๐จ CVE-2024-53880
NVIDIA Triton Inference Server contains a vulnerability in the model loading API, where a user could cause an integer overflow or wraparound error by loading a model with an extra-large file size that overflows an internal variable. A successful exploit of this vulnerability might lead to denial of service.
๐@cveNotify
NVIDIA Triton Inference Server contains a vulnerability in the model loading API, where a user could cause an integer overflow or wraparound error by loading a model with an extra-large file size that overflows an internal variable. A successful exploit of this vulnerability might lead to denial of service.
๐@cveNotify
๐จ CVE-2024-8654
MongoDB Server may access non-initialized region of memory leading to unexpected behaviour when zero arguments are called in internal aggregation stage. This issue affected MongoDB Server v6.0 version 6.0.3.
๐@cveNotify
MongoDB Server may access non-initialized region of memory leading to unexpected behaviour when zero arguments are called in internal aggregation stage. This issue affected MongoDB Server v6.0 version 6.0.3.
๐@cveNotify
๐จ CVE-2024-9014
pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data.
๐@cveNotify
pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data.
๐@cveNotify
GitHub
OAuth2 issue in pgAdmin 4. ยท Issue #7945 ยท pgadmin-org/pgadmin4
pgAdmin is the most popular and feature rich Open Source administration and development platform for PostgreSQL, the most advanced Open Source database in the world. - OAuth2 issue in pgAdmin 4. ยท Issue #7945 ยท pgadmin-org/pgadmin4
๐จ CVE-2024-9124
A denial-of-service vulnerability exists in the Rockwell Automation PowerFlexยฎ 600T. If the device is overloaded with requests, it will become unavailable. The device may require a power cycle to recover it if it does not re-establish a connection after it stops receiving requests.
๐@cveNotify
A denial-of-service vulnerability exists in the Rockwell Automation PowerFlexยฎ 600T. If the device is overloaded with requests, it will become unavailable. The device may require a power cycle to recover it if it does not re-establish a connection after it stops receiving requests.
๐@cveNotify
Rockwell Automation
SD1705 | Security Advisory | Rockwell Automation | US
PowerFlex 6000T CIP Security denial-of-service Vulnerability
๐จ CVE-2025-27516
Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to use the |attr filter to get a reference to a string's plain format method, bypassing the sandbox. After the fix, the |attr filter no longer bypasses the environment's attribute lookup. This vulnerability is fixed in 3.1.6.
๐@cveNotify
Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to use the |attr filter to get a reference to a string's plain format method, bypassing the sandbox. After the fix, the |attr filter no longer bypasses the environment's attribute lookup. This vulnerability is fixed in 3.1.6.
๐@cveNotify
GitHub
Merge commit from fork ยท pallets/jinja@90457bb
attr filter uses env.getattr
๐จ CVE-2025-27152
axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if โ baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.
๐@cveNotify
axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if โ baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.
๐@cveNotify
GitHub
Server-Side Request Forgery Vulnerability (CVE-2024-39338) ยท Issue #6463 ยท axios/axios
Describe the bug Axios is vulnerable to a Server-Side Request Forgery attack caused by unexpected behaviour where requests for path relative URLS gets processed as protocol relative URLs. This coul...
๐จ CVE-2025-0755
The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. This issue affected libbson versions prior to 1.27.5, MongoDB Server v8.0 versions prior to 8.0.1 and MongoDB Server v7.0 versions prior to 7.0.16
๐@cveNotify
The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. This issue affected libbson versions prior to 1.27.5, MongoDB Server v8.0 versions prior to 8.0.1 and MongoDB Server v7.0 versions prior to 7.0.16
๐@cveNotify
๐ฅ1
๐จ CVE-2025-34183
Ilevia EVE X1 Server version โค 4.7.18.0.eden contains a vulnerability in its server-side logging mechanism that allows unauthenticated remote attackers to retrieve plaintext credentials from exposed .log files. This flaw enables full authentication bypass and system compromise through credential reuse.
