5.1
CVE-2025-6349 - Mali GPU Kernel Driver allows improper GPU memory processing operations
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU memory processing operations to gain access to already freed memory.This issue affects Valhall GPU Kernel Driver: β¦
4
CVE-2025-8045 - Mali GPU Kernel Driver allows improper GPU processing operations
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU processing operations to gain access to already freed memory.This issue affects Valhall GPU Kernel Driver: from r5β¦
5.1
CVE-2025-2879 - Mali GPU Kernel Driver allows improper GPU processing operations
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU processing operations to expose sensitive data.This issue affects Valhβ¦
7.5
CVE-2025-59789 - Apache bRPC: Stack Exhaustion via Unbounded Recursion in JSON Parser
Uncontrolled recursion in the json2pb component in Apache bRPC (version < 1.15.0) on all platforms allows remote attackers to make the server crash via sending deep recursive json data. Root Cause: The bRPCΒ json2pb component uses rapidjson to parse json data from the network. The rapidjson parser β¦
7.8
CVE-2025-41700 - CODESYS Development System - Deserialization of Untrusted Data
An unauthenticated attacker can trick a local user into executing arbitrary code by opening a deliberately manipulated CODESYS project file with a CODESYS development system. This arbitrary code is executed in the user context.
7.5
CVE-2025-41738 - CODESYS Control - Invalid type usage in visualization
An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition.
5.9
CVE-2025-41739 - CODESYS Control - Linux/QNX SysSocket flaw
An unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux and QNX to trigger an out-of-bounds read via crafted socket communication, potentially causing a denial of service.
6.1
CVE-2025-13819 - Open redirect in web server of MiR robots and MiR fleet
Open redirect in the web server component of MiR Robot and Fleet software allows a remote attacker to redirect users to arbitrary external websites via a crafted parameter, facilitating phishing or social engineering attacks.
5.3
CVE-2025-13816 - moxi159753 Mogu Blog v2 ZIP File unzipFile FileOperation.unzip path traversal
A security vulnerability has been detected in moxi159753 Mogu Blog v2 up to 5.2. The impacted element is the function FileOperation.unzip of the file /networkDisk/unzipFile of the component ZIP File Handler. Such manipulation of the argument fileUrl leads to path traversal. The attack may be launchβ¦
5.3
CVE-2025-13815 - moxi159753 Mogu Blog v2 pictures unrestricted upload
A weakness has been identified in moxi159753 Mogu Blog v2 up to 5.2. The affected element is an unknown function of the file /file/pictures. This manipulation of the argument filedatas causes unrestricted upload. The attack may be initiated remotely. The exploit has been made available to the publiβ¦