Suse
Monthly
Vm Virtualbox versions up to 7.1.14 contains a vulnerability that allows attackers to unauthorized access to critical data or complete access to all Oracle VM Virtual (CVSS 6.0).
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. [CVSS 7.5 HIGH]
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. [CVSS 7.5 HIGH]
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.29 and 21.3-21.20. [CVSS 4.5 MEDIUM]
Mysql Server contains a vulnerability that allows attackers to unauthorized ability to cause a hang or frequently repeatable crash (complete DO (CVSS 6.5).
Mysql contains a vulnerability that allows attackers to unauthorized ability to cause a hang or frequently repeatable crash (complete DO (CVSS 4.9).
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. [CVSS 6.0 MEDIUM]
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. [CVSS 7.5 HIGH]
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. [CVSS 8.2 HIGH]
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. [CVSS 8.2 HIGH]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 9.0.0-9.5.0. [CVSS 4.9 MEDIUM]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.5.0. [CVSS 6.5 MEDIUM]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.5.0. [CVSS 6.5 MEDIUM]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. [CVSS 4.9 MEDIUM]
Remote denial of service in Oracle Java SE, GraalVM for JDK, and GraalVM Enterprise Edition allows unauthenticated attackers to trigger application hangs or crashes via network-accessible protocols. Multiple Java versions including JDK 8u471, 11.0.29, 17.0.17, 21.0.9, and 25.0.1 are affected through a flaw in the Security component. No patch is currently available for this high-severity vulnerability.
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. [CVSS 4.9 MEDIUM]
Mysql Server contains a vulnerability that allows attackers to unauthorized ability to cause a hang or frequently repeatable crash (complete DO (CVSS 4.9).
Mysql Cluster contains a vulnerability that allows attackers to unauthorized ability to cause a hang or frequently repeatable crash (complete DO (CVSS 4.9).
Graalvm versions up to 21.3.16 contains a vulnerability that allows attackers to unauthorized update, insert or delete access to some of Oracle Java SE, Oracle G (CVSS 6.1).
Graalvm versions up to 21.3.16 contains a vulnerability that allows attackers to unauthorized creation, deletion or modification access to critical data or all O (CVSS 7.4).
Mysql Server contains a vulnerability that allows attackers to unauthorized ability to cause a hang or frequently repeatable crash (complete DO (CVSS 5.3).
Graalvm versions up to 21.3.16 contains a vulnerability that allows attackers to unauthorized update, insert or delete access to some of Oracle Java SE, Oracle G (CVSS 4.8).
Node.js TLS servers using PSK or ALPN callbacks are vulnerable to denial of service when these callbacks throw unhandled synchronous exceptions during the TLS handshake. Remote attackers can exploit this by sending specially crafted TLS handshake requests to trigger resource exhaustion or process crashes, either through immediate termination or silent file descriptor leaks. No patch is currently available for this vulnerability.
Node.js has a CVSS 10.0 permission model bypass that allows Unix Domain Socket connections to completely bypass network restrictions when --allow-net is configured.
A NULL pointer dereference in the dacp_reply_playqueueedit_move function (src/httpd_dacp.c) of owntone-server commit b7e385f allows attackers to cause a Denial of Service (DoS) via sending a crafted DACP request to the server. [CVSS 7.5 HIGH]
A NULL pointer dereference in the parse_meta function (src/httpd_daap.c) of owntone-server commit 334beb allows attackers to cause a Denial of Service (DoS) via sending a crafted DAAP request to the server. [CVSS 7.5 HIGH]
We have identified a bug in Node.js error handling where "Maximum call stack size exceeded" errors become uncatchable when `async_hooks.createHook()` is enabled. Instead of reaching `process.on('uncaughtException')`, the process terminates, making the crash unrecoverable. [CVSS 7.5 HIGH]
A malformed `HTTP/2 HEADERS` frame with oversized, invalid `HPACK` data can cause Node.js to crash by triggering an unhandled `TLSSocket` error `ECONNRESET`. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. [CVSS 7.5 HIGH]
A memory leak in Node.js’s OpenSSL integration occurs when converting `X.509` certificate fields to UTF-8 without freeing the allocated buffer. [CVSS 7.5 HIGH]
NULL pointer dereference in the dacp_reply_playqueueedit_clear function in src/httpd_dacp.c in owntone-server through commit 6d604a1 (newer commit after version 28.12) allows remote attackers to cause a Denial of Service (crash). [CVSS 7.5 HIGH]
NULL pointer dereference in the daap_reply_groups function in src/httpd_daap.c in owntone-server through commit 5e6f19a (newer commit after version 28.2) allows remote attackers to cause a Denial of Service. [CVSS 7.5 HIGH]
A flaw in Node.js's permission model allows a file's access and modification timestamps to be changed via `futimes()` even when the process has only read permissions. [CVSS 5.3 MEDIUM]
A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the `vm` module with the timeout option. [CVSS 7.1 HIGH]
Node.js has a permissions model bypass that allows attackers to circumvent --allow-fs-read and --allow-fs-write restrictions using alternate path representations.