๐@cveNotify
Ilevia EVE X1 Server version โค 4.7.18.0.eden contains a vulnerability in its server-side logging mechanism that allows unauthenticated remote attackers to retrieve plaintext credentials from exposed .log files. This flaw enables full authentication bypass and system compromise through credential reuse.
๐@cveNotify
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
๐จ CVE-2025-10810
A vulnerability was detected in Campcodes Online Learning Management System 1.0. The impacted element is an unknown function of the file /admin/edit_user.php. Performing manipulation of the argument firstname results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.
๐@cveNotify
A vulnerability was detected in Campcodes Online Learning Management System 1.0. The impacted element is an unknown function of the file /admin/edit_user.php. Performing manipulation of the argument firstname results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.
๐@cveNotify
GitHub
campcodes Online Learning Management System Project V1.0 /admin/edit_user.php SQL injection ยท Issue #1 ยท luyisi-7/CVE
campcodes Online Learning Management System Project V1.0 /admin/edit_user.php SQL injection NAME OF AFFECTED PRODUCT(S) Online Learning Management System Vendor Homepage https://www.campcodes.com/p...
๐จ CVE-2025-10811
A flaw has been found in code-projects Hostel Management System 1.0. This affects an unknown function of the file /justines/admin/mod_comments/index.php?view=view. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used.
๐@cveNotify
A flaw has been found in code-projects Hostel Management System 1.0. This affects an unknown function of the file /justines/admin/mod_comments/index.php?view=view. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used.
๐@cveNotify
๐จ CVE-2025-36064
IBM Sterling Connect:Express for Microsoft Windows 3.1.0.0 through 3.1.0.22 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
๐@cveNotify
IBM Sterling Connect:Express for Microsoft Windows 3.1.0.0 through 3.1.0.22 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
๐@cveNotify
Ibm
Security Bulletin: IBM Sterling Connect:Express for Microsoft Windows is vulnerable to brute force password guessing attacks (CVEโฆ
There is a vulnerability related to brute force password guessing attacks in IBM Sterling Connect:Express for Microsoft Windows. IBM Sterling Connect:Express for Microsoft Windows has addressed the applicable CVE.
๐จ CVE-2025-52367
Cross Site Scripting vulnerability in PivotX CMS v.3.0.0 RC 3 allows a remote attacker to execute arbitrary code via the subtitle field.
๐@cveNotify
Cross Site Scripting vulnerability in PivotX CMS v.3.0.0 RC 3 allows a remote attacker to execute arbitrary code via the subtitle field.
๐@cveNotify
๐จ CVE-2025-53450
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Pluginwale Easy Pricing Table WP allows PHP Local File Inclusion. This issue affects Easy Pricing Table WP: from n/a through 1.1.3.
๐@cveNotify
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Pluginwale Easy Pricing Table WP allows PHP Local File Inclusion. This issue affects Easy Pricing Table WP: from n/a through 1.1.3.
๐@cveNotify
Patchstack
Open Source Vulnerability Database - Patchstack
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2022-49286
In the Linux kernel, the following vulnerability has been resolved:
tpm: use try_get_ops() in tpm-space.c
As part of the series conversion to remove nested TPM operations:
https://lore.kernel.org/all/20190205224723.19671-1-jarkko.sakkinen@linux.intel.com/
exposure of the chip->tpm_mutex was removed from much of the upper
level code. In this conversion, tpm2_del_space() was missed. This
didn't matter much because it's usually called closely after a
converted operation, so there's only a very tiny race window where the
chip can be removed before the space flushing is done which causes a
NULL deref on the mutex. However, there are reports of this window
being hit in practice, so fix this by converting tpm2_del_space() to
use tpm_try_get_ops(), which performs all the teardown checks before
acquring the mutex.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
tpm: use try_get_ops() in tpm-space.c
As part of the series conversion to remove nested TPM operations:
https://lore.kernel.org/all/20190205224723.19671-1-jarkko.sakkinen@linux.intel.com/
exposure of the chip->tpm_mutex was removed from much of the upper
level code. In this conversion, tpm2_del_space() was missed. This
didn't matter much because it's usually called closely after a
converted operation, so there's only a very tiny race window where the
chip can be removed before the space flushing is done which causes a
NULL deref on the mutex. However, there are reports of this window
being hit in practice, so fix this by converting tpm2_del_space() to
use tpm_try_get_ops(), which performs all the teardown checks before
acquring the mutex.
