CVE-2026-42342

React Router is a router for React. In versions 7.0.0 through 7.14.x of react-router and versions 2.10.0 through 2.17.4 of @remix-run/server-runtime, certain crafted requests can consume disproportionate server resources via unbounded path expansion in the manifest endpoint, resulting in response...

CVE-2026-32262

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.5 and from version 5.0.0-RC1 to before version 5.9.11, the AssetsController-replaceFile method has a targetFilename body parameter that is used unsanitized in a deleteFile call before...

Drupal Islandora 安全漏洞

Drupal Islandora is an extension platform for content management systems developed by the Drupal company, used for digital asset management and digital library construction. Versions of Drupal Islandora prior to 2.17.5 contained a security vulnerability caused by improper input handling, which...

MiracleLinux 8 : samba-4.17.5-3.el8.ML.1 (AXSA:2023-6311:09)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6311:09 advisory. samba: SMB2 packet signing is not enforced when server signing = required is set CVE-2023-3347 Tenable has extracted the preceding description block directly...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000618)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000618 advisory. arch/x86/kernel/entry64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment SS segment register, which allows local...

EUVD-2026-2175

Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally...

kernel-devel-6.17.5-1.1 on GA media (moderate)

kernel-devel-6.17.5-1.1 on GA media Announcement ID: openSUSE-SU-2025:15671-1 Rating: moderate Cross-References: CVE-2025-39991 CVE-2025-39992 CVE-2025-39993 CVE-2025-39994 CVE-2025-39995 CVE-2025-39996 CVE-2025-39997 CVE-2025-39998 CVE-2025-39999 CVE-2025-40000 CVE-2025-40001 CVE-2025-40002...

Security update for postgresql17

This update for postgresql17 fixes the following issues: Upgrade to 17.5: CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation bsc1242931 Changelog: https://www.postgresql.org/docs/release/17.5/ Patch Instructions: To...

Medium: postgresql17

Issue Overview: Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5...

CVE-2024-23282

The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, watchOS 10.5. A maliciously crafted email may be able to initiate FaceTime calls without user authorization...

CVE-2024-27855

The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, macOS Ventura 13.6.7. A shortcut may be able to use sensitive data with certain actions without prompting the user...

CVE-2024-27835

This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to an iOS device may be able to access notes from the lock screen...

CVE-2024-27847

This issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7. An app may be able to bypass Privacy preferences...

UBUNTU-CVE-2025-4207

Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13,...

PT-2025-6769 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.4 through 17.5.0 Description: An issue was discovered in GitLab CE/EE which allows an attacker to trigger a pipeline as another user under certain circumstances. Recommendations: For versions 16.4 through 17.5.0, upda...

CVE-2024-40839

This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to an iOS device may be able to view notification contents from the Lock Screen...

CVE-2024-44136

This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to a device may be able to disable Stolen Device Protection...

PT-2025-2673 · Apple · Ios +1

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 17.5 iPadOS versions prior to 17.5 Description: This issue was addressed through improved state management. An attacker with physical access to a device may be able to disable Stolen Device Protection. Recommendations: F...

Apple iOS和Apple iPadOS 安全漏洞

Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS version 17.5 and iPadOS version 17.5, which stems from the handling of...

Apple iOS和Apple iPadOS 安全漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for the iPad tablet computer. A security vulnerability exists in Apple iOS version 17.5 and Apple iPadOS version 17.5, which originates from...