PLY (Python Lex-Yacc) library 3.11 has an unsafe feature enabling remote code execution through pickle deserialization of cached parser tables, with EPSS 0.91%.
Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process. [CVSS 7.5 HIGH]
Heap corruption in Google Chrome's ANGLE graphics library prior to version 144.0.7559.59 can be triggered through a crafted HTML page, enabling remote attackers to execute arbitrary code without user interaction beyond visiting a malicious website. The vulnerability stems from a use-after-free memory flaw that affects all Chrome users, though no patch is currently available. With a CVSS score of 8.8 and minimal exploit complexity, this presents a significant risk to the browser's security model.
Chrome Split View prior to 144.0.7559.59 has a UI spoofing vulnerability that allows remote attackers to display misleading content in the split view interface.
Chrome for Android prior to 144.0.7559.59 has a security UI spoofing vulnerability that allows remote attackers to display misleading security indicators.
Google Chrome prior to 144.0.7559.59 has insufficient policy enforcement in Network that allows attackers who obtained a network position to access sensitive data.
Chrome versions up to 144.0.7559.59 is affected by user interface (ui) misrepresentation of critical information (CVSS 5.4).
Google Chrome's Downloads feature on Windows versions before 144.0.7559.59 fails to properly validate file types, enabling remote attackers to circumvent safety protections for dangerous files through crafted malicious uploads. An unauthenticated attacker can exploit this via a specially designed file to bypass download security warnings. No patch is currently available for this medium-severity vulnerability.
Out-of-bounds memory read in Chrome's V8 JavaScript engine prior to version 144.0.7559.59 enables remote attackers to leak sensitive information through maliciously crafted web pages requiring only user interaction. The vulnerability affects all Chrome users and exposes high-impact confidentiality and integrity risks with no available patch at this time.
Chrome versions up to 144.0.7559.59 is affected by user interface (ui) misrepresentation of critical information (CVSS 5.4).
Object corruption in Google Chrome's V8 engine prior to version 144.0.7559.59 can be triggered by remote attackers through malicious HTML pages, potentially leading to complete system compromise including unauthorized access, data modification, and denial of service. The vulnerability requires user interaction to exploit but does not require authentication or special privileges. No patch is currently available for affected users.
Out-of-bounds memory access in Chrome's V8 engine (versions prior to 144.0.7559.59) enables remote attackers to corrupt objects and potentially achieve code execution by delivering a malicious HTML page to users. The vulnerability requires user interaction but poses significant risk due to its high CVSS score (8.8) and impact on confidentiality, integrity, and availability. No patch is currently available.
Jaraco.context versions 5.2.0 through 6.0.x contain a path traversal vulnerability in the tarball() function that allows attackers to extract files outside the intended directory when processing malicious tar archives, with public exploit code available. The vulnerability exploits insufficient path validation that fails to properly filter directory traversal sequences like `../`, potentially enabling unauthorized file extraction and nested tarball attacks. This affects all users processing untrusted tar archives with the vulnerable versions.
ImageMagick is free and open-source software used for editing and manipulating digital images. [CVSS 8.1 HIGH]
Imagemagick versions up to 7.1.2-13 is affected by loop with unreachable exit condition (infinite loop) (CVSS 5.5).
ImageMagick versions prior to 7.1.2-13 fail to properly initialize buffer elements in the BilateralBlurImage method, leading to invalid pointer dereference and potential denial of service when memory allocation fails. An attacker can exploit this through network vectors to crash affected applications or trigger undefined behavior with high complexity requirements. A patch is available in version 7.1.2-13 and later.
Filebrowser versions up to 2.55.0 contains a vulnerability that allows attackers to enumerate valid usernames by measuring the response time of the /api/login endpo (CVSS 5.3).
SiYuan knowledge management system versions before 3.5.4 allow authenticated users to copy arbitrary files from the server filesystem into the application workspace due to insufficient path validation in the /api/file/globalCopyFiles endpoint. An attacker with valid credentials can exploit this path traversal vulnerability to read sensitive files and escalate privileges within the application. Public exploit code exists for this medium-severity vulnerability, though a patch is available.
SiYuan versions before 3.5.4 allow unauthenticated remote attackers to read arbitrary files on the server through improper HTML rendering in the markdown feature. Public exploit code exists for this vulnerability, which has a CVSS score of 7.5. The vulnerability has been patched in version 3.5.4 and later.
