ROS-20251014-04

A vulnerability in the libvips horizontal topology image processing library is related to the creation of a three-channel HEIF image without an alpha channel and then writing its data into 4 channels. 3-channel HEIF image without alpha channel and then writing its data to 4 channels. Exploitation...

CVE-2025-11618

A missing validation check in FreeRTOS-Plus-TCP's UDP/IPv6 packet processing code can lead to an invalid pointer dereference when receiving a UDP/IPv6 packet with an incorrect IP version field in the packet header. This issue only affects applications using IPv6. We recommend upgrading to the...

CVE-2025-31992

HCL Unica MaxAI Assistant is susceptible to a HTML injection vulnerability. An attacker could insert special characters that are processed client-side in the context of the user's session...

CVE-2025-11594

A vulnerability has been found in ywxbear PHP-Bookstore-Website-Example and PHP Basic BookStore Website up to 0e0b9f542f7a2d90a8d7f8c83caca69294e234e4. This issue affects some unknown processing of the file /index.php of the component Quantity Handler. Such manipulation leads to improper validati...

CVE-2025-58298

Data processing error vulnerability in the package management module. Successful exploitation of this vulnerability may affect availability...

Linux Distros Unpatched Vulnerability : CVE-2023-53679

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: mt7601u: fix an integer underflow Fix an integer underflow that leads to a null pointer dereference in 'mt7601urxskbfromseg'. The variable 'dmalen' in the...

RHEL 9 : webkit2gtk3 (RHSA-2025:17743)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:17743 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Processing maliciously...

EUVD-2025-33884

HCL Unica MaxAI Assistant is susceptible to a HTML injection vulnerability. An attacker could insert special characters that are processed client-side in the context of the user's session...

CVE-2025-31992

CVE-2025-31992 affects HCL Unica MaxAI Assistant. The issue is a HTML injection vulnerability where an attacker could insert special characters that are processed client-side within the user’s session. The CVSSv3.1 metrics in the initial data indicate: AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N, base sc...

HCL Unica Platform 安全漏洞

HCL Unica Platform is a state-of-the-art enterprise automated marketing platform from HCL India. It handles routine marketing tasks and captures the most effective leads without the need for manual intervention. A security vulnerability exists in HCL Unica Platform that stems from the...

VulnCheck KEV: CVE-2025-2611

The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get executed on the server. This results in unauthenticated remote code execution in the session handling. Versions 7.4 and below are know...

CVE-2025-11610

A security flaw has been discovered in SourceCodester Simple Inventory System 1.0. This issue affects some unknown processing of the file /brand.php. The manipulation of the argument editBrandName results in sql injection. The attack can be executed remotely. The exploit has been released to the...

OESA-2025-2404 libtiff security update

This provides support for the Tag Image File Format TIFF, a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff...

OESA-2025-2381 xml-security security update

The XML Security project is aimed at providing implementation of security standards for XML. Currently the focus is on the W3C standards : - XML-Signature Syntax and Processing; and - XML Encryption Syntax and Processing. Security Fixes: All versions of Apache Santuario - XML Security for Java...

OESA-2025-2365 perl-JSON-XS security update

This module converts Perl data structures to JSON and vice versa. Its primary goal is to be correct and its secondary goal is to be fast. To reach the latter goal it was written in C. Security Fixes: JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when...

EUVD-2025-33830

Data processing error vulnerability in the package management module. Successful exploitation of this vulnerability may affect availability...

CVE-2025-58298

Data processing error vulnerability in the package management module. Successful exploitation of this vulnerability may affect availability...

CVE-2025-58298

Data processing error vulnerability in the package management module. Successful exploitation of this vulnerability may affect availability...

CVE-2025-58298

Huawei HarmonyOS is affected by a data handling error in the package management module that can affect availability. The vulnerability is reported as a local issue (local attack vector) with low attack complexity, and may be exploitable without user interaction or elevated privileges according to...

CVE-2025-58298

Data processing error vulnerability in the package management module. Successful exploitation of this vulnerability may affect availability...