12622 matches found
EUVD-2024-0323
Malicious code in bioql PyPI...
EUVD-2022-36303
Malicious code in bioql PyPI...
EUVD-2022-31736
Malicious code in bioql PyPI...
EUVD-2025-24844
Malicious code in bioql PyPI...
FreeBSD : fetchmail -- potential crash when authenticating to SMTP server (21fba35e-a05f-11f0-a8b8-a1ef31191bc1)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 21fba35e-a05f-11f0-a8b8-a1ef31191bc1 advisory. Matthias Andree reports: fetchmail's SMTP client, when configured to authenticate, is susceptible to a...
CVE-2025-61604 WeGIA: Cross-Site Request Forgery (CSRF) Vulnerability in `control.php` Endpoint
WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain a Cross-Site Request Forgery CSRF vulnerability. The delete operation for the Almoxarifado entity is exposed via HTTP GET without CSRF protection, allowing a third-party site to trigger...
netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions
A flaw in Netty’s HTTP/1.1 chunked encoding parser allows newline LF characters in chunk extensions to be incorrectly treated as the end of the chunk-size line instead of requiring the proper CRLF sequence. This discrepancy can be exploited in rare cases where a reverse proxy interprets the same...
netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability
A flaw was found in Netty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts...
netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability
A flaw was found in Netty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts...
CVE-2025-39928
In the Linux kernel, the following vulnerability has been resolved: i2c: rtl9300: ensure data length is within supported range Add an explicit check for the xfer length to 'rtl9300i2cconfigxfer' to ensure the data length isn't within the supported range. In particular a data length of 0 is not...
TLoRa: Implementing TLS over LoRa for Secure HTTP Communication in IoT
We present TLoRa, an end-to-end architecture for HTTPS communication over LoRa by integrating TCP tunneling and a complete TLS 1.3 handshake. It enables a seamless and secure communication channel between WiFi-enabled end devices and the Internet over LoRa using an End Hub EH and a Net Relay NR...
PT-2025-40425
Name of the Vulnerable Software and Affected Versions WeGIA versions 3.4.12 and below Description WeGIA, a web manager designed for charitable institutions, is susceptible to a Cross-Site Request Forgery CSRF issue. The deletion function for the Almoxarifado entity is accessible through an HTTP G...
SUSE CVE-2025-39928
In the Linux kernel, the following vulnerability has been resolved: i2c: rtl9300: ensure data length is within supported range Add an explicit check for the xfer length to 'rtl9300i2cconfigxfer' to ensure the data length isn't within the supported range. In particular a data length of 0 is not...
The default configuration of NCSA Telnet package for Macintosh and PC enables FTP, even though it does not include an "ftp=yes" line, which allows remote attackers to read and modify arbitrary files.
...
SUSE-SU-2025:03444-1 Security update for nginx
This update for nginx fixes the following issues: - CVE-2025-53859:�the server side may leak arbitrary bytes during the NGINX SMTP authentication process bsc1248070. - CVE-2025-23419: session resumption can bypass client certificate authentication requirements using TLSv1.3 bsc1236851...
UBUNTU-CVE-2025-39928
In the Linux kernel, the following vulnerability has been resolved: i2c: rtl9300: ensure data length is within supported range Add an explicit check for the xfer length to 'rtl9300i2cconfigxfer' to ensure the data length isn't within the supported range. In particular a data length of 0 is not...
CVE-2025-39928 i2c: rtl9300: ensure data length is within supported range
In the Linux kernel, the following vulnerability has been resolved: i2c: rtl9300: ensure data length is within supported range Add an explicit check for the xfer length to 'rtl9300i2cconfigxfer' to ensure the data length isn't within the supported range. In particular a data length of 0 is not...
CVE-2025-39928 i2c: rtl9300: ensure data length is within supported range
In the Linux kernel, the following vulnerability has been resolved: i2c: rtl9300: ensure data length is within supported range Add an explicit check for the xfer length to 'rtl9300i2cconfigxfer' to ensure the data length isn't within the supported range. In particular a data length of 0 is not...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from improper handling of transfer mode packets, which could lead to a soft lockup...
CVE-2025-56207
A security flaw in the 'transfer' function of a smart contract implementation for Money Making Opportunity MMO, an Ethereum ERC721 Non-Fungible Token NFT project, allows users or attackers to transfer NFTs to the zero address, leading to permanent asset loss and non-compliance with the ERC721...