Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-1223)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1223 advisory. In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: fix use-after-free in stateshow CVE-2025-39877 In the Linux kernel, the following vulnerability has been...

Ruijie RG-UAC Application Management Gateway 安全漏洞

Ruijie RG-UAC Application Management Gateway is an Internet behavior management security gateway from Ruijie. A security vulnerability exists in the Ruijie RG-UAC Application Management Gateway, which is caused by a command injection in the nmcsync.php interface, which could lead to the execution...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that originates from a post-release reuse issue in hciaclcreateconnsync and hcilecreateconnsync, which could lead to memory...

VulnCheck KEV: CVE-2023-7304

Ruijie RG-UAC Application Management Gateway contains a command injection vulnerability via the 'nmcsync.php' interface. An unauthenticated attacker able to reach the affected endpoint can inject shell commands via crafted request data, causing the application to execute arbitrary commands on the...

CVE-2025-9621

The WidgetPack Comment System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.1. This is due to missing or incorrect nonce validation on the wpcmtsync action in the wpcmtrequesthandler function. This makes it possible for unauthenticated...

Fedora 41 : chromium (2025-ed59372bc2)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-ed59372bc2 advisory. Update to 141.0.7390.65 High CVE-2025-11458: Heap buffer overflow in Sync High CVE-2025-11460: Use after free in Storage Medium CVE-2025-11211: Out ...

Withdrawn Advisory: cross-zip is vulnerable to Directory Traversal through selective use of zip/unzip operations

Withdrawn Advisory This advisory has been withdrawn because it does not discuss a valid vulnerability. This link is maintained to preserve external references. Original Description All versions of the package cross-zip are vulnerable to Directory Traversal via consecutive usage of zipSync and...

CVE-2025-11569

...

CVE-2025-11569

The connected data identifies a concrete vulnerability in the cross-zip JavaScript package. A Directory Traversal flaw exists when repeatedly using zipSync() and unzipSync() with arguments such as __dirname, allowing an attacker to access host system files. Red Hat lists all versions of cross-zip...

Chromium: CVE-2025-11458 Heap buffer overflow in Sync

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Microsoft Edge (Chromium) < 141.0.3537.71 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 141.0.3537.71. It is, therefore, affected by multiple vulnerabilities as referenced in the October 9, 2025 advisory. - Use after free in Storage. CVE-2025-11460 - Heap buffer overflow in Sync. CVE-2025-11458 Note that...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, Inc USA. A security vulnerability exists in Google Chrome that stems from a heap buffer overflow issue in Sync...

SUSE CVE-2025-11458

Heap buffer overflow in Sync in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...

CVE-2025-48464

Successful exploitation of the vulnerability could allow an unauthenticated attacker to gain access to a victim’s Sync account data such as account credentials and email protection information...

CVE-2025-48464 Exposure of Sensitive Information

Successful exploitation of the vulnerability could allow an unauthenticated attacker to gain access to a victim’s Sync account data such as account credentials and email protection information...

CVE-2025-48464 Exposure of Sensitive Information

Successful exploitation of the vulnerability could allow an unauthenticated attacker to gain access to a victim’s Sync account data such as account credentials and email protection information...

CVE-2025-48464

CVE-2025-48464 describes a vulnerability in Sync that could allow an unauthenticated attacker to access a victim’s Sync account data, including account credentials and email protection information. The available documents identify the affected product as Sync and cite unauthorized access to sensi...

Linux Distros Unpatched Vulnerability : CVE-2025-39896

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - accel/ivpu: Prevent recovery work from being queued during device removal Use disableworksync instead of cancelworksync in ivpudevfini to ensure that no new...

PT-2025-41237

Name of the Vulnerable Software and Affected Versions Sync affected versions not specified Description Exploitation of the issue could allow an unauthenticated attacker to gain access to a victim’s Sync account data, including account credentials and email protection information. Recommendations ...

GHSA-VG2R-RMGP-CGQJ Deno's --deny-write check does not prevent permission bypass

Summary Deno.FsFile.prototype.utime and Deno.FsFile.prototype.utimeSync are not limited by the permission model check --deny-write=./. It's possible to change to change the access atime and modification mtime times on the file stream resource even when the file is opened with read only permission...