CVE-2025-11780

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'showMeterReport' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf'. The 'GetParametermeter' function retrieves the user input, which is directly incorporated in...

AZL-71311 CVE-2025-10543 affecting package influxdb for versions less than 2.7.5-10

In Eclipse Paho Go MQTT v3.1 library paho.mqtt.golang versions =1.5.0 UTF-8 encoded strings, passed into the library, may be incorrectly encoded if their length exceeds 65535 bytes. This may lead to unexpected content in packets sent to the server for example, part of an MQTT topic may leak into...

Numeric Truncation Error

Overview Affected versions of this package are vulnerable to Numeric Truncation Error due to improper conversion of string length from an int64/int32 to an int16 without checks for overflows. values in the process handling UTF-8 encoded data. An attacker can cause packet corruption or unintended...

Numeric Truncation Error

Overview Affected versions of this package are vulnerable to Numeric Truncation Error due to improper conversion of string length from an int64/int32 to an int16 without checks for overflows. values in the process handling UTF-8 encoded data. An attacker can cause packet corruption or unintended...

CVE-2025-10543

In Eclipse Paho Go MQTT v3.1 library paho.mqtt.golang versions =1.5.0 UTF-8 encoded strings, passed into the library, may be incorrectly encoded if their length exceeds 65535 bytes. This may lead to unexpected content in packets sent to the server for example, part of an MQTT topic may leak into...

CVE-2025-10543

CVE-2025-10543 affects Eclipse Paho Go MQTT library paho.mqtt.golang

PT-2025-48769

Name of the Vulnerable Software and Affected Versions Go versions prior to 1.25.5 Description The software contains a flaw in the error handling mechanism within the HostnameError.Error function. Specifically, there is no restriction on the number of hosts printed when constructing an error strin...

PT-2025-48672

Name of the Vulnerable Software and Affected Versions Circutor SGE-PLC1000/SGE-PLC50 version 9.0.2 Description A stack-based buffer overflow exists in the software due to insufficient bounds checking when handling user-supplied input. The ShowDownload function utilizes sprintf to format a string,...

go -- excessive resource consumption

The Go project reports: Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided ...

Cacti 安全漏洞

Cacti is a suite of open source network traffic monitoring and analysis tools from the Cacti team. The tool obtains data via snmpget, analyzes it using RRDtool drawing graphs, and provides data and user management features. A security vulnerability exists in Cacti versions prior to 1.2.29 that...

Lookyloo 跨站脚本漏洞

Lookyloo is a website capture tool from Lookyloo open source. A cross-site scripting vulnerability exists in Lookyloo versions prior to 1.35.3, which stems from the insecure use of the f string in Markup and could lead to cross-site scripting attacks...

USN-7901-1 openjdk-21-crac vulnerabilities

Jinfeng Guo discovered that the Security component of CRaC JDK 21 did not correctly handle certain representations of encoded strings. An unauthenticated remote attacker could possibly use this issue to modify files or leak sensitive information. CVE-2025-53057 Darius Bohni discovered that the JA...

USN-7901-1: CRaC JDK 21 vulnerabilities

Jinfeng Guo discovered that the Security component of CRaC JDK 21 did not correctly handle certain representations of encoded strings. An unauthenticated remote attacker could possibly use this issue to modify files or leak sensitive information. CVE-2025-53057 Darius Bohni discovered that the JA...

Revive Adserver: INI Format string injection in Revive Adserver 6.0.4 settings

Vulnerability description not provided...

Security update for grub2

This update for grub2 fixes the following issues: CVE-2025-54771: Fixed rubfileclose does not properly controls the fs refcount bsc1252931 CVE-2025-54770: Fixed missing unregister call for netsetvlan command may lead to use-after-free bsc1252930 CVE-2025-61662: Fixed missing unregister call for...

OESA-2025-2738 grub2 security update

GNU GRUB is a Multiboot boot loader. It was derived from GRUB, the GRand Unified Bootloader, which was originally designed and implemented by Erich Stefan Boleyn. Security Fixes: A use-after-free vulnerability has been identified in the GNU GRUB Grand Unified Bootloader. The flaw occurs because t...

OESA-2025-2737 grub2 security update

GNU GRUB is a Multiboot boot loader. It was derived from GRUB, the GRand Unified Bootloader, which was originally designed and implemented by Erich Stefan Boleyn. Security Fixes: A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service...

OESA-2025-2736 grub2 security update

GNU GRUB is a Multiboot boot loader. It was derived from GRUB, the GRand Unified Bootloader, which was originally designed and implemented by Erich Stefan Boleyn. Security Fixes: A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service...

OESA-2025-2735 grub2 security update

GNU GRUB is a Multiboot boot loader. It was derived from GRUB, the GRand Unified Bootloader, which was originally designed and implemented by Erich Stefan Boleyn. Security Fixes: A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service...

SUSE-SU-2025:21162-1 Security update for java-21-openjdk

This update for java-21-openjdk fixes the following issues: Update to upstream tag jdk-21.0.9+10 October 2025 CPU: - CVE-2025-53066: Fixed enhance path factories bsc1252417. - CVE-2025-61748: Fixed enhance string handling bsc1252418. - CVE-2025-53057: Fixed enhance certificate handling bsc1252414...