22107 matches found
DHCP Client Service Denial of Service Vulnerability
...
Microsoft Office Remote Code Execution Vulnerability
...
Microsoft Office Remote Code Execution Vulnerability
...
The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache.
...
Chromium: CVE-2025-0451 Inappropriate implementation in Extensions API
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2025-0445 Use after free in V8
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2025-0444 Use after free in Skia
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
...
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
...
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
...
Microsoft Edge for IOS and Android Spoofing Vulnerability
...
Microsoft Dynamics 365 Sales Elevation of Privilege Vulnerability
Server-side request forgery ssrf in Microsoft Dynamics 365 Sales allows an authorized attacker to elevate privileges over a network...
Microsoft Edge (Chromium-based) Spoofing Vulnerability
...
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
...
Microsoft Edge (Chromium-based) Spoofing Vulnerability
...
btrfs: fix information leak in btrfs_ioctl_logical_to_ino()
...
xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.
...
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.
...
With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. This vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23.
...
Git LFS permits exfiltration of credentials via crafted HTTP URLs
...
Chromium: CVE-2025-0762 Use after free in DevTools
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt
...
Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in the gh cli
...
go-gh `auth.TokenForHost` violates GitHub host security boundary within a codespace
...
mctp i2c: handle NULL header address
...
ksmbd: Fix the missing xa_store error check
...
phy: qcom: qmp-usb: fix NULL-deref on runtime suspend
...
nvmet-auth: assign dh_key to NULL after kfree_sensitive
...
ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp
...
usb: typec: qcom-pmic: init value of hdr_len/txbuf_len earlier
...
ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow()
...
ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove
...
arm64/sve: Discard stale CPU state when handling SVE traps
...
iio: gts-helper: Fix memory leaks in iio_gts_build_avail_scale_table()
...
spi: spi-fsl-dspi: Fix crash when not using GPIO chip select
...
nommu: pass NULL argument to vma_iter_prealloc()
...
x86/lam: Disable ADDRESS_MASKING in most cases
...
mm: krealloc: Fix MTE false alarm in __do_krealloc
...
iio: gts-helper: Fix memory leaks for the error path of iio_gts_build_avail_scale_table()
...
mptcp: init: protect sched with rcu_read_lock
...
ksmbd: check outstanding simultaneous SMB operations
...
filemap: Fix bounds checking in filemap_read()
...
signal: restore the override_rlimit logic
...
arm64: dts: imx8ulp: correct the flexspi compatible string
...
net: enetc: allocate vf_state during PF probes
...
ntfs3: Add bounds checking to mi_enum_attr()
...
ACPI: CPPC: Make rmw_lock a raw_spin_lock
...
phy: qcom: qmp-usb-legacy: fix NULL-deref on runtime suspend
...
udf: refactor inode_bmap() to handle error
...
sched/numa: Fix the potential null pointer dereference in task_numa_work()
...