Reflected XSS in SiYuan's /api/icon/getDynamicIcon endpoint allows attackers to inject malicious JavaScript through unescaped SVG content in dynamically generated icon images. An unauthenticated attacker can craft a malicious link that, when clicked by a victim, executes arbitrary scripts in the context of the SiYuan application. Public exploit code exists for versions prior to 3.5.4, which contains the necessary patches.
Wings for Pterodactyl versions 1.7.0 through 1.11.x fail to respect SQLite's maximum parameter limit when deleting activity log entries, allowing authenticated users to trigger a database error that prevents log cleanup and causes indefinite accumulation of records. This denial of service condition degrades panel performance and availability over time. Public exploit code exists for this vulnerability, and no patch is currently available.
Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.0, websockets within wings lack proper rate limiting and throttling. [CVSS 6.5 MEDIUM]
Mailpit versions before 1.28.3 contain a server-side request forgery vulnerability in the HTML Check feature that allows unauthenticated attackers to trigger arbitrary HTTP requests by crafting malicious CSS links in email messages. The vulnerability exists in the CSS inlining function which automatically downloads external stylesheets without proper validation. Public exploit code exists for this issue, though a patch is available in version 1.28.3 and later.
FreeRDP prior to 3.21.0 has a use-after-free vulnerability in offscreen bitmap deletion that leaves dangling pointers, exploitable by malicious RDP servers for client-side code execution.
FreeRDP prior to 3.21.0 has a use-after-free vulnerability in xf_Pointer_New where cursor data is freed prematurely, allowing malicious RDP servers to execute code on clients.
FreeRDP versions before 3.21.0 contain a buffer overflow in FastGlyph parsing where a malicious Remote Desktop server can crash the client by sending specially crafted glyph data that bypasses length validation. A remote attacker can exploit this vulnerability without authentication to cause denial of service, and public exploit code exists. The vulnerability affects FreeRDP clients connecting to untrusted or compromised RDP servers, with no patch currently available for most deployments.
FreeRDP prior to 3.21.0 contains a client-side heap buffer overflow in session data processing, the fifth in a series of seven critical heap overflows fixed in version 3.21.0.
FreeRDP prior to 3.21.0 has another client-side heap buffer overflow that can be exploited by malicious RDP servers to achieve remote code execution on connected clients.
OpenStack keystonemiddleware 10.5 through 10.9 has an authentication spoofing vulnerability (CVSS 9.9) allowing attackers to bypass Keystone token validation and access any OpenStack service as any user.
FreeRDP prior to 3.21.0 has a client-side heap buffer overflow that can be triggered by a malicious RDP server during session data processing, enabling remote code execution.
FreeRDP prior to 3.21.0 has a heap buffer overflow in ClearCodec glyph data processing that allows a malicious RDP server to execute arbitrary code on connected clients.
FreeRDP prior to 3.21.0 has a heap buffer overflow in bitmap decompression (planar codec) that can be triggered by a malicious RDP server to execute code on the client.
WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery (SSRF) protection bypass exists in WeasyPrint's `default_url_fetcher`. The vulnerability allows attackers to access internal network resources (such as `localhost` services or cloud metadata endpoints) even when a developer has implemented a custom `url_fetcher` to block such access. This occurs because the underlying `urllib` library follows HTTP redirects automatically without re-va...
Heap-based buffer overflow in QuickJS up to version 0.11.0 within the js_typed_array_constructor_ta function allows remote attackers to corrupt memory and potentially achieve code execution with user interaction. Public exploit code exists for this vulnerability, increasing practical attack risk. A patch is available and should be applied immediately.
Use-after-free in QuickJS up to version 0.11.0 within the Atomics Ops Handler allows remote attackers to trigger memory corruption without authentication. Public exploit code exists for this vulnerability, enabling potential information disclosure or denial of service. A patch is available and should be applied immediately.
HarfBuzz::Shaper for Perl versions before 0.032 contain a null pointer dereference in the bundled HarfBuzz library that allows remote attackers to cause a denial of service without authentication or user interaction. The vulnerability affects applications using vulnerable versions of the library and results in service unavailability. No patch is currently available.
Header injection in Mailpit's SMTP server prior to version 1.28.3 allows unauthenticated remote attackers to inject or modify email headers by embedding carriage return characters in sender and recipient addresses due to insufficient regex validation. Public exploit code exists for this vulnerability, which could enable attackers to manipulate email routing, spoofing, or phishing attacks against users of the email testing tool. The issue is resolved in version 1.28.3 and later.
Path traversal in esm.sh CDN prior to version 0.0.0-20260116051925-c62ab83c589e allows unauthenticated remote attackers to write arbitrary files to the server through malicious tar archives, bypassing incomplete path sanitization. Public exploit code exists for this vulnerability. The issue stems from improper validation of absolute paths in tar file entries, enabling potential code execution or service disruption on affected systems.
