Common Vulnerabilities and Exposures (CVE)

CVE-2025-52842

Jul 2, 2025 20:10:11 UTC

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Laundry on Linux, MacOS allows Account Takeover. This issue affects Laundry: 2.3.0.

CVE-2025-43025

Jul 2, 2025 20:08:18 UTC

HP Universal Print Driver is potentially vulnerable to denial of service due to buffer overflow in versions of UPD 7.4 or older (e.g., v7.3.x, v7.2.x, v7.1.x, etc.).

A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service.

CVE-2025-52841

Jul 2, 2025 20:00:10 UTC

Cross-Site Request Forgery (CSRF) vulnerability in Laundry on Linux, MacOS allows to perform an Account Takeover. This issue affects Laundry: 2.3.0.

CVE-2025-49180

Jul 2, 2025 19:57:38 UTC

A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.

CVE-2025-49179

Jul 2, 2025 19:57:21 UTC

A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length checks.

CVE-2025-49177

Jul 2, 2025 19:54:35 UTC

A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests.

CVE-2025-49176

Jul 2, 2025 19:54:17 UTC

A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.

CVE-2025-49175

Jul 2, 2025 19:54:09 UTC

A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash.

CVE-2025-6942

Jul 2, 2025 19:46:25 UTC

The distributed engine versions 8.4.39.0 and earlier of Secret Server versions 11.7.49 and earlier can be exploited during an initial authorization event that would allow an attacker to impersonate another distributed engine.

CVE-2025-34079

Jul 2, 2025 19:42:36 UTC

An authenticated remote code execution vulnerability exists in NSClient++ version 0.5.2.35 when the web interface and ExternalScripts module are enabled. A remote attacker with the administrator password can authenticate to the web interfac...

CVE-2025-52559

Jul 2, 2025 19:37:15 UTC

Zulip is an open-source team chat application. From versions 2.0.0-rc1 to before 10.4 in Zulip Server, the /digest/ URL of a server shows a preview of what the email weekly digest would contain. This URL, though not the digest itself, conta...

CVE-2025-45813

Jul 2, 2025 18:25:37 UTC

ENENSYS IPGuard v2 2.10.0 was discovered to contain hardcoded credentials.

CVE-2025-45814

Jul 2, 2025 18:18:31 UTC

Missing authentication checks in the query.fcgi endpoint of NS3000 v8.1.1.125110 , v7.2.8.124852 , and v7.x and NS2000 v7.02.08 allows attackers to execute a session hijacking attack.

CVE-2025-45424

Jul 2, 2025 18:12:44 UTC

Incorrect access control in Xinference before v1.4.0 allows attackers to access the Web GUI without authentication.

Page: 32