curl: Stack-based Buffer Overflow in TELNET NEW_ENV Option Handling

Title: Stack-based Buffer Overflow in TELNET NEWENV Option Handling Vulnerability Description: Summary: A stack-based buffer overflow vulnerability exists in the libcurl TELNET handler. When libcurl connects to a malicious TELNET server, the server can trigger an overflow by sending a NEWENVIRON...

UBUNTU-CVE-2025-5455

An issue was found in the private API function qDecodeDataUrl in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a "charset" parameter that lacked a value such as...

CVE-2024-26597

In the Linux kernel, the following vulnerability has been resolved: net: qualcomm: rmnet: fix global oob in rmnetpolicy The variable rmnetlinkops assign a bigger maxtype which leads to a global out-of-bounds read when parsing the netlink attributes. See bug trace below:...

CVE-2022-0882

A bug exists where an attacker can read the kernel log through exposed Zircon kernel addresses without the required capability ZXRSRCKINDROOT. It is recommended to upgrade the Fuchsia kernel to 4.1.1 or greater...

CVE-2021-21411

OAuth2-Proxy is an open source reverse proxy that provides authentication with Google, Github or other providers. The --gitlab-group flag for group-based authorization in the GitLab provider stopped working in the v7.0.0 release. Regardless of the flag settings, authorization wasn't restricted...

CVE-2021-42557

In Jeedom through 4.1.19, a bug allows a remote attacker to bypass API access and retrieve users credentials...

CVE-2025-48066

wire-webapp is the web application for the open-source messaging service Wire. A bug fix caused a regression causing an issue with function to delete local data. Instructing the client to delete its local database on user logout does not result in deletion. This is the case for both temporary...

CVE-2005-4414

Unspecified vulnerability in Teamwork 3 before alpha 1.7 has unknown impact and attack vectors, related to "a menu security bug."...

CVE-2025-47291

containerd is an open-source container runtime. A bug was found in the containerd's CRI implementation where containerd, starting in version 2.0.1 and prior to version 2.0.5, doesn't put usernamespaced containers under the Kubernetes' cgroup hierarchy, therefore some Kubernetes limits are not...

Mozilla: IDOR: Account Deletion via Session Misbinding – Attacker Can Delete Victim Account

A critical vulnerability was identified in the Firefox Accounts API that allowed an authenticated attacker to permanently delete any user's account by sending a POST /v1/account/destroy request using the attacker's session, but including the victim's email and password hash in the JSON payload. T...

CVE-2025-47790

Nextcloud Server is a self hosted personal cloud system. Nextcloud Server prior to 29.0.15, 30.0.9, and 31.0.3 and Nextcloud Enterprise Server prior to 26.0.13.15, 27.1.11.15, 28.0.14.6, 29.0.15, 30.0.9, and 31.0.3 have a bug with session handling. The bug caused skipping the second factor...

SUSE CVE-2025-37862

In the Linux kernel, the following vulnerability has been resolved: HID: pidff: Fix null pointer dereference in pidfffindfields This function triggered a null pointer dereference if used to search for a report that isn't implemented on the device. This happened both for optional and required...

CVE-2025-4144 PKCE bypass via downgrade attack

PKCE was implemented in the OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp . However, it was found that an attacker could cause the check to be skipped. Fixed in: https://github.com/cloudflare/workers-oauth-provider/pull/27...

Security Bug Report Prediction within and across Projects: a Comparative Study of BERT and Random Forest

Early detection of security bug reports SBRs is crucial for preventing vulnerabilities and ensuring system reliability. While machine learning models have been developed for SBR prediction, their predictive performance still has room for improvement. In this study, we conduct a comprehensive...

SUSE-SU-2025:1293-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-46925: Fixed kernel panic caused by race of smcsock bsc1220466. - CVE-2021-47645: media: staging: media: zoran: calculate the right buffer number for...

XZ has a heap-use-after-free bug in threaded .xz decoder

...

CVE-2025-31115 XZ has a heap-use-after-free bug in threaded .xz decoder

XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on t...

SUSE-SU-2025:20247-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52778: mptcp: deal with large GSO size bsc1224948. - CVE-2023-52920: bpf: support non-r10 register spill/fill to/from stack in precision tracking...

PT-2025-13280 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.1.0-rc4-syzkaller-00362-gfef7fd48922d Description: A bug was found in the f2fs component of the Linux kernel, where a sanity check on i extra isize in the is alive function was missing, resulting in a...

FreeBSD : qt5-webengine -- Use after free in Compositing (a58fdfef-07c6-11f0-8688-4ccc6adda413)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a58fdfef-07c6-11f0-8688-4ccc6adda413 advisory. Qt qtwebengine-chromium repo reports: Backports for 1 security bug in Chromium: Tenable has extracted t...