CVE-2026-8290 Open5GS SMF nsmf-handler.c smf_nsmf_handle_update_data_in_vsmf denial of service

A security flaw has been discovered in Open5GS up to 2.7.7. This issue affects the function smfnsmfhandleupdatedatainvsmf of the file /src/smf/nsmf-handler.c of the component SMF. The manipulation results in denial of service. The attack can be executed remotely. The exploit has been released to...

AZL-75147 CVE-2025-71149 affecting package kernel for versions less than 6.6.121.1-1

In the Linux kernel, the following vulnerability has been resolved: iouring/poll: correctly handle iopolladd return value on update When the core of iouring was updated to handle completions consistently and with fixed return codes, the POLLREMOVE opcode with updates got slightly broken. If a...

CVE-2025-71149 io_uring/poll: correctly handle io_poll_add() return value on update

In the Linux kernel, the following vulnerability has been resolved: iouring/poll: correctly handle iopolladd return value on update When the core of iouring was updated to handle completions consistently and with fixed return codes, the POLLREMOVE opcode with updates got slightly broken. If a...

CVE-2025-65782

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Authorization flaw in card update handling allows board members and potentially other authenticated users to add/remove arbitrary user IDs in vote.positive / vote.negative arrays, enabling vo...

SUSE CVE-2024-55553

In FRRouting FRR before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update received via RTR exceeds the internal socket's buffer size, default 4K on most OSes. An attacker can use this to trigger re-parsing of the RIB for FRR routers using RTR by causing more than th...

PT-2024-20179 · Sony · Sony Xav-Ax5500

Name of the Vulnerable Software and Affected Versions: Sony XAV-AX5500 affected versions not specified Description: This issue allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this issue...

(Pwn2Own) Microsoft Exchange Server Missing Check of Message Integrity Vulnerability

This vulnerability allows network-adjacent attackers to tamper with update data on affected installations of Microsoft Exchange Server. User interaction is required to exploit this vulnerability. The specific flaw exists within the handling of Exchange Server Help updates. The issue results from ...

Mozilla Firefox Heap Overflow Vulnerability

Mozilla Firefox is an open source WEB browser. A heap overflow vulnerability exists in Mozilla Firefox's handling of update files, which allows remote attackers to exploit the vulnerability by submitting a special WEB request that can be tricked into being parsed by the user, which can cause the...

CVE-2020-7278

Exploiting incorrectly configured access control security levels vulnerability in ENS Firewall in McAfee Endpoint Security ENS for Windows prior to 10.7.0 April 2020 and 10.6.1 April 2020 updates allows remote attackers and local users to allow or block unauthorized traffic via pre-existing rules...

CVE-2019-1158

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system. There are multiple ways an attacker could exploit...

CVE-2019-1168

An elevation of privilege exists in the p2pimsvc service where an attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially...

CVE-2019-1028

An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This...

Windows Audio Service Elevation of Privilege Vulnerability

An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This...

Nested attributes rejection proc bypass in Active Record

There is a vulnerability in how the nested attributes feature in Active Record handles updates in combination with destroy flags when destroying records is disabled. This vulnerability has been assigned the CVE identifier CVE-2015-7577. Versions Affected: 3.1.0 and newer Not affected: 3.0.x and...

mailman security and bug fix update

3:2.1.12-25 - fix CVE-2002-0389 - local users able to read private mailing list archives 3:2.1.12-24 - fix CVE-2015-2775 - directory traversal in MTA transports 3:2.1.12-23 - fix 1095359 - handle update when some mailing lists have been created by newer Mailman than this one 3:2.1.12-22 - fix...

[SECURITY] [DLA 49-1] acpi-support security update

Package : acpi-support Version : 0.137-5+deb6u2 CVE ID : CVE-2014-0484 During a review for EDF, Raphael Geissert discovered that the acpi-support package did not properly handle data obtained from a users environment...

Low: augeas

Issue Overview: Multiple flaws were found in the way Augeas handled configuration files when updating them. An application using Augeas to update configuration files in a directory that is writable to by a different user for example, an application running as root that is updating files in a...