EUVD-2025-205568

A security flaw has been discovered in code-projects Refugee Food Management System 1.0. The impacted element is an unknown function of the file /home/pagenateRefugeesList.php. Performing manipulation of the argument rfid results in sql injection. Remote exploitation of the attack is possible. Th...

EUVD-2025-205300

KYOCERA Net Admin 3.4.0906 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft malicious web pages that automatically submit forms to add new admin accounts with predefined credentials when...

EUVD-2025-205334

Microhard Systems IPn4G 1.1.0 contains an undocumented vulnerability that allows authenticated attackers to list and manipulate running system processes. Attackers can send arbitrary signals to kill background processes and system services through a hidden feature, potentially causing service...

EUVD-2025-205132

In the Linux kernel, the following vulnerability has been resolved: KVM: Destroy target device if coalesced MMIO unregistration fails Destroy and free the target coalesced MMIO device if unregistering said device fails. As clearly noted in the code, kvmiobusunregisterdev does not destroy the targ...

EUVD-2025-205129

In the Linux kernel, the following vulnerability has been resolved: drm/msm/hdmi: Add missing check for allocorderedworkqueue Add check for the return value of allocorderedworkqueue as it may return NULL pointer and cause NULL pointer dereference in hdmihdcp.c and hdmihpd.c. Patchwork:...

EUVD-2025-205127

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix iwlmvmmaxamsdusize for MLO For MLO, we cannot use vif-bssconf.chandef.chan-band, since that will lead to a NULL-ptr dereference as bssconf isn't used. However, in case of real MLO, we also need to take both LMA...

EUVD-2025-205184

In the Linux kernel, the following vulnerability has been resolved: ASoC: da7219: Fix an error handling path in da7219registerdaiclks If clkhwregister fails, the corresponding clk should not be unregistered. To handle errors from loops, clean up partial iterations before doing the goto. So add a...

EUVD-2025-204809

NSF Unidata NetCDF-C Time Unit Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exploit this vulnerability in that the target mus...

EUVD-2025-204839

A command injection vulnerability in the me.connectify.SMJobBlessHelper XPC service of Speedify VPN up to v15.0.0 allows attackers to execute arbitrary commands with root-level privileges...

EUVD-2025-204850

NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, information disclosure and data tampering...

EUVD-2025-204751

LSC Smart Connect Indoor IP Camera 1.4.13 contains a RCE vulnerability in startapp.sh...

EUVD-2025-204335

A denial-of-service vulnerability exists in the omec-project UPF pfcpiface component in version upf-epc-pfcpiface:2.1.3-dev. When the UPF receives a PFCP Session Report Response that is missing the mandatory Cause Information Element, the session report handler dereferences a nil pointer instead ...

EUVD-2025-204346

An information disclosure vulnerability in Kentico Xperience allows public users to access sensitive administration interface hostname details during authentication. Attackers can retrieve confidential hostname configuration information through a public endpoint, potentially exposing internal...

EUVD-2025-203828

To enhance security, the FileMaker Server 22.0.4 installer now includes an option to disable IIS short filename enumeration by setting NtfsDisable8dot3NameCreation in the Windows registry. This prevents attackers from using the tilde character to discover hidden files and directories. This...

CGA-7836-4M8G-RHMH

Bulletin has no description...

EUVD-2025-203423

A vulnerability was determined in vion707 DMadmin up to 3403cafdb42537a648c30bf8cbc8148ec60437d1. This impacts the function Add of the file Admin/Controller/AddonsController.class.php of the component Backend. Executing manipulation can lead to cross site scripting. The attack can be executed...

EUVD-2025-203424

Academy LMS 6.1 contains a file upload vulnerability that allows authenticated users to upload malicious SVG files with stored cross-site scripting payloads. Attackers can inject malicious scripts through the profile avatar upload feature by modifying file extensions and embedding executable...

EUVD-2025-203169

An out-of-bounds write vulnerability exists in the Grassroots DICOM library GDCM. The issue is triggered during parsing of a malformed DICOM file containing encapsulated PixelData fragments compressed image data stored as multiple fragments. This vulnerability leads to a segmentation fault caused...

MINI-P2RM-F2W8-R839

Bulletin has no description...

MINI-2X36-H5PG-C4FC

Bulletin has no description...