CVE-2025-39757 ALSA: usb-audio: Validate UAC3 cluster segment descriptors

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer sizes, too. Otherwis...

CVE-2025-30199

ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to base station via insecure connection between robot and base station...

CVE-2025-26454

In validateUriSchemeAndPermission of DisclaimersParserImpl.java , there is a possible way to access data from another user due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-9467

When the Vaadin Upload's start listener is used to validate metadata about an incoming upload, it is possible to bypass the upload validation. Users of affected versions should apply the following mitigation or upgrade. Releases that have fixed this issue include: Product version Vaadin 7.0.0 -...

drm/amd/display: Don't treat wb connector as physical in create_validate_stream_for_sink

...

SQL Injection

Overview cornflow is a cornflow is an open source multi-solver optimization server with a REST API built using flask. Affected versions of this package are vulnerable to SQL Injection via the validatepayload method in validators.py file, which fails to enforce strict schema checks. Remediation...

drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags

...

An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows attackers to cause a Denial of Service (DoS) via running a crafted binary.

...

Linux Distros Unpatched Vulnerability : CVE-2021-40262

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A stack exhaustion issue was discovered in FreeImage before 1.18.0 via the Validate function in PluginRAW.cpp. CVE-2021-40262 Note that Nessus relies on the...

Linux Distros Unpatched Vulnerability : CVE-2021-29662

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which in som...

Malicious code in @metadata-ipfs/validate-hash (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-41451 Malicious code in @metadata-ipfs/validate-hash (npm)

--- -= Per source details. Do not edit below this line.=-...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the api/v1/validate/code endpoint. A low-privileged user can gain administrative privileges by executing the /app/.venv/bin/langflow superuser command. Remediation Upgrade langflow-base to version 0.5.1 or...

Linux Distros Unpatched Vulnerability : CVE-2015-8972

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stack-based buffer overflow in the ValidateMove function in frontend/move.cc in GNU Chess aka gnuchess before 6.2.4 might allow context-dependent attackers to...

PT-2025-33634 · Portabilis · Portabilis I-Diario

Name of the Vulnerable Software and Affected Versions: Portabilis i-Diario versions up to 1.5.0 Description: A vulnerability exists in Portabilis i-Diario that allows for cross site scripting. The issue is located in the Informações Adicionais Page component, specifically within the...

UBUNTU-CVE-2023-4515

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate command request size In commit 2b9b8f3b68ed "ksmbd: validate command payload size", except for SMB2OPLOCKBREAKHE command, the request size of other commands is not checked, it's not expected. Fix it by add check f...

Malicious code in virtualize-balance-lambda-pipe-validate (npm)

The package virtualize-balance-lambda-pipe-validate was found to contain malicious code...

Malicious code in compress-process-sandbox-float-validate (npm)

The package compress-process-sandbox-float-validate was found to contain malicious code...

Malicious code in deploy-validate-execute-moon-protected (npm)

The package deploy-validate-execute-moon-protected was found to contain malicious code...

Malicious code in file-load-validate-cat-decode (npm)

The package file-load-validate-cat-decode was found to contain malicious code...