17039 matches found
Microsoft Windows 输入验证错误漏洞
Microsoft Windows is a suite of operating systems used by Microsoft Corporation USA for personal devices. An input validation error vulnerability exists in Microsoft Windows Speech Runtime, which stems from a vulnerability that can be exploited by an attacker to elevate privileges...
Microsoft Windows DirectX 代码问题漏洞
Microsoft Windows DirectX is a DirectX end-user runtime Web installer from Microsoft Corporation USA. A code issue vulnerability exists in Microsoft Windows DirectX, which can be exploited by an attacker to cause a denial of service on a system...
Medium: cuda-runtime-12-9
Issue Overview: NVIDIA nvJPEG library contains a vulnerability where an attacker can cause an out-of-bounds read by means of a specially crafted JPEG file. A successful exploit of this vulnerability might lead to information disclosure or denial of service. CVE-2025-23272 Affected Packages:...
GHSA-7R7F-9XPJ-JMR7 Ash Framework: Filter authorization misapplies impossible bypass/runtime policies
Summary When using filter authorization, two edge cases could cause the policy compiler/authorizer to generate a permissive filter: 1. Bypass policies whose condition can never pass at runtime were compiled as ORANDcondition, compiledpolicies, NOTcondition. If the condition could never be true at...
Ash Framework: Filter authorization misapplies impossible bypass/runtime policies
Summary When using filter authorization, two edge cases could cause the policy compiler/authorizer to generate a permissive filter: 1. Bypass policies whose condition can never pass at runtime were compiled as ORANDcondition, compiledpolicies, NOTcondition. If the condition could never be true at...
EUVD-2025-33878
Vulnerability in the Oracle Configurator product of Oracle E-Business Suite component: Runtime UI. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful...
[SECURITY] Fedora 41 Update: cri-o1.32-1.32.9-1.fc41
Open Container Initiative-based implementation of Kubernetes Container Runtime Interface...
[SECURITY] Fedora 41 Update: cri-o1.33-1.33.5-1.fc41
Open Container Initiative-based implementation of Kubernetes Container Runtime Interface...
[SECURITY] Fedora 41 Update: cri-o1.34-1.34.1-1.fc41
Open Container Initiative-based implementation of Kubernetes Container Runtime Interface...
[SECURITY] Fedora 41 Update: cri-o1.31-1.31.13-1.fc41
Open Container Initiative-based implementation of Kubernetes Container Runtime Interface...
[SECURITY] Fedora 42 Update: cri-o1.31-1.31.13-1.fc42
Open Container Initiative-based implementation of Kubernetes Container Runtime Interface...
[SECURITY] Fedora 42 Update: cri-o1.32-1.32.9-1.fc42
Open Container Initiative-based implementation of Kubernetes Container Runtime Interface...
[SECURITY] Fedora 42 Update: cri-o1.34-1.34.1-1.fc42
Open Container Initiative-based implementation of Kubernetes Container Runtime Interface...
Fedora 42 : cri-o1.31 (2025-51d26ffda5)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-51d26ffda5 advisory. - Update to release v1.31.13 - Resolves: rhbz2333357, rhbz2398406, rhbz2398661, rhbz2399063, rhbz2399337 - Upstream fix Tenable has extracted the...
Fedora 42 : cri-o1.32 (2025-37970906a8)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-37970906a8 advisory. - Update to release 1.32.9 - Resolves: rhbz2333357, rhbz2398407, rhbz2398662, rhbz2399064, rhbz2399338 - Upstream fix Tenable has extracted the...
EEF-CVE-2025-48043 Bypass and runtime policies that can never pass may be incorrectly applied in filter authorization
Summary Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/authorizer/authorizer.ex and program routines 'Elixir.Ash.Policy.Authorizer':strictfilters/2. This issue affects ash: from pkg:hex/ash@...
mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable()
...
Malicious Package
Overview v0-runtime is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Mailpit -- Performance information disclosure
Ralph Slooten Mailpit developer reports: An HTTP endpoint was found which exposed expvar runtime information memory usage, goroutine counts, GC behavior, uptime and potential runtime flags due to the Prometheus client library dependency...
EUVD-2025-32912
Malicious code in v0-components npm...