path or file type validation when processing docx files, and could lead to a...
CLSA-2025-1760647898 Fix of 22 CVEs
CVE-url: https://ubuntu.com/security/CVE-2022-43945 - NFSD: Protect against send buffer overflow in NFSv3 READ Focal update: v5.4.285 upstream stable release LP: 2089233 // CVE-2024-49924 // CVE-url: https://ubuntu.com/security/CVE-2024-49924 - fbdev: pxafb: Fix possible use after free in pxafbta...
Exploit for CRLF Injection in Oracle Concurrent_Processing
CVE-2025-61882-Oracle-E-Business-Suite-Pre-Auth-RCE-Exploit...
CVE-2025-55082
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was a potential out of bound read in nxsecuretlsprocessclienthello because of a missing validation of PSK length provided in the user message...
CVE-2025-39984
In the Linux kernel, the following vulnerability has been resolved: net: tun: Update napi-skb after XDP process The syzbot report a UAF issue: BUG: KASAN: slab-use-after-free in skbresetmacheader include/linux/skbuff.h:3150 inline BUG: KASAN: slab-use-after-free in napifragsskb net/core/gro.c:723...
Exploit for CRLF Injection in Oracle Concurrent_Processing
See our...
ATLAS-EPIC 安全漏洞
ATLAS-EPIC is a data processing application by gsiegel14 individual developer. ATLAS-EPIC has a security vulnerability that stems from the use of hard-coded credentials...
CVE-2025-10610
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in SFS Consulting Information Processing Industry and Foreign Trade Inc. Winsure allows Blind SQL Injection.This issue affects Winsure: through Version dated 21.08.2025...
CVE-2025-55082
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was a potential out of bound read in nxsecuretlsprocessclienthello because of a missing validation of PSK length provided in the user message...
CVE-2025-55082
NetX Duo (Eclipse Foundation ThreadX) before 6.4.4 is affected by an out-of-bounds read in _nx_secure_tls_process_clienthello() due to missing validation of PSK length in the user message. This is described across multiple sources (NVD, Red Hat, OSV, CVE lists, CNNVD). The impact is a potential i...
CVE-2025-55082 Potential out of bound read and info leak in_nx_secure_tls_psk_identity_find()
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was a potential out of bound read in nxsecuretlsprocessclienthello because of a missing validation of PSK length provided in the user message...
CVE-2025-55081
CVE-2025-55081 affects Eclipse Foundation NextX Duo (ThreadX module) prior to version 6.4.4. The vulnerability is in the _nx_secure_tls_process_clienthello() function, which omits length verification for certain SSL/TLS client_hello fields (ciphersuite length and compression method length). Attac...
EUVD-2025-34588
In the Linux kernel, the following vulnerability has been resolved: net: tun: Update napi-skb after XDP process The syzbot report a UAF issue: BUG: KASAN: slab-use-after-free in skbresetmacheader include/linux/skbuff.h:3150 inline BUG: KASAN: slab-use-after-free in napifragsskb net/core/gro.c:723...
CVE-2025-39984
In the Linux kernel, the following vulnerability has been resolved: net: tun: Update napi-skb after XDP process The syzbot report a UAF issue: BUG: KASAN: slab-use-after-free in skbresetmacheader include/linux/skbuff.h:3150 inline BUG: KASAN: slab-use-after-free in napifragsskb net/core/gro.c:723...