68528 matches found
CVE-2025-66648
vega-functions provides function implementations for the Vega expression language. Prior to version 6.1.1, for sites that allow users to supply untrusted user input, malicious use of an internal function not part of the public API could be used to run unintentional javascript XSS. This issue is...
CVE-2025-68764
In the Linux kernel, the following vulnerability has been resolved: NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags When a filesystem is being automounted, it needs to preserve the user-set superblock mount options, such as the "ro" flag...
CVE-2025-68752
In the Linux kernel, the following vulnerability has been resolved: iavf: Implement settime64 with -EOPNOTSUPP ptpclocksettime assumes every ptpclock has implemented settime64. Stub it with -EOPNOTSUPP to prevent a NULL dereference. The fix is similar to commit 329d050bbe63 "gve: Implement...
CVE-2025-68754
In the Linux kernel, the following vulnerability has been resolved: rtc: amlogic-a4: fix double free caused by devm The clock obtained via devmclkgetenabled is automatically managed by devres and will be disabled and freed on driver detach. Manually calling clkdisableunprepare in error path and...
CVE-2025-68765
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7615: Fix memory leak in mt7615mcuwtblstaadd In mt7615mcuwtblstaadd, an skb sskb is allocated. If the subsequent call to mt76connacmcuallocwtblreq fails, the function returns an error without freeing sskb, leading to a...
CVE-2025-68757
In the Linux kernel, the following vulnerability has been resolved: drm/vgem-fence: Fix potential deadlock on release A timer that expires a vgem fence automatically in 10 seconds is now released with timerdeletesync from fence-ops.release called on last dmafenceput. In some scenarios, it can run...
CVE-2025-68762
In the Linux kernel, the following vulnerability has been resolved: net: netpoll: initialize work queue before error checks Prevent a kernel warning when netconsole setup fails on devices with IFFDISABLENETPOLL flag. The warning at kernel/workqueue.c:4242 in flushwork occurs because the cleanup...
CVE-2025-68760
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix potential out-of-bounds read in iommummioshow In iommummiowrite, it validates the user-provided offset with the check: iommu-dbgmmiooffset iommu-mmiophysend - 4. This assumes a 4-byte access. However, the...
CVE-2025-68755
In the Linux kernel, the following vulnerability has been resolved: staging: most: remove broken i2c driver The MOST I2C driver has been completely broken for five years without anyone noticing so remove the driver from staging. Specifically, commit 723de0f9171e "staging: most: remove device from...
CVE-2025-68761
In the Linux kernel, the following vulnerability has been resolved: hfs: fix potential use after free in hfscorrectnextunusedCNID This code calls hfsbnodeputnode which drops the refcount and then dreferences "node" on the next line. It's only safe to use "node" when we're holding a reference so...
CVE-2025-68753
In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu: add bounds check in putuser loop for DSP events In the DSP event handling code, a putuser loop copies event data. When the user buffer size is not aligned to 4 bytes, it could overwrite beyond the buffer...
CVE-2025-68766
In the Linux kernel, the following vulnerability has been resolved: irqchip/mchp-eic: Fix error code in mchpeicdomainalloc If irqdomaintranslatetwocell sets "hwirq" to = MCHPEICNIRQ 2 then it results in an out of bounds access. The code checks for invalid values, but doesn't set the error code...
CVE-2025-68759
In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: Fix potential memory leaks in rtl8180initrxring In rtl8180initrxring, memory is allocated for skb packets and DMA allocations in a loop. When an allocation fails, the previously successful allocations are not freed...
CVE-2025-68758
In the Linux kernel, the following vulnerability has been resolved: backlight: led-bl: Add devlink to supplier LEDs LED Backlight is a consumer of one or multiple LED class devices, but devlink is currently unable to create correct supplier-producer links when the supplier is a class device. It...
CVE-2025-68756
In the Linux kernel, the following vulnerability has been resolved: block: Use RCU in blkmqunquiescetagset instead of set-taglistlock blkmqadd,delqueuetagset functions add and remove queues from tagset, the functions make sure that tagset and queues are marked as shared when two or more queues ar...
CVE-2025-68763
In the Linux kernel, the following vulnerability has been resolved: crypto: starfive - Correctly handle return of sgnentsforlen The return value of sgnentsforlen was assigned to an unsigned long in starfivehashdigest, causing negative error codes to be converted to large positive integers. Add...
CVE-2025-68751
In the Linux kernel, the following vulnerability has been resolved: s390/fpu: Fix false-positive kmsan report in fpuvstl A false-positive kmsan report is detected when running ping command. An inline assembly instruction 'vstl' can write varied amount of bytes depending on value of 'index'...
