CVE ID : CVE-2025-9390

Published : Aug. 24, 2025, 2:15 p.m. | 10 hours, 42 minutes ago

Description : A security flaw has been discovered in vim up to 9.1.1615. Affected by this vulnerability is the function main of the file src/xxd/xxd.c of the component xxd. The manipulation results in buffer overflow. The attack requires a local approach. The exploit has been released to the public and may be exploited. Upgrading to version 9.1.1616 addresses this issue. The patch is identified as eeef7c77436a78cd27047b0f5fa6925d56de3cb0. It is recommended to upgrade the affected component.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-9392

Published : Aug. 24, 2025, 3:15 p.m. | 9 hours, 43 minutes ago

Description : A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function qosClassifier of the file /goform/qosClassifier. Such manipulation of the argument dir/sFromPort/sToPort/dFromPort/dToPort/protocol/layer7/dscp/remark_dscp leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 9.0 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-9391

Published : Aug. 24, 2025, 3:15 p.m. | 9 hours, 43 minutes ago

Description : A weakness has been identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this issue is the function getFieldValue of the component com.artery.workflow.ServiceImpl. This manipulation of the argument sql causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-9393

Published : Aug. 24, 2025, 4:15 p.m. | 8 hours, 54 minutes ago

Description : A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function addStaProfile of the file /goform/addStaProfile. Performing manipulation of the argument profile_name/Ssid/wep_key_1/wep_key_2/wep_key_3/wep_key_4/wep_key_length/wep_default_key/cipher/passphrase results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 9.0 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-9394

Published : Aug. 24, 2025, 4:15 p.m. | 8 hours, 42 minutes ago

Description : A flaw has been found in PoDoFo 1.1.0-dev. This issue affects the function PdfTokenizer::DetermineDataType of the file src/podofo/main/PdfTokenizer.cpp of the component PDF Dictionary Parser. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host. The exploit has been published and may be used. This patch is called 22d16cb142f293bf956f66a4d399cdd65576d36c. A patch should be applied to remediate this issue.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-9395

Published : Aug. 24, 2025, 10:15 p.m. | 2 hours, 43 minutes ago

Description : A vulnerability was identified in wangsongyan wblog 0.0.1. This affects the function RestorePost of the file backup.go. Such manipulation of the argument fileName leads to server-side request forgery. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-9396

Published : Aug. 24, 2025, 11:15 p.m. | 1 hour, 42 minutes ago

Description : A security flaw has been discovered in ckolivas lrzip up to 0.651. This impacts the function __GI_____strtol_l_internal of the file strtol_l.c. Performing manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been released to the public and may be exploited.

Severity: 4.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-9397

Published : Aug. 24, 2025, 11:15 p.m. | 1 hour, 42 minutes ago

Description : A weakness has been identified in givanz Vvveb up to 1.0.7.2. Affected is an unknown function of the file /system/traits/media.php. Executing manipulation of the argument files[] can lead to unrestricted upload. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. Applying a patch is advised to resolve this issue. The code maintainer explains, that “[he] fixed the code to remove this vulnerability and will make a new release”.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-9398

Published : Aug. 25, 2025, 12:15 a.m. | 42 minutes ago

Description : A security vulnerability has been detected in YiFang CMS up to 2.0.5. Affected by this vulnerability is the function exportInstallTable of the file app/utils/base/database/Migrate.php. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 5.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. This week in DistroWatch Weekly:
Review: CalyxOS 6.8.20
News: illumos Cafe launched, Arch battles denial of service attack, CachyOS launches web-based package search
Questions and answers: Best distributions for running containers
Released last week: Besgnulinux 3-0, MiniOS 5.0.0, CachyOS 250824
Torrent corner: Crunchbangplusplus, Tails, TUXEDO OS
Upcoming releases: Ubuntu 25.10 Snapshot 4
Opinion poll:….

Mozilla’s long-standing antipathy in supporting Progressive Web Apps (PWAs) in Firefox began to thaw earlier this year, as bods behind…

Cantera is a collection of object-oriented software tools for problems involving chemical kinetics, thermodynamics, and transport processes. The post Cantera…

Spelloff is a (kinda bare-bones) multiplayer first-person shooter in the tradition of arena-shooters such as Quake. The post Spelloff –…

FFmpeg 8.0 introduces Vulkan compute-based codecs for pro-grade video formats, new decoders, Whisper AI transcription, and other assorted improvements. You’re…

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. The CachyOS team has announced the release of the distribution’s August snapshot. The new release adds an option to install the Niri window manager and automated Btrfs boot environments. “The installation medium (ISO) now also uses the LTS kernel instead of the latest stable kernel, since the ISO….

Ruffle is an Adobe Flash Player emulator written in the Rust programming language. The post Ruffle – Adobe Flash Player…

Cpplint is a command-line tool to check C/C++ files for style issues according to Google’s C++ style guide. The post…

Ogni settimana, il mondo del software libero e open source ci offre una moltitudine di aggiornamenti e nuove versioni di…

Il mondo delle distribuzioni GNU/Linux è noto per la sua varietà e flessibilità, caratteristiche che permettono agli utenti di scegliere…

Selene is a comprehensive peer-to-peer chat and file sharing application built on the Tor network. The post Selene – Tor-based…