A security vulnerability has been detected in Open Asset Import Library Assimp up to 6.0.2. Affected by this vulnerability is the function Assimp::LWOImporter::FindUVChannels of the file /src/assimp/code/AssetLib/LWO/LWOMaterial.cpp. [CVSS 5.3 MEDIUM]
A weakness has been identified in BYVoid OpenCC up to 1.1.9. This vulnerability affects the function opencc::MaxMatchSegmentation of the file src/MaxMatchSegmentation.cpp. [CVSS 5.3 MEDIUM]
A vulnerability was identified in raysan5 raylib up to 909f040. Affected by this issue is the function LoadFontData of the file src/rtext.c. [CVSS 5.3 MEDIUM]
A vulnerability was determined in raysan5 raylib up to 909f040. Affected by this vulnerability is the function GenImageFontAtlas of the file src/rtext.c. [CVSS 5.3 MEDIUM]
Gradle versions before 9.3.0 fail to properly handle certain exceptions during dependency resolution, allowing attackers who control a repository to serve malicious artifacts by disrupting legitimate repository services. When transient errors occur, Gradle incorrectly continues to the next configured repository instead of disabling the failing source, enabling attackers to intercept and redirect dependency resolution to attacker-controlled repositories. This vulnerability affects Java builds using vulnerable Gradle versions and requires network-level control over a repository to exploit.
Gradle before version 9.3.0 fails to treat certain dependency resolution exceptions as fatal errors, allowing builds to continue using alternate repositories when encountering unresolvable hostnames. An attacker could exploit this by registering a domain matching a typo or lapsed registration to intercept and supply malicious dependencies to affected builds. This affects Java projects using vulnerable Gradle versions with multiple configured repositories.
node-tar versions 7.5.2 and earlier fail to properly sanitize link paths in tar archives when the default secure mode is enabled, allowing attackers to extract files outside the intended directory through malicious hardlinks and symlinks. Public exploit code exists for this vulnerability, which affects Node.js applications and related products including D-Link and Tar utilities. An attacker can overwrite arbitrary files or conduct symlink poisoning attacks on affected systems.
Skipper versions before 0.23.0 allow authenticated users with Ingress resource creation privileges to execute arbitrary Lua scripts that read sensitive filesystem data and secrets accessible to the Skipper process. The vulnerability stems from the default -lua-sources=inline configuration enabling untrusted users to create inline Lua filters. Public exploit code exists for this high-severity vulnerability affecting Kubernetes environments running vulnerable Skipper versions.
SiYuan prior to version 3.5.4-dev2 fails to sanitize SVG file uploads, allowing authenticated attackers to embed malicious JavaScript that executes when other users view the files. Public exploit code exists for this stored XSS vulnerability, which can compromise user sessions and access sensitive knowledge management data. The vulnerability affects self-hosted instances where users can upload SVG content from untrusted sources.
pyasn1 is a generic ASN.1 library for Python. versions up to 0.6.2 is affected by allocation of resources without limits or throttling (CVSS 7.5).
In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow. [CVSS 8.1 HIGH]
mmstu.c in VideoLAN VLC media player versions up to 3.0.22 is affected by out-of-bounds read (CVSS 4.8).
In SchedMD Slurm before 24.11.5, 24.05.8, and 23.11.11, the accounting system can allow a Coordinator to promote a user to Administrator. [CVSS 4.2 MEDIUM]
In OpenSC pam_pkcs11 before 0.6.13, pam_sm_authenticate() wrongly returns PAM_IGNORE in many error situations (such as an error triggered by a smartcard before login), allowing authentication bypass. [CVSS 6.7 MEDIUM]
In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash. [CVSS 7.1 HIGH]
Mattermost versions 10.11.x <= 10.11.8, 11.1.x <= 11.1.1, 11.0.x <= 11.0.6 fail to prevent infinite re-renders on API errors which allows authenticated users to cause application-level DoS via triggering unbounded component re-render loops. [CVSS 6.8 MEDIUM]
PlantUML versions before 1.2026.0 fail to properly sanitize interactive attributes in GraphViz diagrams, allowing attackers to inject malicious JavaScript into SVG output through crafted diagram files. Applications that render these SVGs are vulnerable to arbitrary script execution within the user's browser context. A patch is available to address this stored XSS vulnerability.
Arbitrary code execution in Deno runtime versions before 2.5.6 allows unauthenticated attackers to bypass shell script execution restrictions by using alternate casing in batch file extensions (e.g., .BAT, .Bat instead of .bat). The case-sensitive validation flaw enables attackers to spawn blocked Windows batch and command files, achieving remote code execution. Public exploit code exists and no patch is currently available for affected systems.
