24h | 7d | 30d

CVE-2025-14180

Overview

  • PHP Group
  • PHP
  • pdo
27 Dec 2025
Published
29 Dec 2025
Updated
CVSS v4.0
HIGH (8.2)
EPSS
0.04%
KEV

Description

In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled, an invalid character sequence (such as \x99) in a prepared statement parameter may cause the quoting function PQescapeStringConn to return NULL, leading to a null pointer dereference in pdo_parse_params() function. This may lead to crashes (segmentation fault) and affect the availability of the target server.

Statistics

  • 3 Posts
Last activity: 2 hours ago

Bluesky

Profile picture
nixpkgs security changes @nixpkgssecuritychanges.gerbet.me
php: 8.4.15 -> 8.4.16, 8.3.28 -> 8.3.29, 8.2.29 -> 8.2.30, fixes CVE-2025-14177, CVE-2025-14178, CVE-2025-14180, GHSA-www2-q4fc-65wf https://github.com/NixOS/nixpkgs/pull/475115 #security
  • 0
  • 0
  • 2
  • 2h ago

CVE-2025-14178

Overview

  • PHP Group
  • PHP
  • php
27 Dec 2025
Published
29 Dec 2025
Updated
CVSS v3.1
MEDIUM (6.5)
EPSS
0.04%
KEV

Description

In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, a heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE, due to an integer overflow in the precomputation of element counts using zend_hash_num_elements(). This may lead to memory corruption or crashes and affect the integrity and availability of the target server.

Statistics

  • 3 Posts
Last activity: 2 hours ago

Bluesky

Profile picture
nixpkgs security changes @nixpkgssecuritychanges.gerbet.me
php: 8.4.15 -> 8.4.16, 8.3.28 -> 8.3.29, 8.2.29 -> 8.2.30, fixes CVE-2025-14177, CVE-2025-14178, CVE-2025-14180, GHSA-www2-q4fc-65wf https://github.com/NixOS/nixpkgs/pull/475115 #security
  • 0
  • 0
  • 2
  • 2h ago

CVE-2025-20702

Overview

  • Airoha Technology Corp.
  • AB156x, AB157x, AB158x, AB159x series, AB1627
04 Aug 2025
Published
05 Aug 2025
Updated
CVSS
Pending
EPSS
0.08%
KEV

Description

In the Airoha Bluetooth audio SDK, there is a possible unauthorized access to the RACE protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Statistics

  • 1 Post
Last activity: 17 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

Researchers Dennis Heinze and Frieder Steinmetz disclose three critical vulnerabilities (CVE-2025-20700, CVE-2025-20701, CVE-2025-20702) in Airoha-based Bluetooth headphones and earbuds, allowing for unauthenticated access, eavesdropping, data extraction, and potentially arbitrary code execution by chaining these flaws. They have also released a RACE Toolkit to help users check for vulnerabilities.
insinuator.net/2025/12/bluetoo

  • 0
  • 0
  • 0
  • 17h ago

CVE-2025-14177

Overview

  • PHP Group
  • PHP
  • php
27 Dec 2025
Published
29 Dec 2025
Updated
CVSS v4.0
MEDIUM (6.3)
EPSS
0.04%
KEV

Description

In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://filter). This occurs due to a bug in php_read_stream_all_chunks() that overwrites the buffer without advancing the pointer, leaving tail bytes uninitialized. This may lead to information disclosure of sensitive heap data and affect the confidentiality of the target server.

Statistics

  • 3 Posts
Last activity: 2 hours ago

Bluesky

Profile picture
nixpkgs security changes @nixpkgssecuritychanges.gerbet.me
php: 8.4.15 -> 8.4.16, 8.3.28 -> 8.3.29, 8.2.29 -> 8.2.30, fixes CVE-2025-14177, CVE-2025-14178, CVE-2025-14180, GHSA-www2-q4fc-65wf https://github.com/NixOS/nixpkgs/pull/475115 #security
  • 0
  • 0
  • 2
  • 2h ago

CVE-2025-20701

Overview

  • Airoha Technology Corp.
  • AB156x, AB157x, AB158x, AB159x series
04 Aug 2025
Published
05 Aug 2025
Updated
CVSS
Pending
EPSS
0.07%
KEV

