CVE-2025-29482

Buffer Overflow vulnerability in libheif 1.19.7 allows a local attacker to execute arbitrary code via the SAO Sample Adaptive Offset processing of libde265...

GHSA-F7F6-9JQ7-3RQJ estree-util-value-to-estree allows prototype pollution in generated ESTree

Impact When generating an ESTree from a value with a property named proto, valueToEstree would generate an object that specifies a prototype instead. Example: js import generate from 'astring' import valueToEstree from 'estree-util-value-to-estree' const estree = valueToEstree 'proto': const code...

CVE-2025-30373 Graylog Authenticated HTTP inputs do ingest message even if Authorization header is missing or has wrong value

Graylog is a free and open log management platform. Starting with 6.1, HTTP Inputs can be configured to check if a specified header is present and has a specified value to authenticate HTTP-based ingestion. Unfortunately, even though in cases of a missing header or a wrong value the correct HTTP...

SUSE-SU-2025:1155-1 Security update for govulncheck-vulndb

This update for govulncheck-vulndb fixes the following issues: - Update to version 0.0.20250402T160203 2025-04-02T16:02:03Z jscPED-11136 GO-2025-3443 GO-2025-3581 GO-2025-3582 GO-2025-3583 GO-2025-3584 GO-2025-3585 GO-2025-3586 GO-2025-3587 GO-2025-3588...

CVE-2025-20658

CVE-2025-20658 is a MediaTek DA component vulnerability caused by a logic error that enables a local elevation of privilege with physical access and no user interaction. The issue affects DA and can be exploited without additional execution privileges; CVSS 3.1 metrics indicate physical access re...

CVE-2025-20655

In keymaster, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04427687; Issue ID: MSV-3183...

PT-2025-15274 · Unknown · Pcman Ftp Server

Name of the Vulnerable Software and Affected Versions: PCMan FTP Server version 2.0.7 Description: A critical issue affects the ENC Command Handler component, leading to a buffer overflow. This can be exploited remotely. Recommendations: For PCMan FTP Server version 2.0.7, consider disabling the...

PT-2025-15247 · Ruoyi · Ruoyi

Name of the Vulnerable Software and Affected Versions: RUoYi version 4.8.0 Description: An issue in RUoYi allows a remote attacker to escalate privileges via the edit method of the "/edit/dictId" endpoint, which does not properly validate whether the requesting user has permission to modify the...

openSUSE Security Advisory (SUSE-SU-2025:1126-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Wear OS Security Bulletin—April 2025Stay organized with collectionsSave and categorize content based on your preferences.

The Wear OS Security Bulletin contains details of security vulnerabilities affecting the Wear OS platform. The full Wear OS update comprises the security patch level of 2025-04-05 or later from the April 2025 Android Security Bulletin in addition to all issues in this bulletin. We encourage all...

Android Automotive OS Update Bulletin—April 2025Stay organized with collectionsSave and categorize content based on your preferences.

The Android Automotive OS AAOS Update Bulletin contains details of security vulnerabilities affecting the Android Automotive OS platform. The full AAOS update comprises the security patch level of 2025-04-05 or later from the April 2025 Android Security Bulletin in addition to all issues in this...

Pixel Watch Security Bulletin—April 2025Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Watch Security Bulletin contains details of security vulnerabilities affecting Pixel Watch devices Google Devices. For Google devices, security patch levels of 2025-04-05 or later address all issues in this bulletin and all issues in the April 2025 Android Security Bulletin and all issu...

Android Security Bulletin—April 2025Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2025-04-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...

CVE-2025-31492

modauthopenidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Prior to 2.4.16.11, a bug in a modauthopenidc results in disclosure of protected content to unauthenticated users. The...

CVE-2025-31492

Summary (concrete): CVE-2025-31492 affects the mod_auth_openidc Apache module (OpenID Connect Relying Party). Before version 2.4.16.11, a bug allowed disclosure of protected content to unauthenticated users when OIDCProviderAuthRequestMethod is POST, a valid account exists, and there is no applic...

CVE-2025-31488

Plain Craft Launcher (PCL) is affected. When a homepage uses WebBrowser controls in its WPF UI, the app loads the page via Internet Explorer in the background, allowing an attacker with a malicious homepage to access the target webpage without user awareness. The issue is fixed in version 2.9.3.

PT-2025-15109 · Unknown · Codeprojects Online Restaurant Management System

Name of the Vulnerable Software and Affected Versions: codeprojects Online Restaurant Management System version 1.0 Description: A critical vulnerability was found in the codeprojects Online Restaurant Management System. The vulnerability affects an unknown functionality of the file /admin/user...

PT-2025-18033 · Totolink · Totolink N150Rt

Name of the Vulnerable Software and Affected Versions: TOTOLINK N150RT version 3.4.0-B20190525 Description: A vulnerability was found in the MAC Filtering Page component of the TOTOLINK N150RT router, affecting some unknown functionality of the file /home.htm. The manipulation of the Comment...

PT-2025-15110 · Unknown · Codeprojects Online Restaurant Management System

Name of the Vulnerable Software and Affected Versions: codeprojects Online Restaurant Management System version 1.0 Description: A critical vulnerability has been found in the codeprojects Online Restaurant Management System. The issue affects an unknown functionality of the file /admin/combo...

PT-2025-18654 · Totolink · Totolink Cp900L

Name of the Vulnerable Software and Affected Versions: TOTOLINK CP900 version 6.3c.1144 B20190715 Description: The issue is related to a command injection vulnerability in the setUpgradeUboot function via the FileName parameter. This allows attackers to execute arbitrary commands via a crafted...