SUSE CVE-2026-43495

In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: validate portcount against message length in t7xxportenummsghandler t7xxportenummsghandler uses the modem-supplied portcount field as a loop bound over portmsg-data without checking that the message buffer contai...

📄 Ubuntu 25.10 Containerd Insecure Directory Permissions

This proof of concept exploit demonstrates and detects CVE-2024-25621, a security vulnerability in containerd caused by insecure permissions on critical runtime and data directories. Affected versions may expose container metadata and runtime artifacts due to directories being readable or writabl...

Security update for libxml2

This update for libxml2 fixes the following issues: CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in xmlCatalogXMLResolveURI. bsc1256807, bsc1256811 CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to...

ajv has ReDoS when using `$data` option

ajv Another JSON Schema Validator through version 8.17.1 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax $data reference, which is passed directly to the JavaScript RegExp constructor...

SUSE-SU-2025:21031-1 Security update for libxslt

This update for libxslt fixes the following issues: Changes in libxslt: - CVE-2025-11731: Fixed type confusion in exsltFuncResultCompfunction leading to denial of service bsc1251979 - CVE-2025-10911: Fixed use-after-free with key data stored cross-RVT bsc1250553...

Compromising Trusted Execution Environments through DDR5 Memory Bus Interposition

Summary Researchers successfully executed a physical bus interposition attack targeting server-grade DDR5 memory, compromising the confidentiality of encrypted data during runtime. AMD does not plan to provide mitigations since physical vector attacks are out of scope for AMD SEV-SNP. as detailed...

CVE-2020-8478

Insufficient protection of the inter-process communication functions in ABB System 800xA products OPC Server for AC 800M, MMS Server for AC 800M and Base Software for SoftControl all published versions enables an attacker authenticated on the local system to inject data, affecting the online view...

Webinar: Learn How ASPM Transforms Application Security from Reactive to Proactive

Are you tired of dealing with outdated security tools that never seem to give you the full picture? You're not alone. Many organizations struggle with piecing together scattered information, leaving your apps vulnerable to modern threats. That's why we're excited to introduce a smarter, unified...

GHSA-JCGG-MG9G-P9WF Duplicate Advisory: Keycloak Build Process Exposes Sensitive Data

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-v7gv-xpgf-6395. This link is maintained to preserve external references. Original Description A flaw was found in Keycloak. This issue occurs because sensitive runtime values, such as passwords, may be captured...

CVE-2024-46887

CVE-2024-46887 affects Siemens SIMATIC S7-1500 CPU family and related controllers (e.g., ET 200SP Open Controller). The vulnerability is an authentication bypass in the web server that handles /ClientArea/RuntimeInfoData.mwsl, allowing an unauthenticated remote attacker to obtain current and conf...

CVE-2023-46142 PHOENIX CONTACT: Insufficient Read and Write Protection to Logic and Runtime Data in PLCnext Control

A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices...

SUSE CVE-2023-28427

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data...

UBUNTU-CVE-2023-28427

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data...

Improper beacon events in matrix-js-sdk can result in availability issues

Impact Improperly formed beacon events from MSC3488 can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data...

Matrix 输入验证错误漏洞

Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. Matrix Javascript SDK 17.1.0-rc.1 and later has an input validation error vulnerability that stems from the fact that its incorrectly formatted beacon event from MSC3488 could corrupt or prevent the matrix-js-sdk...

CVE-2022-34836

Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the user to access files on the Zenon system and user also can add own log messages and e.g., flood the log entries. An attacker who successfully exploit the vulnerability could access the Zenon runtime activities such as the start an...

Design/Logic Flaw

Insufficient protection of the inter-process communication functions in ABB System 800xA products OPC Server for AC 800M, MMS Server for AC 800M and Base Software for SoftControl all published versions enables an attacker authenticated on the local system to inject data, affecting the online view...

ABB Ability System 800xA Privilege License and Access Control Issues Vulnerability

ABB Ability System 800xA is a distributed control system from ABB Switzerland for the industrial control industry. A privilege permission and access control issue vulnerability exists in ABB System 800xA all versions, which can be exploited by a local attacker to inject data and affect the view o...