6578 matches found
quiche -- Multiple vulnerabilities
Quiche Releases reports: This update includes 2 security fixes: Medium CVE-2025-4820: Incorrect congestion window growth by optimistic ACK. Reported by Louis Navarre on 2025-06-18. High CVE-2025-4821: Incorrect congestion window growth by invalid ACK ranges. Reported by Louis Navarre on 2025-06-1...
clamav -- ClamAV UDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
Cisco reports: A vulnerability in Universal Disk Format UDF processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to a memory overread during UDF file scanning. An attacker could exploit thi...
clamav -- ClamAV PDF Scanning Buffer Overflow Vulnerability
Cisco reports: A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service DoS condition, or execute arbitrary code on an affected device. This vulnerability exists because memory buffers a...
xorg server -- Multiple vulnerabilities
The X.Org project reports: CVE-2025-49175: Out-of-bounds access in X Rendering extension Animated cursors The X Rendering extension allows creating animated cursors providing a list of cursors. By default, the Xserver assumes at least one cursor is provided while a client may actually pass no...
xorg server -- Multiple vulnerabilities
The X.Org project reports: CVE-2025-49176: Integer overflow in Big Requests Extension The Big Requests extension allows requests larger than the 16-bit length limit. It uses integers for the request length and checks for the size not to exceed the maxBigRequestSize limit, but does so after...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 3 security fixes: 420697404 High CVE-2025-6191: Integer overflow in V8. Reported by Shaheen Fazim on 2025-05-27 421471016 High CVE-2025-6192: Use after free in Profiler. Reported by Chaoyuan Peng @ret2happy on 2025-05-31...
Erlang - Absolute Path in Zip Module
https://github.com/erlang/otp/security/advisories/GHSA-9g37-pgj9-wrhc reports: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP stdlib modules allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program...
PostgreSQL JDBC library -- Improper Authentication
PostgreSQL JDBC Driver project reports: Client Allows Fallback to Insecure Authentication Despite channelBinding=require configuration. Fix channel binding required handling to reject non-SASL authentication Previously, when channel binding was set to "require", the driver would silently ignore...
Firefox -- Multiple vulnerabilities
[email protected] reports: CVE-2025-49709: Certain canvas operations could have lead to memory corruption. CVE-2025-49710: An integer overflow was present in OrderedHashTable used by the JavaScript engine...
Gitlab -- Vulnerabilities
Gitlab reports: HTML injection impacts GitLab CE/EE Cross-site scripting issue impacts GitLab CE/EE Missing authorization issue impacts GitLab Ultimate EE Denial of Service impacts GitLab CE/EE Denial of Service via unbounded Webhook token names impacts GitLab CE/EE Denial of Service via unbounde...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 2 security fixes: $8000420150619 High CVE-2025-5958: Use after free in Media. Reported by Huang Xilin of Ant Group Light-Year Security Lab on 2025-05-25 NA422313191 High CVE-2025-5959: Type Confusion in V8. Reported by Seunghyun Lee as part of...
electron{34,35,36} -- Out of bounds read and write in V8
Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2025-5419...
Chrome -- Out of bounds read
[email protected] reports: Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 3 security fixes: 420636529 High CVE-2025-5419: Out of bounds read and write in V8. Reported by Clement Lecigne and Benoît Sevens of Google Threat Analysis Group on 2025-05-27. This issue was mitigated on 2025-05-28 by a configuration change pushed ou...
ModSecurity -- possible DoS vulnerability
[email protected] reports: ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The sanitiseArg and sanitizeArg -...
Post-Auth Remote Code Execution found in Roundcube Webmail
Roundcube Webmail reports: Fix Post-Auth RCE via PHP Object Deserialization reported by firs0v...
navidrome -- transcoding permission bypass vulnerability
Deluan Quintão reports: A permission verification flaw in Navidrome allows any authenticated regular user to bypass authorization checks and perform administrator-only transcoding configuration operations, including creating, modifying, and deleting transcoding settings...
Navidrome -- SQL Injection via role parameter
Deluan reports: This vulnerability arises due to improper input validation on the role parameter within the API endpoint /api/artist. Attackers can exploit this flaw to inject arbitrary SQL queries, potentially gaining unauthorized access to the backend database and compromising sensitive user...
electron{34,35} -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2025-4609. Security: backported fix for CVE-2025-4664...
curl -- Multiple vulnerabilities
curl security team reports: CVE-2025-5025: No QUIC certificate pinning with wolfSSL CVE-2025-4947: QUIC certificate check skip with wolfSSL...
redis,valkey -- {redis,valkey}-check-aof may lead to stack overflow and potential RCE
Simcha Kosman & CyberArk Labs reports: A user can run the redis,valkeyu-check-aof cli and pass a long file path to trigger a stack buffer overflow, which may potentially lead to remote code execution...