CVE-2026-21452
MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack files containing EXT32 objects with attacker-controlled payload lengths. While MessagePack-Java parses extension headers lazily, it later...
CVE-2026-21444
libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV initialization vector when certain symmetric ciphers were used...
CVE-2025-67268
gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/drivernmea2000.c file. The hnd129540 function, which handles NMEA2000 PGN 129540 GNSS Satellites in View packets, fails to validate the user-supplied satellite count against the size of the skyview...
CVE-2025-67269
An integer underflow vulnerability exists in the nextstate function in gpsd/packet.c of gpsd versions prior to commit ffa1d6f40bca0b035fc7f5e563160ebb67199da7. When parsing a NAVCOM packet, the payload length is calculated using lexer-length = sizetc - 4 without checking if the input byte c is le...
CVE-2025-15438
A vulnerability was determined in PluXml up to 5.8.22. Affected is the function FileCookieJar::destruct of the file core/admin/medias.php of the component Media Management Module. Executing a manipulation of the argument File can lead to deserialization. The attack can be launched remotely. The...
CVE-2025-15412
A security vulnerability has been detected in WebAssembly wabt up to 1.0.39. This issue affects the function wabt::Decompiler::VarName of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. Such manipulation leads to out-of-bounds read. Local access is required to approac...
CVE-2025-15411
A weakness has been identified in WebAssembly wabt up to 1.0.39. This vulnerability affects the function wabt::AST::InsertNode of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. This manipulation causes memory corruption. It is possible to launch the attack on the loc...
CVE-2026-21428
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.0, the writeheaders function does not check for CR & LF characters in user supplied headers, allowing untrusted header value to escape header lines. This vulnerability allows attackers to add...
CVE-2025-69412
KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API aka phishing API, which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default configuration...
CVE-2025-34468
libcoap versions up to and including 4.3.5, prior to commit 30db3ea, contain a stack-based buffer overflow in address resolution when attacker-controlled hostname data is copied into a fixed 256-byte stack buffer without proper bounds checking. A remote attacker can trigger a crash and potentiall...
CVE-2025-15274
FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...
CVE-2025-15275
FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...
CVE-2025-15278
FontForge GUtils XBM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious...
CVE-2025-15271
FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit ...
CVE-2025-15279
FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...
CVE-2025-15276
FontForge SFD File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...
CVE-2025-15273
FontForge PFB File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...
CVE-2025-15280
FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...
CVE-2025-15272
FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...
CVE-2025-15277
FontForge GUtils SGI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...
CVE-2025-15270
FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit ...
CVE-2025-15269
FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...
CVE-2025-69277
libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group...
CVE-2025-68131
cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag 28 persist in memory an...
CVE-2025-11964
On Windows only, if libpcap needs to convert a Windows error message to UTF-8 and the message includes characters that UTF-8 represents using 4 bytes, utf16letoutf8truncated can write data beyond the end of the provided buffer...
CVE-2025-11961
pcapetheraton is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string argument must be a well-formed MAC-48 address in one of the supported formats, but this requirement has been poorly documented. If an application calls the function...
CVE-2022-50798
Rejected reason: This candidate is a duplicate of CVE-2017-11359...
CVE-2025-61594
URI is a module providing classes to handle Uniform Resource Identifiers. In versions 0.12.4 and earlier bundled in Ruby 3.2 series 0.13.2 and earlier bundled in Ruby 3.3 series, 1.0.3 and earlier bundled in Ruby 3.4 series, when using the + operator to combine URIs, sensitive information like...
CVE-2025-69261
WasmEdge is a WebAssembly runtime. Prior to version 0.16.0-alpha.3, a multiplication in WasmEdge/include/runtime/instance/memory.h can wrap, causing checkAccessBound to incorrectly allow the access. This leads to a segmentation fault. Version 0.16.0-alpha.3 contains a patch for the issue...
CVE-2025-50343
An issue was discovered in matio 1.5.28. A heap-based memory corruption can occur in MatVarCreateStruct when the nfields value does not match the actual number of strings in the fields array. This leads to out-of-bounds reads and invalid memory frees during cleanup, potentially causing a...
CVE-2025-65411
A NULL pointer dereference in the src/path.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service DoS via injecting a crafted payload into the searchpath parameter...
CVE-2025-65409
A divide-by-zero in the encryption/decryption routines of GNU Recutils v1.9 allows attackers to cause a Denial of Service DoS via inputting an empty value as a password...
CVE-2025-68950
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, Magick fails to check for circular references between two MVGs, leading to a stack overflow. This is a DoS vulnerability, and any situation that allows reading the mvg file wi...