BIT-LIBPHP-2021-21705 Incorrect URL validation in FILTER_VALIDATE_URL

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filtervar function with FILTERVALIDATEURL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and...

Linux Distros Unpatched Vulnerability : CVE-2024-43848

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix TTLM teardown work The worker calculates the wrong sdata pointer, so if ...

Linux Distros Unpatched Vulnerability : CVE-2022-50062

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: bgmac: Fix a BUG triggered by wrong bytescompl On one of our machines we got: kernel BUG at lib/dynamicqueuelimits.c:27! Internal error: Oops - BUG: 0 1...

An Overview of 7726 User Reports: Uncovering SMS Scams and Scammer Strategies

Mobile network operators implement firewalls to stop illicit messages, but scammers find ways to evade detection. Previous work has looked into SMS texts that are blocked by these firewalls. However, there is little insight into SMS texts that bypass them and reach users. To this end, we...

Exposure of Resource to Wrong Sphere

Overview Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere via the --addr-pool option when a subnet mask is not specified. An attacker can gain unauthorized access by connecting from any IPv4 address, bypassing intended IP-based access restrictions...

UBUNTU-CVE-2025-8028

On arm64, a WASM brtable instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1,...

USN-7634-1 glibc vulnerabilities

It was discovered that the GNU C Library incorrectly handled the strcmp implementation optimized for Power10 processors. This could cause applications to crash, compute wrong results, or leak confidential information. CVE-2025-5702 It was discovered that the GNU C Library incorrectly handled the...

Schneider Electric EcoStruxure Power Monitoring Expert和Schneider Electric EcoStruxure Power Operation 安全漏洞

Schneider Electric EcoStruxure Power Monitoring Expert and Schneider Electric EcoStruxure Power Operation Schneider Electric EPO are both products of the French company Schneider Electric Schneider Electric EcoStruxure Power Monitoring Expert is a device for power distribution monitoring in IoT...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from incorrect DMA cleanup in the wrong path, which could result in an invalid DMA address release...

Exposure of Resource to Wrong Sphere

Overview Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere via the duplicated context process. An attacker can access sensitive data from another transaction by triggering the duplication of an already duplicated context. Note: Duplicating a duplicated conte...

UBUNTU-CVE-2022-50062

In the Linux kernel, the following vulnerability has been resolved: net: bgmac: Fix a BUG triggered by wrong bytescompl On one of our machines we got: kernel BUG at lib/dynamicqueuelimits.c:27! Internal error: Oops - BUG: 0 1 PREEMPT SMP ARM CPU: 0 PID: 1166 Comm: irq/41-bgmac Tainted: G W O...

DEBIAN-CVE-2025-38034

In the Linux kernel, the following vulnerability has been resolved: btrfs: correct the order of prelimref arguments in btrfsprelimref btrfsprelimref calls the old and new reference variables in the incorrect order. This causes a NULL pointer dereference because oldref is passed as NULL to...

Security update for java-1_8_0-openj9

This update for java-180-openj9 fixes the following issues: CVE-2025-4447: Fixed buffer overflow in Eclipse OpenJ9 bsc1243429. CVE-2025-30698: Fixed 2D unauthorized data access and DoS bsc1241276. CVE-2025-30691: Fixed Compiler Unauthorized Data Access bsc1241275. CVE-2025-21587: Fixed unauthoriz...

The vulnerability of the io_uring/eventfd components in the Linux operating system’s kernel allows a hacker to cause a service failure.

The vulnerability of the Linux operating system’s kernel topology component is related to incorrect calculations in the functions ioqueuedeferred and ioeventfdops in the iouring/iouring.c file. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2025-20298

In Universal Forwarder for Windows versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory by default, C:\Program...

CVE-2023-30629

Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 through 0.3.7, the Vyper compiler generates the wrong bytecode. Any contract that uses the rawcall with revertonfailure=False and maxoutsize=0 receives the wrong response from rawcall. Depending on the...

CVE-2023-20917

In onTargetSelected of ResolverActivity.java, there is a possible way to share a wrong file due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2023-29513

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. If guest has view right on any document. It's possible to create a new user using the distribution/firstadminuser.wiki in the wrong context. This vulnerability has been patched in XWiki...

CVE-2022-40210

Exposure of data element to wrong session in the Intel DCM software before version 5.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2021-20598

Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules R08/16/32/120SFCPU all versions, R08/16/32/120PSFCPU all versions allows a remote unauthenticated attacker to lockout a legitimate user by continuously trying login with incorrect...