Vm Virtualbox versions up to 7.1.14 contains a vulnerability that allows attackers to unauthorized access to critical data or complete access to all Oracle VM Virtual (CVSS 6.0).
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. [CVSS 7.5 HIGH]
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. [CVSS 7.5 HIGH]
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.29 and 21.3-21.20. [CVSS 4.5 MEDIUM]
Mysql Server contains a vulnerability that allows attackers to unauthorized ability to cause a hang or frequently repeatable crash (complete DO (CVSS 6.5).
Mysql contains a vulnerability that allows attackers to unauthorized ability to cause a hang or frequently repeatable crash (complete DO (CVSS 4.9).
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. [CVSS 6.0 MEDIUM]
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. [CVSS 7.5 HIGH]
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. [CVSS 8.2 HIGH]
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. [CVSS 8.2 HIGH]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 9.0.0-9.5.0. [CVSS 4.9 MEDIUM]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.5.0. [CVSS 6.5 MEDIUM]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.5.0. [CVSS 6.5 MEDIUM]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. [CVSS 4.9 MEDIUM]
Remote denial of service in Oracle Java SE, GraalVM for JDK, and GraalVM Enterprise Edition allows unauthenticated attackers to trigger application hangs or crashes via network-accessible protocols. Multiple Java versions including JDK 8u471, 11.0.29, 17.0.17, 21.0.9, and 25.0.1 are affected through a flaw in the Security component. No patch is currently available for this high-severity vulnerability.
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. [CVSS 4.9 MEDIUM]
Mysql Server contains a vulnerability that allows attackers to unauthorized ability to cause a hang or frequently repeatable crash (complete DO (CVSS 4.9).
Mysql Cluster contains a vulnerability that allows attackers to unauthorized ability to cause a hang or frequently repeatable crash (complete DO (CVSS 4.9).
Graalvm versions up to 21.3.16 contains a vulnerability that allows attackers to unauthorized update, insert or delete access to some of Oracle Java SE, Oracle G (CVSS 6.1).
Graalvm versions up to 21.3.16 contains a vulnerability that allows attackers to unauthorized creation, deletion or modification access to critical data or all O (CVSS 7.4).
Mysql Server contains a vulnerability that allows attackers to unauthorized ability to cause a hang or frequently repeatable crash (complete DO (CVSS 5.3).
Graalvm versions up to 21.3.16 contains a vulnerability that allows attackers to unauthorized update, insert or delete access to some of Oracle Java SE, Oracle G (CVSS 4.8).
Node.js TLS servers using PSK or ALPN callbacks are vulnerable to denial of service when these callbacks throw unhandled synchronous exceptions during the TLS handshake. Remote attackers can exploit this by sending specially crafted TLS handshake requests to trigger resource exhaustion or process crashes, either through immediate termination or silent file descriptor leaks. No patch is currently available for this vulnerability.
Node.js has a CVSS 10.0 permission model bypass that allows Unix Domain Socket connections to completely bypass network restrictions when --allow-net is configured.
A NULL pointer dereference in the dacp_reply_playqueueedit_move function (src/httpd_dacp.c) of owntone-server commit b7e385f allows attackers to cause a Denial of Service (DoS) via sending a crafted DACP request to the server. [CVSS 7.5 HIGH]
A NULL pointer dereference in the parse_meta function (src/httpd_daap.c) of owntone-server commit 334beb allows attackers to cause a Denial of Service (DoS) via sending a crafted DAAP request to the server. [CVSS 7.5 HIGH]
We have identified a bug in Node.js error handling where "Maximum call stack size exceeded" errors become uncatchable when `async_hooks.createHook()` is enabled. Instead of reaching `process.on('uncaughtException')`, the process terminates, making the crash unrecoverable. [CVSS 7.5 HIGH]
A malformed `HTTP/2 HEADERS` frame with oversized, invalid `HPACK` data can cause Node.js to crash by triggering an unhandled `TLSSocket` error `ECONNRESET`. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. [CVSS 7.5 HIGH]
A memory leak in Node.js’s OpenSSL integration occurs when converting `X.509` certificate fields to UTF-8 without freeing the allocated buffer. [CVSS 7.5 HIGH]
NULL pointer dereference in the dacp_reply_playqueueedit_clear function in src/httpd_dacp.c in owntone-server through commit 6d604a1 (newer commit after version 28.12) allows remote attackers to cause a Denial of Service (crash). [CVSS 7.5 HIGH]
NULL pointer dereference in the daap_reply_groups function in src/httpd_daap.c in owntone-server through commit 5e6f19a (newer commit after version 28.2) allows remote attackers to cause a Denial of Service. [CVSS 7.5 HIGH]
A flaw in Node.js's permission model allows a file's access and modification timestamps to be changed via `futimes()` even when the process has only read permissions. [CVSS 5.3 MEDIUM]
A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the `vm` module with the timeout option. [CVSS 7.1 HIGH]
Node.js has a permissions model bypass that allows attackers to circumvent --allow-fs-read and --allow-fs-write restrictions using alternate path representations.