๐@cveNotify
๐จ CVE-2022-49289
In the Linux kernel, the following vulnerability has been resolved:
uaccess: fix integer overflow on access_ok()
Three architectures check the end of a user access against the
address limit without taking a possible overflow into account.
Passing a negative length or another overflow in here returns
success when it should not.
Use the most common correct implementation here, which optimizes
for a constant 'size' argument, and turns the common case into a
single comparison.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
uaccess: fix integer overflow on access_ok()
Three architectures check the end of a user access against the
address limit without taking a possible overflow into account.
Passing a negative length or another overflow in here returns
success when it should not.
Use the most common correct implementation here, which optimizes
for a constant 'size' argument, and turns the common case into a
single comparison.
๐@cveNotify
๐จ CVE-2022-49292
In the Linux kernel, the following vulnerability has been resolved:
ALSA: oss: Fix PCM OSS buffer allocation overflow
We've got syzbot reports hitting INT_MAX overflow at vmalloc()
allocation that is called from snd_pcm_plug_alloc(). Although we
apply the restrictions to input parameters, it's based only on the
hw_params of the underlying PCM device. Since the PCM OSS layer
allocates a temporary buffer for the data conversion, the size may
become unexpectedly large when more channels or higher rates is given;
in the reported case, it went over INT_MAX, hence it hits WARN_ON().
This patch is an attempt to avoid such an overflow and an allocation
for too large buffers. First off, it adds the limit of 1MB as the
upper bound for period bytes. This must be large enough for all use
cases, and we really don't want to handle a larger temporary buffer
than this size. The size check is performed at two places, where the
original period bytes is calculated and where the plugin buffer size
is calculated.
In addition, the driver uses array_size() and array3_size() for
multiplications to catch overflows for the converted period size and
buffer bytes.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
ALSA: oss: Fix PCM OSS buffer allocation overflow
We've got syzbot reports hitting INT_MAX overflow at vmalloc()
allocation that is called from snd_pcm_plug_alloc(). Although we
apply the restrictions to input parameters, it's based only on the
hw_params of the underlying PCM device. Since the PCM OSS layer
allocates a temporary buffer for the data conversion, the size may
become unexpectedly large when more channels or higher rates is given;
in the reported case, it went over INT_MAX, hence it hits WARN_ON().
This patch is an attempt to avoid such an overflow and an allocation
for too large buffers. First off, it adds the limit of 1MB as the
upper bound for period bytes. This must be large enough for all use
cases, and we really don't want to handle a larger temporary buffer
than this size. The size check is performed at two places, where the
original period bytes is calculated and where the plugin buffer size
is calculated.
In addition, the driver uses array_size() and array3_size() for
multiplications to catch overflows for the converted period size and
buffer bytes.
๐@cveNotify
๐จ CVE-2022-49393
In the Linux kernel, the following vulnerability has been resolved:
misc: fastrpc: fix list iterator in fastrpc_req_mem_unmap_impl
This is another instance of incorrect use of list iterator and
checking it for NULL.
The list iterator value 'map' will *always* be set and non-NULL
by list_for_each_entry(), so it is incorrect to assume that the
iterator value will be NULL if the list is empty (in this case, the
check 'if (!map) {' will always be false and never exit as expected).
To fix the bug, use a new variable 'iter' as the list iterator,
while use the original variable 'map' as a dedicated pointer to
point to the found element.
Without this patch, Kernel crashes with below trace:
Unable to handle kernel access to user memory outside uaccess routines
at virtual address 0000ffff7fb03750
...
Call trace:
fastrpc_map_create+0x70/0x290 [fastrpc]
fastrpc_req_mem_map+0xf0/0x2dc [fastrpc]
fastrpc_device_ioctl+0x138/0xc60 [fastrpc]
__arm64_sys_ioctl+0xa8/0xec
invoke_syscall+0x48/0x114
el0_svc_common.constprop.0+0xd4/0xfc
do_el0_svc+0x28/0x90
el0_svc+0x3c/0x130
el0t_64_sync_handler+0xa4/0x130
el0t_64_sync+0x18c/0x190
Code: 14000016 f94000a5 eb05029f 54000260 (b94018a6)
---[ end trace 0000000000000000 ]---
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
misc: fastrpc: fix list iterator in fastrpc_req_mem_unmap_impl
This is another instance of incorrect use of list iterator and
checking it for NULL.
