2323 matches found
EUVD-2025-201751
In rebootWipeUserData of RecoverySystem.java, there is a possible way to factory reset the device while in DSU mode due to a missing permission check. This could lead to physical denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48614
In rebootWipeUserData of RecoverySystem.java, there is a possible way to factory reset the device while in DSU mode due to a missing permission check. This could lead to physical denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
Medium: postgresql15
Issue Overview: Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail...
Medium: aws-cfn-bootstrap
Issue Overview: Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc...
CVE-2025-64046
OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting XSS in /system/update-run.php...
CVE-2025-64046
OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting XSS in /system/update-run.php...
CVE-2025-64046
OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting XSS in /system/update-run.php...
CVE-2025-64046
OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting XSS in /system/update-run.php...
CVE-2025-64046
OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting XSS in /system/update-run.php...
Low: firefox
Issue Overview: No CVE associated with this advisory Affected Packages: firefox Note: This advisory is applicable to Amazon Linux 2 - Firefox Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories...
Critical: lasso
Issue Overview: A denial of service vulnerability exists in the lassoproviderverifysamlsignature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability. CVE-2025-4640...
Low: runc
Issue Overview: No CVE associated with this advisory Affected Packages: runc Note: This advisory is applicable to Amazon Linux 2 - Docker Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989301)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989301 advisory. In the Linux kernel, the following vulnerability has been resolved: mlxsw: thermal: Fix out-of-bounds memory accesses Currently, mlxsw allows cooling states to be se...
CVE-2025-43439
A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, visionOS 26.1. An app may be able to fingerprint the user...
CVE-2025-43350
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.1 and iPadOS 26.1. An attacker may be able to view restricted content from the lock screen...
PT-2025-44850
Name of the Vulnerable Software and Affected Versions macOS versions prior to 15.7.2 Description A permissions issue existed due to insufficient sandbox restrictions, potentially allowing an application to access sensitive user data. Recommendations Update to macOS version 15.7.2 to address the...
PT-2025-50995
Name of the Vulnerable Software and Affected Versions macOS versions prior to 26.1 Description A flaw exists in how the operating system parses directory paths, potentially allowing an application to access sensitive user data. The issue was resolved through enhanced path validation...
Important: 7zip
Issue Overview: This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handlin...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: scsi: target: targetcoreconfigfs: Add length check to avoid buffer overflow CVE-2025-39998 In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ipvsftp unregister during netns cleanup...
Medium: cuda-nvcc-12-9
Issue Overview: NVIDIA nvJPEG library contains a vulnerability where an attacker can cause an out-of-bounds read by means of a specially crafted JPEG file. A successful exploit of this vulnerability might lead to information disclosure or denial of service. CVE-2025-23272 Affected Packages:...