PLY (Python Lex-Yacc) library 3.11 has an unsafe feature enabling remote code execution through pickle deserialization of cached parser tables, with EPSS 0.91%.
Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process. [CVSS 7.5 HIGH]
Heap corruption in Google Chrome's ANGLE graphics library prior to version 144.0.7559.59 can be triggered through a crafted HTML page, enabling remote attackers to execute arbitrary code without user interaction beyond visiting a malicious website. The vulnerability stems from a use-after-free memory flaw that affects all Chrome users, though no patch is currently available. With a CVSS score of 8.8 and minimal exploit complexity, this presents a significant risk to the browser's security model.
Chrome Split View prior to 144.0.7559.59 has a UI spoofing vulnerability that allows remote attackers to display misleading content in the split view interface.
Chrome for Android prior to 144.0.7559.59 has a security UI spoofing vulnerability that allows remote attackers to display misleading security indicators.
Google Chrome prior to 144.0.7559.59 has insufficient policy enforcement in Network that allows attackers who obtained a network position to access sensitive data.
Chrome versions up to 144.0.7559.59 is affected by user interface (ui) misrepresentation of critical information (CVSS 5.4).
Google Chrome's Downloads feature on Windows versions before 144.0.7559.59 fails to properly validate file types, enabling remote attackers to circumvent safety protections for dangerous files through crafted malicious uploads. An unauthenticated attacker can exploit this via a specially designed file to bypass download security warnings. No patch is currently available for this medium-severity vulnerability.
Out-of-bounds memory read in Chrome's V8 JavaScript engine prior to version 144.0.7559.59 enables remote attackers to leak sensitive information through maliciously crafted web pages requiring only user interaction. The vulnerability affects all Chrome users and exposes high-impact confidentiality and integrity risks with no available patch at this time.
Chrome versions up to 144.0.7559.59 is affected by user interface (ui) misrepresentation of critical information (CVSS 5.4).
Object corruption in Google Chrome's V8 engine prior to version 144.0.7559.59 can be triggered by remote attackers through malicious HTML pages, potentially leading to complete system compromise including unauthorized access, data modification, and denial of service. The vulnerability requires user interaction to exploit but does not require authentication or special privileges. No patch is currently available for affected users.
Out-of-bounds memory access in Chrome's V8 engine (versions prior to 144.0.7559.59) enables remote attackers to corrupt objects and potentially achieve code execution by delivering a malicious HTML page to users. The vulnerability requires user interaction but poses significant risk due to its high CVSS score (8.8) and impact on confidentiality, integrity, and availability. No patch is currently available.
Jaraco.context versions 5.2.0 through 6.0.x contain a path traversal vulnerability in the tarball() function that allows attackers to extract files outside the intended directory when processing malicious tar archives, with public exploit code available. The vulnerability exploits insufficient path validation that fails to properly filter directory traversal sequences like `../`, potentially enabling unauthorized file extraction and nested tarball attacks. This affects all users processing untrusted tar archives with the vulnerable versions.
ImageMagick is free and open-source software used for editing and manipulating digital images. [CVSS 8.1 HIGH]
Imagemagick versions up to 7.1.2-13 is affected by loop with unreachable exit condition (infinite loop) (CVSS 5.5).
ImageMagick versions prior to 7.1.2-13 fail to properly initialize buffer elements in the BilateralBlurImage method, leading to invalid pointer dereference and potential denial of service when memory allocation fails. An attacker can exploit this through network vectors to crash affected applications or trigger undefined behavior with high complexity requirements. A patch is available in version 7.1.2-13 and later.
Filebrowser versions up to 2.55.0 contains a vulnerability that allows attackers to enumerate valid usernames by measuring the response time of the /api/login endpo (CVSS 5.3).
SiYuan knowledge management system versions before 3.5.4 allow authenticated users to copy arbitrary files from the server filesystem into the application workspace due to insufficient path validation in the /api/file/globalCopyFiles endpoint. An attacker with valid credentials can exploit this path traversal vulnerability to read sensitive files and escalate privileges within the application. Public exploit code exists for this medium-severity vulnerability, though a patch is available.
SiYuan versions before 3.5.4 allow unauthenticated remote attackers to read arbitrary files on the server through improper HTML rendering in the markdown feature. Public exploit code exists for this vulnerability, which has a CVSS score of 7.5. The vulnerability has been patched in version 3.5.4 and later.