The list iterator value 'map' will *always* be set and non-NULL
by list_for_each_entry(), so it is incorrect to assume that the
iterator value will be NULL if the list is empty (in this case, the
check 'if (!map) {' will always be false and never exit as expected).
To fix the bug, use a new variable 'iter' as the list iterator,
while use the original variable 'map' as a dedicated pointer to
point to the found element.
Without this patch, Kernel crashes with below trace:
Unable to handle kernel access to user memory outside uaccess routines
at virtual address 0000ffff7fb03750
...
Call trace:
fastrpc_map_create+0x70/0x290 [fastrpc]
fastrpc_req_mem_map+0xf0/0x2dc [fastrpc]
fastrpc_device_ioctl+0x138/0xc60 [fastrpc]
__arm64_sys_ioctl+0xa8/0xec
invoke_syscall+0x48/0x114
el0_svc_common.constprop.0+0xd4/0xfc
do_el0_svc+0x28/0x90
el0_svc+0x3c/0x130
el0t_64_sync_handler+0xa4/0x130
el0t_64_sync+0x18c/0x190
Code: 14000016 f94000a5 eb05029f 54000260 (b94018a6)
---[ end trace 0000000000000000 ]---
๐@cveNotify
๐จ CVE-2022-49396
In the Linux kernel, the following vulnerability has been resolved:
phy: qcom-qmp: fix reset-controller leak on probe errors
Make sure to release the lane reset controller in case of a late probe
error (e.g. probe deferral).
Note that due to the reset controller being defined in devicetree in
"lane" child nodes, devm_reset_control_get_exclusive() cannot be used
directly.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
phy: qcom-qmp: fix reset-controller leak on probe errors
Make sure to release the lane reset controller in case of a late probe
error (e.g. probe deferral).
Note that due to the reset controller being defined in devicetree in
"lane" child nodes, devm_reset_control_get_exclusive() cannot be used
directly.
๐@cveNotify
๐ฅ1
๐จ CVE-2022-49249
In the Linux kernel, the following vulnerability has been resolved:
ASoC: codecs: wc938x: fix accessing array out of bounds for enum type
Accessing enums using integer would result in array out of bounds access
on platforms like aarch64 where sizeof(long) is 8 compared to enum size
which is 4 bytes.
Fix this by using enumerated items instead of integers.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
ASoC: codecs: wc938x: fix accessing array out of bounds for enum type
Accessing enums using integer would result in array out of bounds access
on platforms like aarch64 where sizeof(long) is 8 compared to enum size
which is 4 bytes.
Fix this by using enumerated items instead of integers.
๐@cveNotify
๐จ CVE-2022-49250
In the Linux kernel, the following vulnerability has been resolved:
ASoC: codecs: rx-macro: fix accessing compander for aux
AUX interpolator does not have compander, so check before accessing
compander data for this.
Without this checkan array of out bounds access will be made in
comp_enabled[] array.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
ASoC: codecs: rx-macro: fix accessing compander for aux
AUX interpolator does not have compander, so check before accessing
compander data for this.
Without this checkan array of out bounds access will be made in
comp_enabled[] array.
๐@cveNotify
๐จ CVE-2022-49251
In the Linux kernel, the following vulnerability has been resolved:
ASoC: codecs: va-macro: fix accessing array out of bounds for enum type
Accessing enums using integer would result in array out of bounds access
on platforms like aarch64 where sizeof(long) is 8 compared to enum size
which is 4 bytes.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
ASoC: codecs: va-macro: fix accessing array out of bounds for enum type
Accessing enums using integer would result in array out of bounds access
on platforms like aarch64 where sizeof(long) is 8 compared to enum size
which is 4 bytes.
๐@cveNotify