Astra Linux – Vulnerability in WebKit2GTK

A logic issue has been resolved through improved validation. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, and watchOS 10.4. Processing maliciously crafted web content may prevent the Content Security Policy...

Astra Linux – Vulnerability in Chromium

Insufficient data validation in the File System API of Google Chrome prior to version 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions through a crafted HTML page...

CVE-2025-36920

In hypalloc of arch/arm64/kvm/hyp/nvhe/alloc.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-61614

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed...

CVE-2026-1565

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'WPUFAdminSettings::checkfiletypeandext' function and in the...

Erugo code issues and vulnerabilities

Erugo is an open-source file sharing platform developed by Erugo. Versions of Erugo 0.2.14 and earlier have code vulnerabilities. These vulnerabilities stem from insufficient path validation when creating shares. This allows low-privilege users to upload arbitrary files to designated locations,...

CVE-2025-12943

Improper certificate validation in firmware update logic in NETGEAR RAX30 Nighthawk AX5 5-Stream AX2400 WiFi 6 Router and RAXE300 Nighthawk AXE7800 Tri-Band WiFi 6E Router allows attackers with the ability to intercept and tamper traffic destined to the device to execute arbitrary commands on the...

CVE-2025-24333

CVE-2025-24333 affects Nokia Single RAN baseband software prior to 24R1-SR 1.0 MP. The root cause is an administrative shell input validation fault that could allow an authenticated admin to inject commands into the baseband OAM service process via special characters in the internal COMA_config.x...

AMD μProf Security Vulnerability

AMD μProf is a performance analysis tool from UltraMicroelectronics AMD for applications running on Windows, Linux, and FreeBSD operating systems. A security vulnerability exists in AMD μProf that stems from insufficient validation of the IOCTL input buffer, which could allow an attacker to send ...

The vulnerability of the WDAC OLE DB driver for SQL Server on Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the WDAC OLE DB driver for SQL Server on Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

Nvidia NVIDIA TLK 输入验证错误漏洞

Nvidia NVIDIA TLK is a scheduler from Nvidia Corporation of America for use with Trusted Firmware-A TF-A. NVIDIA TLK suffers from an Input Validation Error vulnerability that stems from Trusty TLK containing a vulnerability in the NVIDIA TLK kernel function, where a missing check allows...

The vulnerability of the XLookupColor() function in the libX11 library, which stems from insufficient input data validation, allows a malicious actor to perform denial-of-service attacks.

The vulnerability of the XLookupColor function in the libX11 library is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to cause a denial-of-service attack by running a specially created application on the system...

Panorama NHIServiSignAdapter Input Validation Error Vulnerability

Panorama NHIServiSignAdapter is a security control component for panoramic surveillance devices from China Panorama. A security vulnerability exists in NHIServiSignAdapter, which stems from a failure of the digest generation function to validate the path to the source file, resulting in SMB...

USN-4446-2 squid3 regression

USN-4446-1 fixed vulnerabilities in Squid. The update introduced a regression when using Squid with the icap or ecap protocols. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jeriko One discovered that Squid incorrectly handled caching certain...

The vulnerability of the Windows operating system’s font library allows a hacker to execute arbitrary code.

The vulnerability of Windows font libraries is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted embedded font...

Open-Xchange OX Guard Cross Site Scripting / Signature Validation

Dear subscribers, we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs appsuite, dovecot, powerdns at HackerOne. Yours sincerely, Martin Heiland, Open-Xchange GmbH Product: OX...

Multiple Cisco Products FXOS and UCS Fabric Interconnect Software Input Validation Vulnerabilities

Cisco Firepower 4100 Series Next-Generation Firewall and so on are the products of the American Cisco Cisco company.Cisco Firepower 4100 Series Next-Generation Firewall is a firewall product.UCS 6200 Cisco Firepower 4100 Series Next-Generation Firewall is a firewall product. UCS 6200 Series Fabri...

The vulnerability of the perfAddFormServer.gwtsvc component in the HPE Intelligent Management Center PLAT software platform allows a perpetrator to execute arbitrary code.

The vulnerability of the perfAddFormServer.gwtsvc component in the HPE Intelligent Management Center PLAT software platform is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely by using the beanName...