Reflected XSS in SiYuan's /api/icon/getDynamicIcon endpoint allows attackers to inject malicious JavaScript through unescaped SVG content in dynamically generated icon images. An unauthenticated attacker can craft a malicious link that, when clicked by a victim, executes arbitrary scripts in the context of the SiYuan application. Public exploit code exists for versions prior to 3.5.4, which contains the necessary patches.
Wings for Pterodactyl versions 1.7.0 through 1.11.x fail to respect SQLite's maximum parameter limit when deleting activity log entries, allowing authenticated users to trigger a database error that prevents log cleanup and causes indefinite accumulation of records. This denial of service condition degrades panel performance and availability over time. Public exploit code exists for this vulnerability, and no patch is currently available.
Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.0, websockets within wings lack proper rate limiting and throttling. [CVSS 6.5 MEDIUM]
Mailpit versions before 1.28.3 contain a server-side request forgery vulnerability in the HTML Check feature that allows unauthenticated attackers to trigger arbitrary HTTP requests by crafting malicious CSS links in email messages. The vulnerability exists in the CSS inlining function which automatically downloads external stylesheets without proper validation. Public exploit code exists for this issue, though a patch is available in version 1.28.3 and later.
FreeRDP prior to 3.21.0 has a use-after-free vulnerability in offscreen bitmap deletion that leaves dangling pointers, exploitable by malicious RDP servers for client-side code execution.
FreeRDP prior to 3.21.0 has a use-after-free vulnerability in xf_Pointer_New where cursor data is freed prematurely, allowing malicious RDP servers to execute code on clients.
FreeRDP versions before 3.21.0 contain a buffer overflow in FastGlyph parsing where a malicious Remote Desktop server can crash the client by sending specially crafted glyph data that bypasses length validation. A remote attacker can exploit this vulnerability without authentication to cause denial of service, and public exploit code exists. The vulnerability affects FreeRDP clients connecting to untrusted or compromised RDP servers, with no patch currently available for most deployments.
FreeRDP prior to 3.21.0 contains a client-side heap buffer overflow in session data processing, the fifth in a series of seven critical heap overflows fixed in version 3.21.0.
FreeRDP prior to 3.21.0 has another client-side heap buffer overflow that can be exploited by malicious RDP servers to achieve remote code execution on connected clients.
OpenStack keystonemiddleware 10.5 through 10.9 has an authentication spoofing vulnerability (CVSS 9.9) allowing attackers to bypass Keystone token validation and access any OpenStack service as any user.
FreeRDP prior to 3.21.0 has a client-side heap buffer overflow that can be triggered by a malicious RDP server during session data processing, enabling remote code execution.
FreeRDP prior to 3.21.0 has a heap buffer overflow in ClearCodec glyph data processing that allows a malicious RDP server to execute arbitrary code on connected clients.
FreeRDP prior to 3.21.0 has a heap buffer overflow in bitmap decompression (planar codec) that can be triggered by a malicious RDP server to execute code on the client.
WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery (SSRF) protection bypass exists in WeasyPrint's `default_url_fetcher`. The vulnerability allows attackers to access internal network resources (such as `localhost` services or cloud metadata endpoints) even when a developer has implemented a custom `url_fetcher` to block such access. This occurs because the underlying `urllib` library follows HTTP redirects automatically without re-va...
Heap-based buffer overflow in QuickJS up to version 0.11.0 within the js_typed_array_constructor_ta function allows remote attackers to corrupt memory and potentially achieve code execution with user interaction. Public exploit code exists for this vulnerability, increasing practical attack risk. A patch is available and should be applied immediately.
Use-after-free in QuickJS up to version 0.11.0 within the Atomics Ops Handler allows remote attackers to trigger memory corruption without authentication. Public exploit code exists for this vulnerability, enabling potential information disclosure or denial of service. A patch is available and should be applied immediately.
HarfBuzz::Shaper for Perl versions before 0.032 contain a null pointer dereference in the bundled HarfBuzz library that allows remote attackers to cause a denial of service without authentication or user interaction. The vulnerability affects applications using vulnerable versions of the library and results in service unavailability. No patch is currently available.
Header injection in Mailpit's SMTP server prior to version 1.28.3 allows unauthenticated remote attackers to inject or modify email headers by embedding carriage return characters in sender and recipient addresses due to insufficient regex validation. Public exploit code exists for this vulnerability, which could enable attackers to manipulate email routing, spoofing, or phishing attacks against users of the email testing tool. The issue is resolved in version 1.28.3 and later.
Path traversal in esm.sh CDN prior to version 0.0.0-20260116051925-c62ab83c589e allows unauthenticated remote attackers to write arbitrary files to the server through malicious tar archives, bypassing incomplete path sanitization. Public exploit code exists for this vulnerability. The issue stems from improper validation of absolute paths in tar file entries, enabling potential code execution or service disruption on affected systems.
