CVE-2025-15013

A vulnerability was identified in floooh sokol up to 5d11344150973f15e16d3ec4ee7550a73fb995e0. The impacted element is the function sgvalidatepipelinedesc in the library sokolgfx.h. Such manipulation leads to stack-based buffer overflow. The attack must be carried out locally. The exploit is...

CVE-2025-15013

A vulnerability was identified in floooh sokol up to 5d11344150973f15e16d3ec4ee7550a73fb995e0. The impacted element is the function sgvalidatepipelinedesc in the library sokolgfx.h. Such manipulation leads to stack-based buffer overflow. The attack must be carried out locally. The exploit is...

CVE-2025-15013

A vulnerability was identified in floooh sokol up to 5d11344150973f15e16d3ec4ee7550a73fb995e0. The impacted element is the function sgvalidatepipelinedesc in the library sokolgfx.h. Such manipulation leads to stack-based buffer overflow. The attack must be carried out locally. The exploit is...

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the sgvalidatepipelinedesc function. An attacker can execute arbitrary code or cause a crash by supplying crafted input that triggers a stack-based buffer overflow. Remediation A fix was pushed into the...

Sokol 安全漏洞

Sokol is a platform interface for Andre Weissflog individual developers. A security vulnerability exists in Sokol, which stems from a misbehavior of the function sgvalidatepipelinedesc in the library sokolgfx.h, which could lead to a stack buffer overflow...

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-991153)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991153 advisory. In the Linux kernel, the following vulnerability has been resolved: dm raid: fix accesses beyond end of raid member array On dm-raid table load using raidctr, dm-rai...

SUSE CVE-2023-53820

In the Linux kernel, the following vulnerability has been resolved: loop: loopsetstatusfrominfo check before assignment In loopsetstatusfrominfo, lo-looffset and lo-losizelimit should be checked before reassignment, because if an overflow error occurs, the original correct value will be changed t...

CVE-2025-48628

In validateIconUserBoundary of PrintManagerService.java, there is a possible cross-user image leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-40335

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate userq input args This will help on validating the userq input args, and rejecting for the invalid userq request at the IOCTLs first place...

CVE-2025-40334 drm/amdgpu: validate userq buffer virtual address and size

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate userq buffer virtual address and size It needs to validate the userq object virtual address to determine whether it is residented in a valid vm mapping...

EUVD-2025-201741

In validateIconUserBoundary of PrintManagerService.java, there is a possible cross-user image leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Inside Hive Pro: A Complete Platform Review

Knowing you have a vulnerability is one thing; knowing if you’re truly exposed is another. A critical vulnerability might exist on a server, but can an attacker actually reach it? Will your firewall block the attempt? Will your EDR detect the payload? Traditional vulnerability management can't...

Malicious code in session-validate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91001b31023cb6f1a30d084b1c484e703936c4378ac7b76fc85dd023771cd8d2 The package session-validate was found to contain malicious code...

MAL-2025-191586 Malicious code in session-validate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91001b31023cb6f1a30d084b1c484e703936c4378ac7b76fc85dd023771cd8d2 The package session-validate was found to contain malicious code...

Malicious code in cookie-validate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 759ee3039b2e22e1b76401c70ec7d3a1954d903ec6aa70da0a3721d65c1d3937 The package cookie-validate was found to contain malicious code...

MAL-2025-191569 Malicious code in cookie-validate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 759ee3039b2e22e1b76401c70ec7d3a1954d903ec6aa70da0a3721d65c1d3937 The package cookie-validate was found to contain malicious code...

ASB-A-376462130

In validateIconUserBoundary of PrintManagerService.java, there is a possible cross-user image leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Malicious Package

Overview cookie-validate is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this package...

kernel: ALSA: usb-audio: Validate UAC3 power domain descriptors, too

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 power domain descriptors, too UAC3 power domain descriptors need to be verified with its variable bLength for avoiding the unexpected OOB accesses by malicious firmware, too...

MAL-2025-190634 Malicious code in @validate-pubkey/hex (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 05db2afe6b0d7557f2c2153dd15df68ab69667e8402bf92f2b2e2d900eb5728f The package @validate-pubkey/hex was found to contain malicious code. Source: ghsa-malware...