Description

In the Airoha Bluetooth audio SDK, there is a possible way to pair Bluetooth audio device without user consent. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Statistics

  • 1 Post
Last activity: 17 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

Researchers Dennis Heinze and Frieder Steinmetz disclose three critical vulnerabilities (CVE-2025-20700, CVE-2025-20701, CVE-2025-20702) in Airoha-based Bluetooth headphones and earbuds, allowing for unauthenticated access, eavesdropping, data extraction, and potentially arbitrary code execution by chaining these flaws. They have also released a RACE Toolkit to help users check for vulnerabilities.
insinuator.net/2025/12/bluetoo

  • 0
  • 0
  • 0
  • 17h ago

CVE-2025-20700

Overview

  • Airoha Technology Corp.
  • AB156x, AB157x, AB158x, AB159x series, AB1627
04 Aug 2025
Published
05 Aug 2025
Updated
CVSS
Pending
EPSS
0.04%
KEV

Description

In the Airoha Bluetooth audio SDK, there is a possible permission bypass that allows access critical data of RACE protocol through Bluetooth LE GATT service. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Statistics

  • 1 Post
Last activity: 17 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

Researchers Dennis Heinze and Frieder Steinmetz disclose three critical vulnerabilities (CVE-2025-20700, CVE-2025-20701, CVE-2025-20702) in Airoha-based Bluetooth headphones and earbuds, allowing for unauthenticated access, eavesdropping, data extraction, and potentially arbitrary code execution by chaining these flaws. They have also released a RACE Toolkit to help users check for vulnerabilities.
insinuator.net/2025/12/bluetoo

  • 0
  • 0
  • 0
  • 17h ago

CVE-2025-15192

Overview

  • D-Link
  • DWR-M920
29 Dec 2025
Published
29 Dec 2025
Updated
CVSS v4.0
MEDIUM (5.3)
EPSS
Pending
KEV

Description

A security vulnerability has been detected in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_415328 of the file /boafrm/formLtefotaUpgradeQuectel. Such manipulation of the argument fota_url leads to command injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 21 hours ago

Fediverse

Profile picture
cR0w @cR0w

D-Link

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cc: @Dio9sys @da_667

  • 0
  • 2
  • 0
  • 21h ago

CVE-2025-15191

Overview

  • D-Link
  • DWR-M920
29 Dec 2025
Published
29 Dec 2025
Updated
CVSS v4.0
MEDIUM (5.3)
EPSS
Pending
KEV

Description

A weakness has been identified in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of the argument fota_url causes command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 21 hours ago

Fediverse

Profile picture
cR0w @cR0w

D-Link

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cc: @Dio9sys @da_667

  • 0
  • 2
  • 0
  • 21h ago

CVE-2025-66863

Overview

  • Pending
29 Dec 2025
Published
29 Dec 2025
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

An issue was discovered in function d_discriminator in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

Statistics

  • 1 Post
  • 3 Interactions
Last activity: 20 hours ago

Fediverse

Profile picture
cR0w @cR0w

Six DoS PoCs in binutils.

CVE-2025-66861, CVE-2025-66862, CVE-2025-66863, CVE-2025-66864, CVE-2025-66865, CVE-2025-66866

github.com/caozhzh/CRGF-Vul/tr

  • 0
  • 3
  • 0
  • 20h ago

CVE-2025-66861

Overview

  • Pending
29 Dec 2025
Published
29 Dec 2025
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

An issue was discovered in function d_unqualified_name in file cp-demangle.c in BinUtils 2.26 allowing attackers to cause a denial of service via crafted PE file.

Statistics

  • 1 Post
  • 3 Interactions
Last activity: 20 hours ago

Fediverse

Profile picture
cR0w @cR0w

Six DoS PoCs in binutils.

CVE-2025-66861, CVE-2025-66862, CVE-2025-66863, CVE-2025-66864, CVE-2025-66865, CVE-2025-66866

github.com/caozhzh/CRGF-Vul/tr

  • 0
  • 3
  • 0
  • 20h ago
Showing 51 to 60 of 64 CVEs