Memory corruption while handling concurrent memory mapping and unmapping requests from a user-space application. More information : https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2025-bulletin.html

Information disclosure while processing system calls with invalid parameters. More information : https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2025-bulletin.html

Memory corruption while routing GPR packets between user and root when handling large data packet. More information : https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2025-bulletin.html

Memory corruption while handling IOCTL calls to set mode. More information : https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2025-bulletin.html

Memory corruption while copying packets received from unix clients. More information : https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2025-bulletin.html

Memory corruption while processing MFC channel configuration during music playback. More information : https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2025-bulletin.html

Information disclosure while exposing internal TA-to-TA communication APIs to HLOS More information : https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2025-bulletin.html

Memory corruption during video playback when video session open fails with time out error. More information : https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2025-bulletin.html

Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG document. More information : https://github.com/roundcube/roundcubemail/commit/bfa032631c36b900e7444dfa278340b33cbf7cdb

Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a information disclosure vulnerability in the HTML style sanitizer. More information : https://github.com/roundcube/roundcubemail/commit/08de250fba731b634bed188bbe18d2f6ef3c7571

The Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sanitize_pdf_src function regex bypass in all versions up to, and including,...

A security vulnerability has been detected in y_project RuoYi up to 4.8.1. The affected element is an unknown function of the file /monitor/cache/getnames. Such manipulation of the argument fragment leads to code injection. The...

A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted element is the function DcmQueryRetrieveIndexDatabaseHandle::startFindRequest/DcmQueryRetrieveIndexDatabaseHandle::startMoveRequest in the library dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. This manipulation causes null pointer dereference. The attack...

A vulnerability has been found in ZZCMS 2025. Affected by this issue is the function stripfxg of the file /admin/siteconfig.php of the component Backend Website Settings Module. Such manipulation of the argument icp leads...