Monthly
Out-of-bounds read in Tor before version 0.4.9.7 occurs when END, TRUNCATE, or TRUNCATED cells lack a reason field in their payload, allowing remote unauthenticated attackers to trigger a denial of service condition. The vulnerability requires high attack complexity and results in availability impact only. CVSS score is 3.7 with no active exploitation (KEV) or public exploit code confirmed at time of analysis.
Out-of-bounds heap write in Exim before 4.99.2 allows unauthenticated remote attackers to cause denial of service and potentially corrupt memory when the JSON lookup feature is enabled and malformed JSON is present in untrusted email headers, due to incorrect backslash escape sequence handling in the JSON operator.
Denial of service in Exim before 4.99.2 on musl libc systems allows remote attackers to crash mail server connection instances by sending malformed DNS PTR records that trigger an octal printing bug in the dn_expand function. The vulnerability requires high network complexity to exploit but results in service unavailability for affected connections. No patch version confirmation available from provided references.
DNS traffic amplification via cyclic nameserver delegation in Technitium DNS Server versions before 15.0 enables unauthenticated remote attackers to conduct distributed denial-of-service (DDoS) attacks. Attackers can exploit misconfigured or maliciously crafted DNS delegation chains to create resolution loops, forcing the server to generate significantly larger response traffic than the initial query size. This amplification can be weaponized against third-party victims, with the vulnerable server acting as an unwitting participant in reflection attacks. CVSS 7.2 (High) reflects network-accessible exploitation requiring no authentication, with cross-scope impact affecting availability and integrity of downstream systems.
Logic error in uutils coreutils cut utility causes incorrect behavior when combining the -s (only-delimited), -z (null-terminated), and -d '' (empty delimiter) flags, resulting in unfiltered records being emitted instead of suppressed. This breaks data integrity for automated pipelines relying on cut -s to exclude records without delimiters, affecting local users with limited privileges. The vulnerability has low exploitability (CVSS 3.3, SSVC indicates no exploitation status and non-automatable attack), but poses information disclosure and data corruption risks in security-sensitive data processing workflows.
uutils coreutils tr utility misdefines POSIX character classes [:graph:] and [:print:], incorrectly including ASCII space (0x20) in [:graph:] and excluding it from [:print:] - the opposite of standard behavior. This logic error causes unintended data modification or loss when tr is used in automated scripts or data pipelines that depend on correct character class semantics, such as deletion of graphical characters inadvertently removing all spaces and corrupting structured data. Affects coreutils versions prior to 0.8.0; patch is available from vendor.
Apache Log4j Core 2.21.0 through 2.25.3 allows remote log injection via CRLF sequences in Rfc5424Layout due to undocumented renaming of security-relevant configuration attributes (newLineEscape and useTlsMessageFormat). Attackers can inject malicious log entries or downgrade TLS-framed syslog to unframed TCP, compromising log integrity for stream-based syslog services. SyslogAppender users are not affected. CVSS 6.9 indicates medium-to-high severity; EPSS and exploitation signals not available at time of analysis.
app/Controller/EventsController.php in MISP before 2.5.24 has invalid logic in checking for uploaded file validity, related to tmp_name. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In KDE Skanpage before 25.08.0, an attempt at file overwrite can result in the contents of the new file at the beginning followed by the partial contents of the old file at the end, because of use of. Rated low severity (CVSS 3.2), this vulnerability is no authentication required. No vendor patch available.
In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), the Administrator password reset mechanism is mishandled. Making both a GET and a POST request to login.php.is sufficient. An unauthenticated attacker can then bypass authentication via administrator account takeover.
Out-of-bounds read in Tor before version 0.4.9.7 occurs when END, TRUNCATE, or TRUNCATED cells lack a reason field in their payload, allowing remote unauthenticated attackers to trigger a denial of service condition. The vulnerability requires high attack complexity and results in availability impact only. CVSS score is 3.7 with no active exploitation (KEV) or public exploit code confirmed at time of analysis.
Out-of-bounds heap write in Exim before 4.99.2 allows unauthenticated remote attackers to cause denial of service and potentially corrupt memory when the JSON lookup feature is enabled and malformed JSON is present in untrusted email headers, due to incorrect backslash escape sequence handling in the JSON operator.
Denial of service in Exim before 4.99.2 on musl libc systems allows remote attackers to crash mail server connection instances by sending malformed DNS PTR records that trigger an octal printing bug in the dn_expand function. The vulnerability requires high network complexity to exploit but results in service unavailability for affected connections. No patch version confirmation available from provided references.
DNS traffic amplification via cyclic nameserver delegation in Technitium DNS Server versions before 15.0 enables unauthenticated remote attackers to conduct distributed denial-of-service (DDoS) attacks. Attackers can exploit misconfigured or maliciously crafted DNS delegation chains to create resolution loops, forcing the server to generate significantly larger response traffic than the initial query size. This amplification can be weaponized against third-party victims, with the vulnerable server acting as an unwitting participant in reflection attacks. CVSS 7.2 (High) reflects network-accessible exploitation requiring no authentication, with cross-scope impact affecting availability and integrity of downstream systems.
Logic error in uutils coreutils cut utility causes incorrect behavior when combining the -s (only-delimited), -z (null-terminated), and -d '' (empty delimiter) flags, resulting in unfiltered records being emitted instead of suppressed. This breaks data integrity for automated pipelines relying on cut -s to exclude records without delimiters, affecting local users with limited privileges. The vulnerability has low exploitability (CVSS 3.3, SSVC indicates no exploitation status and non-automatable attack), but poses information disclosure and data corruption risks in security-sensitive data processing workflows.
uutils coreutils tr utility misdefines POSIX character classes [:graph:] and [:print:], incorrectly including ASCII space (0x20) in [:graph:] and excluding it from [:print:] - the opposite of standard behavior. This logic error causes unintended data modification or loss when tr is used in automated scripts or data pipelines that depend on correct character class semantics, such as deletion of graphical characters inadvertently removing all spaces and corrupting structured data. Affects coreutils versions prior to 0.8.0; patch is available from vendor.
Apache Log4j Core 2.21.0 through 2.25.3 allows remote log injection via CRLF sequences in Rfc5424Layout due to undocumented renaming of security-relevant configuration attributes (newLineEscape and useTlsMessageFormat). Attackers can inject malicious log entries or downgrade TLS-framed syslog to unframed TCP, compromising log integrity for stream-based syslog services. SyslogAppender users are not affected. CVSS 6.9 indicates medium-to-high severity; EPSS and exploitation signals not available at time of analysis.
app/Controller/EventsController.php in MISP before 2.5.24 has invalid logic in checking for uploaded file validity, related to tmp_name. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In KDE Skanpage before 25.08.0, an attempt at file overwrite can result in the contents of the new file at the beginning followed by the partial contents of the old file at the end, because of use of. Rated low severity (CVSS 3.2), this vulnerability is no authentication required. No vendor patch available.
In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), the Administrator password reset mechanism is mishandled. Making both a GET and a POST request to login.php.is sufficient. An unauthenticated attacker can then bypass authentication via administrator account takeover.