8.7
CVE-2025-6148 - TOTOLINK A3002RU HTTP POST Request formSysLog buffer overflow
A vulnerability was found in TOTOLINK A3002RU 3.0.0-B20230809.1615. It has been rated as critical. This issue affects some unknown processing of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack mโฆ
8.7
CVE-2025-6147 - TOTOLINK A702R HTTP POST Request formSysLog buffer overflow
A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack canโฆ
7.3
CVE-2025-49179 - Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in x record extension
A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length checks.
6.1
CVE-2025-49177 - Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: data leak in xfixes extension's xfixessetclienโฆ
A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests.
5.5
CVE-2025-49178 - Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: unprocessed client request due to bytes to ignโฆ
A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service.
9.1
CVE-2025-4404 - Freeipa: idm: privilege escalation from host to domain admin in freeipa
A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the `krbCanonicalName` for the admin account by default, allowing users to create services with the same canonical name as the REALM admin. When a succeโฆ
6.1
CVE-2025-49175 - Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: out-of-bounds read in x rendering extension anโฆ
A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash.
7.3
CVE-2025-49176 - Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in big requests extension
A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.
6.1
CVE-2025-45880 -
A cross-site scripting (XSS) vulnerability in the data resource management function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload.
3.3
CVE-2025-6199 - Gdk-pixbuf: uninitialized memory disclosure in gdkpixbuf gif lzw decoder
A flaw was found in the GIF parser of GdkPixbufโs LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather than the actual number of written bytes. This logic error results in uninitialized sections of the buโฆ