CVE-2025-15469

Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error. Impact summary: A user signing or verifying files larger than 16MB with one-shot algorithms such as Ed25519, Ed448, or ML-DSA m...

CVE-2025-10457 Bluetooth: Out-Of-Context le_conn_rsp Handling

The function responsible for handling BLE connection responses does not verify whether a response is expected—that is, whether the device has initiated a connection request. Instead, it relies solely on identifier matching...

DRUPAL-CONTRIB-2025-066

This module enables you to pay for Commerce order to an environment provided and secured by the bank The module doesn't sufficiently verify the payment status on canceled orders. An attacker can issue a specially crafted request to update the order status to completed...

CVE-2025-27600 FastGPT SSRF

FastGPT is a knowledge-based platform built on the LLMs. Since the web crawling plug-in does not perform intranet IP verification, an attacker can initiate an intranet IP request, causing the system to initiate a request through the intranet and potentially obtain some private data on the intrane...

CVE-2024-48288

TP-Link TL-IPC42C V4.0202112271.0.16 is vulnerable to command injection due to the lack of malicious code verification on both the frontend and backend...

PYSEC-2022-4

The dnslib package through 0.9.16 for Python does not verify that the ID value in a DNS reply matches an ID value in a query...