Gibbon SQL注入漏洞

Gibbon is a school platform developed by the Gibbon team that addresses practical issues encountered by educators every day. Versions of Gibbon prior to v30.0.01 contained an SQL injection vulnerability. This vulnerability stemmed from the misuse of the Tracking/graphing feature, allowing...

exiftool-vendored vulnerable to argument injection via newline characters in tag names

Impact exiftool-vendored starts ExifTool in -stayopen True -@ - mode, where arguments are read from stdin one per line. In affected versions, several caller-supplied strings were interpolated into ExifTool arguments without rejecting line delimiters. A newline or carriage return inside one of tho...

XiangShan 安全漏洞

XiangShan is an open-source high-performance RISC-V processor project developed by XiangShan in China. There is a security vulnerability in XiangShan, which stems from specially crafted read and write operations on the menvcfg structure, potentially causing the WPRI bit to be set unexpectedly,...

ImageMagick 安全漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It allows for reading, converting, and writing images in various formats. Versions of ImageMagick prior to 7.1.2-16 and 6.9.13-41 contained security vulnerabilities. These vulnerabilities stemmed...

PT-2026-22921

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The f2fs file system in the Linux kernel contains a flaw related to out-of-bounds memory access and incorrect handling of integer values when reading and writing sysfs attributes...

Qualcomm Chipsets 访问控制错误漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. An access control error vulnerability exists in Qualcomm Chipsets that originates when a user-level driver performs a QFPROM read or write operation, which could result in information disclosure...

EUVD-2024-46813

Malicious code in bioql PyPI...

EUVD-2025-11226

Malicious code in bioql PyPI...

DEBIAN-CVE-2025-38111

In the Linux kernel, the following vulnerability has been resolved: net/mdiobus: Fix potential out-of-bounds read/write access When using publicly available tools like 'mdio-tools' to read/write data from/to network interface and its PHY via mdiobus, there is no verification of parameters passed ...

CVE-2021-36169

A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6.4.x before 6.4.7 allows attacker to Execute unauthorized code or commands via specific hex read/write operations...

Imagination GPU Driver 安全漏洞

Imagination GPU Driver is a graphics driver from Imagination. A security vulnerability exists in Imagination GPU Driver. An attacker exploiting this vulnerability could perform incorrect read and write operations...

CVE-2024-22280

VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database...

CVE-2024-5633

Longse model LBH30FE200W cameras, as well as products based on this device, provide an unrestricted access for an attacker located in the same local network to an undocumented binary service CoolView on one of the ports. An attacker with a knowledge of the available commands is able to perform...

CVE-2024-5633

Affected product: Longse model LBH30FE200W cameras and related devices. Vulnerability: unrestricted access to an undocumented binary service (CoolView) on a local network port, enabling an attacker to read/write device memory and potentially bypass Telnet login to gain full control. Impact (as st...

CVE-2024-5633

Longse model LBH30FE200W cameras, as well as products based on this device, provide an unrestricted access for an attacker located in the same local network to an undocumented binary service CoolView on one of the ports. An attacker with a knowledge of the available commands is able to perform...

Type Confusion

chromium is vulnerable to a Type Confusion. The vulnerability is due to improper handling of object types, potentially allowing a remote attacker to execute arbitrary read/write operations via a crafted HTML page...

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2023-2811)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbnet.c has a .disconnect versus dvbdeviceopen race condition...

Insufficient Verification of Proofs generated by the immudb server in client SDK.

Impact In certain scenario a malicious immudb server can provide a falsified proof that will be accepted by the client SDK signing a falsified transaction replacing the genuine one. This situation can not be triggered by a genuine immudb server and requires the client to perform a specific list o...

kernel: ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix potential AB/BA lock with buffermutex and mmaplock syzbot caught a potential deadlock between the PCM runtime-buffermutex and the mm-mmaplock. It was brought by the recent fix to cover the racy read/write and other...

CVE-2021-36133

The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral...