π¨ CVE-2018-0158
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device to be processed. A successful exploit could cause an affected device to continuously consume memory and eventually reload, resulting in a DoS condition. Cisco Bug IDs: CSCvf22394.
π@cveNotify
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device to be processed. A successful exploit could cause an affected device to continuously consume memory and eventually reload, resulting in a DoS condition. Cisco Bug IDs: CSCvf22394.
π@cveNotify
π¨ CVE-2025-6021
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.
π@cveNotify
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.
π@cveNotify
π¨ CVE-2025-12233
A flaw has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Executing manipulation of the argument page can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.
π@cveNotify
A flaw has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Executing manipulation of the argument page can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.
π@cveNotify
GitHub
Shenzhen Jixiang Tengda Technology Co., Ltd. Router CH22 V1.0.0.1 /goform/SafeUrlFilter Buffer Overflow Vulnerability Β· Issue #14β¦
NAME OF AFFECTED PRODUCT(S) Tenda Router CH22 V1.0.0.1 - Buffer Overflow in /goform/SafeUrlFilter Vulnerability Details Detail Information Vendor Shenzhen Jixiang Tengda Technology Co., Ltd. Produc...
π¨ CVE-2025-12234
A vulnerability has been found in Tenda CH22 1.0.0.1. This affects the function fromSafeMacFilter of the file /goform/SafeMacFilter. The manipulation of the argument page leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability has been found in Tenda CH22 1.0.0.1. This affects the function fromSafeMacFilter of the file /goform/SafeMacFilter. The manipulation of the argument page leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
Shenzhen Jixiang Tengda Technology Co., Ltd. Router CH22 V1.0.0.1 /goform/SafeMacFilter Buffer Overflow Vulnerability Β· Issue #15β¦
NAME OF AFFECTED PRODUCT(S) Tenda Router CH22 V1.0.0.1 - Buffer Overflow in /goform/SafeMacFilter Vulnerability Details Detail Information Vendor Shenzhen Jixiang Tengda Technology Co., Ltd. Produc...
π¨ CVE-2025-12235
A vulnerability was found in Tenda CH22 1.0.0.1. This vulnerability affects the function fromSetIpBind of the file /goform/SetIpBind. The manipulation of the argument page results in buffer overflow. The attack must originate from the local network. The exploit has been made public and could be used.
π@cveNotify
A vulnerability was found in Tenda CH22 1.0.0.1. This vulnerability affects the function fromSetIpBind of the file /goform/SetIpBind. The manipulation of the argument page results in buffer overflow. The attack must originate from the local network. The exploit has been made public and could be used.
π@cveNotify
GitHub
Shenzhen Jixiang Tengda Technology Co., Ltd. Router CH22 V1.0.0.1/goform/SetIpBind Buffer Overflow Vulnerability Β· Issue #16 Β·β¦
NAME OF AFFECTED PRODUCT(S) Tenda Router CH22 V1.0.0.1 - Buffer Overflow in /goform/SetIpBind Vulnerability Details Detail Information Vendor Shenzhen Jixiang Tengda Technology Co., Ltd. Product Ro...
π¨ CVE-2025-12236
A vulnerability was determined in Tenda CH22 1.0.0.1. This issue affects the function fromDhcpListClient of the file /goform/DhcpListClient. This manipulation of the argument page causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
π@cveNotify
A vulnerability was determined in Tenda CH22 1.0.0.1. This issue affects the function fromDhcpListClient of the file /goform/DhcpListClient. This manipulation of the argument page causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
π@cveNotify
GitHub
Shenzhen Jixiang Tengda Technology Co., Ltd. Router CH22 V1.0.0.1 /goform/DhcpListClient Buffer Overflow Vulnerability Β· Issueβ¦
NAME OF AFFECTED PRODUCT(S) Tenda Router CH22 V1.0.0.1 - Buffer Overflow in /goform/DhcpListClient Vulnerability Details Detail Information Vendor Shenzhen Jixiang Tengda Technology Co., Ltd. Produ...
π¨ CVE-2025-12237
A vulnerability was identified in projectworlds Advanced Library Management System 1.0. Impacted is an unknown function of the file /index.php. Such manipulation of the argument keywords leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.
π@cveNotify
A vulnerability was identified in projectworlds Advanced Library Management System 1.0. Impacted is an unknown function of the file /index.php. Such manipulation of the argument keywords leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.
π@cveNotify
GitHub
Projectworlds Advanced Library Management System Project V1.0 / index.php SQL injection Β· Issue #1 Β· juzidddd/Projectworlds-ALMSβ¦
Projectworlds Advanced Library Management System Project V1.0 / index.php SQL injection NAME OF AFFECTED PRODUCT(S) β’ Advanced Library Management System Vendor Homepage β’ https://projectworlds.com/...
π¨ CVE-2025-59278
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
π@cveNotify
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
π@cveNotify
π¨ CVE-2025-59282
Concurrent execution using shared resource with improper synchronization ('race condition') in Inbox COM Objects allows an unauthorized attacker to execute code locally.
π@cveNotify
Concurrent execution using shared resource with improper synchronization ('race condition') in Inbox COM Objects allows an unauthorized attacker to execute code locally.
π@cveNotify
π¨ CVE-2025-59284
Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing locally.
π@cveNotify
Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing locally.
π@cveNotify
π¨ CVE-2025-59285
Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
π@cveNotify
Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
π@cveNotify
π¨ CVE-2025-59288
Improper verification of cryptographic signature in GitHub allows an unauthorized attacker to perform spoofing over an adjacent network.
π@cveNotify
Improper verification of cryptographic signature in GitHub allows an unauthorized attacker to perform spoofing over an adjacent network.
π@cveNotify
π¨ CVE-2025-59275
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
π@cveNotify
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
π@cveNotify
π¨ CVE-2025-59277
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
π@cveNotify
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
π@cveNotify
π¨ CVE-2025-62707
pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires parsing the content stream of a page which has an inline image using the DCTDecode filter. This has been fixed in pypdf version 6.1.3.
π@cveNotify
pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires parsing the content stream of a page which has an inline image using the DCTDecode filter. This has been fixed in pypdf version 6.1.3.
π@cveNotify
GitHub
SEC: Avoid infinite loop when reading broken DCT-based inline images β¦ Β· py-pdf/pypdf@f2864d6
β¦(#3501)
π¨ CVE-2025-62708
pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream of a page using the LZWDecode filter. This has been fixed in pypdf version 6.1.3.
π@cveNotify
pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream of a page using the LZWDecode filter. This has been fixed in pypdf version 6.1.3.
π@cveNotify
GitHub
SEC: Allow limiting size of LZWDecode streams (#3502) Β· py-pdf/pypdf@e51d078
A pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files - SEC: Allow limiting size of LZWDecode streams (#3502) Β· py-pdf/pypdf@e51d078
π¨ CVE-2025-50949
FontForge v20230101 was discovered to contain a memory leak via the component DlgCreate8.
π@cveNotify
FontForge v20230101 was discovered to contain a memory leak via the component DlgCreate8.
π@cveNotify
GitHub
fix memleak in function DlgCreate8 by xiaoxiaoafeifei Β· Pull Request #5491 Β· fontforge/fontforge
Bug fix
A memory leak issue exist in function DlgCreate8
LeakSanitizer resultοΌ
==340050==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 40 byte(s) in 1 object(s) allocated from:
#0 0x7...
A memory leak issue exist in function DlgCreate8
LeakSanitizer resultοΌ
==340050==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 40 byte(s) in 1 object(s) allocated from:
#0 0x7...
π¨ CVE-2025-50951
FontForge v20230101 was discovered to contain a memory leak via the utf7toutf8_copy function at /fontforge/sfd.c.
π@cveNotify
FontForge v20230101 was discovered to contain a memory leak via the utf7toutf8_copy function at /fontforge/sfd.c.
π@cveNotify
GitHub
fix memleak in function utf7toutf8_copy by xiaoxiaoafeifei Β· Pull Request #5495 Β· fontforge/fontforge
Bug fix
A memory leak issue exist in function utf7toutf8_copy
LeakSanitizer resultοΌ
==821283==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 140 byte(s) in 4 object(s) allocated from:
...
A memory leak issue exist in function utf7toutf8_copy
LeakSanitizer resultοΌ
==821283==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 140 byte(s) in 4 object(s) allocated from:
...
π¨ CVE-2025-61755
Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.16 and 21.0.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
π@cveNotify
Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.16 and 21.0.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
π@cveNotify
π¨ CVE-2025-11957
Improper authorization in the temporary access workflow of Devolutions Server 2025.2.12.0 and earlier allows an authenticated basic user to self-approve or approve the temporary access requests of other users and gain unauthorized access to vaults and entries via crafted API requests.
π@cveNotify
Improper authorization in the temporary access workflow of Devolutions Server 2025.2.12.0 and earlier allows an authenticated basic user to self-approve or approve the temporary access requests of other users and gain unauthorized access to vaults and entries via crafted API requests.
π@cveNotify
Devolutions
advisories
Stay informed with Devolutions' latest security advisories on vulnerabilities, threats, and incident responses to enhance your cybersecurity posture.
π¨ CVE-2025-11958
An improper input validation in the Security Dashboard ignored-tasks API of Devolutions Server 2025.2.15.0 and earlier allows an authenticated user to cause a denial of service to the Security Dashboard via a crafted request.
π@cveNotify
An improper input validation in the Security Dashboard ignored-tasks API of Devolutions Server 2025.2.15.0 and earlier allows an authenticated user to cause a denial of service to the Security Dashboard via a crafted request.
π@cveNotify
Devolutions
advisories
Stay informed with Devolutions' latest security advisories on vulnerabilities, threats, and incident responses to enhance your cybersecurity posture.