DedeCMS Arbitrary Code Execution Vulnerability Volerion Risk Score: 7.8 Why this matters An input validation flaw in the array_filter component of DedeCMS (versions through 5.7.118) allows unauthenticated remote attackers to execute arbitrary code on the server. Successful exploitation grants full control of the underlying system, posing a severe threat to data integrity and service availability. Recommended actions Volerion has not observed any remediation so far. Affected products &...

libsoup Integer Underflow Vulnerability Leading to Buffer Overread and Denial-of-Service Volerion Risk Score: 8.1 Why this matters An integer underflow introduced in libsoup 3.6.1+ allows a buffer overread when zero-length resources are processed. A remote, unauthenticated attacker can trigger this flaw to crash applications that rely on libsoup or potentially access data held in adjacent memory, causing denial-of-service and information exposure. Recommended actions Upgrade to the latest...

mkj Dropbear Signature Verification Vulnerability in Curve25519 Component Volerion Risk Score: 8.6 Why this matters A signature malleability flaw in Dropbear SSH (versions ≤ 2025.89) lets remote attackers craft alternate Ed25519 signatures that pass verification in the unpackneg function of src/curve25519.c. Successful exploitation breaks signature uniqueness, undermining security controls or audit logs that rely on distinct signatures for integrity. Recommended actions Apply the vendor patch...