ISC KEA -- Multiple vulnerabilities
Internet Systems Consortium, Inc. reports: Loading a malicious hook library can lead to local privilege escalation https://kb.isc.org/docs/cve-2025-32801 Insecure handling of file paths allows multiple local attacks https://kb.isc.org/docs/cve-2025-32802 Insecure file permissions can result in...
qt6-webengine -- Multiple vulnerabilities
Qt qtwebengine-chromium repo reports: Backports for 25 security bugs in Chromium: CVE-2025-5063: Use after free in Compositing CVE-2025-5064: Inappropriate implementation in Background Fetch CVE-2025-5065: Inappropriate implementation in FileSystemAccess API CVE-2025-5068: Use after free in Blink...
Mozilla -- clickjacking vulnerability
[email protected] reports: A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page...
Mozilla -- XS-leak attack
[email protected] reports: Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks...
Mozilla -- local code execution
[email protected] reports: Due to insufficient escaping of the newline character in the Copy as cURL feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system...
Chrome -- Heap corruption exploitation
[email protected] reports: Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
Mozilla -- memory corruption
[email protected] reports: Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code...
Firefox -- unencrypted SNI
[email protected] reports: In certain cases, SNI could have been sent unencrypted even when encrypted DNS was enabled...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 11 security fixes: 411573532 High CVE-2025-5063: Use after free in Compositing. Reported by Anonymous on 2025-04-18 417169470 High CVE-2025-5280: Out of bounds write in V8. Reported by pwn2car on 2025-05-12 40058068 Medium CVE-2025-5064: Inappropriate...
libxml2 -- multiple vulnerabilities
Alan Coopersmith reports: As discussed in https://gitlab.gnome.org/GNOME/libxml2/-/issues/913 the security policy of libxml2 has been changed to disclose vulnerabilities before fixes are available so that people other than the maintainer can contribute to fixing security issues in this library. A...
Mozilla -- cross-origin leak attack
[email protected] reports: Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks...
Mozilla -- Memory safety bugs
[email protected] reports: Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
Firefox -- content injection attack
[email protected] reports: Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks...
Mozilla -- Memory safety bugs
[email protected] reports: Memory safety bugs present in Firefox 138 and Thunderbird 138. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
traefik -- Path traversal vulnerability
The traefik project reports: There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path, if the URL contains a URL encoded string in its path, it...
OpenSSL -- Inverted security logic in x509 app
The OpenSSL project reports: The x509 application adds trusted use instead of rejected use low...
ModSecurity -- possible DoS vulnerability
[email protected] reports: ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content...
ModSecurity -- Possible DoS Vulnerability
[email protected] reports: ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content...
Gitlab -- vulnerabilities
Gitlab reports: Unprotected large blob endpoint in GitLab allows Denial of Service Improper XPath validation allows modified SAML response to bypass 2FA requirement A Discord webhook integration may cause DoS Unbounded Kubernetes cluster tokens may lead to DoS Unvalidated notes position may lead ...
firefox -- out-of-bounds read/write
[email protected] reports: An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes...
py-setuptools -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf reports: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version 78.1.1. An...
cpython -- Use-after-free in "unicode_escape" decoder with error handler
[email protected] reports: There is an issue in CPython when using bytes.decode"unicodeescape", error="ignore|replace". If you are not using the "unicodeescape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap t...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 4 security fixes: 415810136 High CVE-2025-4664: Insufficient policy enforcement in Loader. Source: X post from @slonser on 2025-05-05 412578726 High CVE-2025-4609: Incorrect handle provided in unspecified circumstances in Mojo. Reported by Micky on...
vscode -- security feature bypass vulnerability
VSCode developers report: A security feature bypass vulnerability exists in VS Code 1.100.0 and earlier versions where a maliciously crafted URL could be considered trusted when it should not have due to how VS Code handled glob patterns in the trusted domains feature. When paired with the fetch...
www/varnish7 -- Request Smuggling Attack
The Varnish Development Team reports: A client-side desync vulnerability can be triggered in Varnish Cache and Varnish Enterprise. This vulnerability can be triggered under specific circumstances involving malformed HTTP/1 requests. An attacker can abuse a flaw in Varnish's handling of chunked...
screen -- multiple vulnerabilities
The screen project reports: Multiple security issues in screen...
WeeChat -- Multiple vulnerabilities
The Weechat project reports: Multiple integer and buffer overflows in WeeChat core...
PostgreSQL -- PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation
PostgreSQL project reports: A buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before...
Gitlab -- vulnerabilities
Gitlab reports: Partial Bypass for Device OAuth flow using Cross Window Forgery Denial of service by abusing Github import API Group IP restriction bypass allows disclosing issue title of restricted project...