| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary.
This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1. |
| A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. |
| A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22. |
| A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22. |
| A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22. |
| A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22. |
| A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfs_get_attribute_value, in NTFS-3G < 2021.8.22. |
| A crafted NTFS image can cause an out-of-bounds access in ntfs_decompress in NTFS-3G < 2021.8.22. |
| Open Forms allows users create and publish smart forms. Prior to versions 3.2.7 and 3.3.3, forms where the prefill data fields are dynamically set to readonly/disabled can be modified by malicious users deliberately trying to modify data they're not supposed to. For regular users, the form fields are marked as readonly and cannot be modified through the user interface. This issue has been patched in versions 3.2.7 and 3.3.3. |
| Insecure design policies in the user management system of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to have access to the contact name and email address of other users on the system. |
| Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database versions currently in use. |
| Langfuse is an open source large language model engineering platform. Starting in version 2.70.0 and prior to versions 2.95.11 and 3.124.1, in certain project membership APIs, the server trusted a user‑controlled orgId and used it in authorization checks. As a result, any authenticated user on the same Langfuse instance could enumerate names and email addresses of users in another organization if they knew the target organization’s ID. Disclosure is limited to names and email addresses of members/invitees. No customer data such as traces, prompts, or evaluations is exposed or accessible. For Langfuse Cloud, the maintainers ran a thorough investigation of access logs of the last 30 days and could not find any evidence that this vulnerability was exploited. For most self-hosting deployments, the attack surface is significantly reduced given an SSO provider is configured and email/password sign-up is disabled. In these cases, only users who authenticate via the Enterprise SSO IdP (e.g. Okta) would be able to exploit this vulnerability to access the member list, i.e. internal users getting access to a list of other internal users. In order to exploit the vulnerability, the actor must have a valid Langfuse user account within the same instance, know the target orgId, and use the request made to the API that powers the frontend membership tables, including their project/user authentication token, while changing the orgId to the target organization. Langfuse Cloud (EU, US, HIPAA) were affected until fix deployment on November 1, 2025. The maintainers reviewed the Langfuse Cloud access logs from the past 30 days and found no evidence that this vulnerability was exploited. Self-Hosted versions which contain patches include v2.95.11 for major version 2 and v3.124.1 for major version 3. There are no known workarounds. Upgrading is required to fully mitigate this issue. |
| NVIDIA DGX Spark GB10 contains a vulnerability in OSROOT firmware, where an attacker could cause an invalid memory read. A successful exploit of this vulnerability might lead to denial of service. |
| LogStare Collector improperly handles the password hash data. An administrative user may obtain the other users' password hashes. |
| In Search Guard FLX versions from 3.1.0 up to 4.0.0 with enterprise modules being disabled, there exists an issue which allows authenticated users to use specially crafted requests to read documents from data streams without having the respective privileges. |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU processing operations to expose sensitive data.This issue affects Valhall GPU Kernel Driver: from r29p0 through r49p4, from r50p0 through r54p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p4, from r50p0 through r54p0. |
| In Apache CloudStack, a gap in access control checks affected the APIs - createNetworkACL
- listNetworkACLs
- listResourceDetails
- listVirtualMachinesUsageHistory
- listVolumesUsageHistory
While these APIs were accessible only to authorized users, insufficient permission validation meant that users could occasionally access information beyond their intended scope.
Users are recommended to upgrade to Apache CloudStack 4.20.2.0 or 4.22.0.0, which fixes the issue. |
| The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation. |
| Permission control vulnerability in the file management module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Identity authentication bypass vulnerability in the Gallery app.
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