A security vulnerability has been detected in Open Asset Import Library Assimp up to 6.0.2. Affected by this vulnerability is the function Assimp::LWOImporter::FindUVChannels of the file /src/assimp/code/AssetLib/LWO/LWOMaterial.cpp. [CVSS 5.3 MEDIUM]
A weakness has been identified in BYVoid OpenCC up to 1.1.9. This vulnerability affects the function opencc::MaxMatchSegmentation of the file src/MaxMatchSegmentation.cpp. [CVSS 5.3 MEDIUM]
A vulnerability was identified in raysan5 raylib up to 909f040. Affected by this issue is the function LoadFontData of the file src/rtext.c. [CVSS 5.3 MEDIUM]
A vulnerability was determined in raysan5 raylib up to 909f040. Affected by this vulnerability is the function GenImageFontAtlas of the file src/rtext.c. [CVSS 5.3 MEDIUM]
Gradle versions before 9.3.0 fail to properly handle certain exceptions during dependency resolution, allowing attackers who control a repository to serve malicious artifacts by disrupting legitimate repository services. When transient errors occur, Gradle incorrectly continues to the next configured repository instead of disabling the failing source, enabling attackers to intercept and redirect dependency resolution to attacker-controlled repositories. This vulnerability affects Java builds using vulnerable Gradle versions and requires network-level control over a repository to exploit.
Gradle before version 9.3.0 fails to treat certain dependency resolution exceptions as fatal errors, allowing builds to continue using alternate repositories when encountering unresolvable hostnames. An attacker could exploit this by registering a domain matching a typo or lapsed registration to intercept and supply malicious dependencies to affected builds. This affects Java projects using vulnerable Gradle versions with multiple configured repositories.
node-tar versions 7.5.2 and earlier fail to properly sanitize link paths in tar archives when the default secure mode is enabled, allowing attackers to extract files outside the intended directory through malicious hardlinks and symlinks. Public exploit code exists for this vulnerability, which affects Node.js applications and related products including D-Link and Tar utilities. An attacker can overwrite arbitrary files or conduct symlink poisoning attacks on affected systems.
Skipper versions before 0.23.0 allow authenticated users with Ingress resource creation privileges to execute arbitrary Lua scripts that read sensitive filesystem data and secrets accessible to the Skipper process. The vulnerability stems from the default -lua-sources=inline configuration enabling untrusted users to create inline Lua filters. Public exploit code exists for this high-severity vulnerability affecting Kubernetes environments running vulnerable Skipper versions.
SiYuan prior to version 3.5.4-dev2 fails to sanitize SVG file uploads, allowing authenticated attackers to embed malicious JavaScript that executes when other users view the files. Public exploit code exists for this stored XSS vulnerability, which can compromise user sessions and access sensitive knowledge management data. The vulnerability affects self-hosted instances where users can upload SVG content from untrusted sources.
pyasn1 is a generic ASN.1 library for Python. versions up to 0.6.2 is affected by allocation of resources without limits or throttling (CVSS 7.5).
In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow. [CVSS 8.1 HIGH]
mmstu.c in VideoLAN VLC media player versions up to 3.0.22 is affected by out-of-bounds read (CVSS 4.8).
In SchedMD Slurm before 24.11.5, 24.05.8, and 23.11.11, the accounting system can allow a Coordinator to promote a user to Administrator. [CVSS 4.2 MEDIUM]
In OpenSC pam_pkcs11 before 0.6.13, pam_sm_authenticate() wrongly returns PAM_IGNORE in many error situations (such as an error triggered by a smartcard before login), allowing authentication bypass. [CVSS 6.7 MEDIUM]
In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash. [CVSS 7.1 HIGH]
Mattermost versions 10.11.x <= 10.11.8, 11.1.x <= 11.1.1, 11.0.x <= 11.0.6 fail to prevent infinite re-renders on API errors which allows authenticated users to cause application-level DoS via triggering unbounded component re-render loops. [CVSS 6.8 MEDIUM]
PlantUML versions before 1.2026.0 fail to properly sanitize interactive attributes in GraphViz diagrams, allowing attackers to inject malicious JavaScript into SVG output through crafted diagram files. Applications that render these SVGs are vulnerable to arbitrary script execution within the user's browser context. A patch is available to address this stored XSS vulnerability.
Arbitrary code execution in Deno runtime versions before 2.5.6 allows unauthenticated attackers to bypass shell script execution restrictions by using alternate casing in batch file extensions (e.g., .BAT, .Bat instead of .bat). The case-sensitive validation flaw enables attackers to spawn blocked Windows batch and command files, achieving remote code execution. Public exploit code exists and no patch is currently available for affected systems.