9.1
CVE-2025-24894 - SAML Response Signature Verification Bypass in SPID.AspNetCore.Authentication
SPID.AspNetCore.Authentication is an AspNetCore Remote Authenticator for SPID. Authentication using Spid and CIE is based on the SAML2 standard which provides two entities: Identity Provider (IDP): the system that authenticates users and provides identity information (SAML affirmation) to the Serviβ¦
5.3
CVE-2025-21608 - Forged packets over MQTT can show up in direct messages in Meshtastic firmware
Meshtastic is an open source mesh networking solution. In affected firmware versions crafted packets over MQTT are able to appear as a DM in client to a node even though they were not decoded with PKC. This issue has been addressed in version 2.5.19 and all users are advised to upgrade. There are nβ¦
6.4
CVE-2025-0677 - Grub2: ufs: integer overflow may lead to heap based out-of-bounds write when handling symlinks
A flaw was found in grub2. When performing a symlink lookup, the grub's UFS module checks the inode's data size to allocate the internal buffer to read the file content, however, it fails to check if the symlink data size has overflown. When this occurs, grub_malloc() may be called with a smaller vβ¦
6.7
CVE-2024-45781 - Grub2: fs/ufs: oob write in the heap
A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure boβ¦
6.4
CVE-2025-0684 - Grub2: reiserfs: integer overflow when handling symlinks may lead to heap based out-of-bounds writeβ¦
A flaw was found in grub2. When performing a symlink lookup from a reiserfs filesystem, grub's reiserfs fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciouly crafted filesystem β¦
7.8
CVE-2025-0678 - Grub2: squash4: integer overflow may lead to heap based out-of-bounds write when reading data
A flaw was found in grub2. When reading data from a squash4 filesystem, grub's squash4 fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciously crafted filesystem may lead some ofβ¦
4.1
CVE-2024-45778 - Grub2: fs/bfs: integer overflow in the bfs parser.
A stack overflow flaw was found when reading a BFS file system. A crafted BFS filesystem may lead to an uncontrolled loop, causing grub2 to crash.
4.4
CVE-2024-45783 - Grub2: fs/hfs+: refcount can be decremented twice
A flaw was found in grub2. When failing to mount an HFS+ grub, the hfsplus filesystem driver doesn't properly set an ERRNO value. This issue may lead to a NULL pointer access.
6.4
CVE-2025-0622 - Grub2: command/gpg: use-after-free due to hooks not being removed on module unload
A flaw was found in command/gpg. In some scenarios, hooks created by loaded modules are not removed when the related module is unloaded. This flaw allows an attacker to force grub2 to call the hooks once the module that registered it was unloaded, leading to a use-after-free vulnerability. If correβ¦
6.7
CVE-2024-45780 - Grub2: fs/tar: integer overflow causes heap oob write
A flaw was found in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It's possible to cause the allocation length to overflow with a crafted tar file, leading to a heap out-ofβ¦