CVE-2025-66631 CSLA .NET is vulnerable to Remote Code Execution via WcfProxy

CSLA .NET is a framework designed for the development of reusable, object-oriented business layers for applications. Versions 5.5.4 and below allow the use of WcfProxy. WcfProxy uses the now-obsolete NetDataContractSerializer NDCS and is vulnerable to remote code execution during deserialization...

SUSE CVE-2023-53750

In the Linux kernel, the following vulnerability has been resolved: pinctrl: freescale: Fix a memory out of bounds when numconfigs is 1 The config passed in by pad wakeup is 1, when numconfigs is 1, Configuration 1 should not be fetched, which will be detected by KASAN as a memory out of bounds...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a null pointer dereference issue caused by some DT configurations...

CVE-2023-53750

In the Linux kernel, the following vulnerability has been resolved: pinctrl: freescale: Fix a memory out of bounds when numconfigs is 1 The config passed in by pad wakeup is 1, when numconfigs is 1, Configuration 1 should not be fetched, which will be detected by KASAN as a memory out of bounds...

CVE-2023-53750

In the Linux kernel, the following vulnerability has been resolved: pinctrl: freescale: Fix a memory out of bounds when numconfigs is 1 The config passed in by pad wakeup is 1, when numconfigs is 1, Configuration 1 should not be fetched, which will be detected by KASAN as a memory out of bounds...

DRUPAL-CONTRIB-2025-121

This module enables you to use the Tagify library to enhance text input fields with tag-style UI elements. The module does not sufficiently sanitize the infoLabel value under certain configurations, which can result in a cross-site scripting XSS vulnerability. This vulnerability is mitigated by t...

Tagify - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-121

This module enables you to use the Tagify library to enhance text input fields with tag-style UI elements. The module does not sufficiently sanitize the infoLabel value under certain configurations, which can result in a cross-site scripting XSS vulnerability. This vulnerability is mitigated by t...

CyberSecurityProject

CyberSecurityProject This project...

codealpha_task3

codealphatask3 This secure code review analyzes a small Flask...

PT-2025-48183

Name of the Vulnerable Software and Affected Versions GitLab EE versions 13.7 through 18.4.4 GitLab EE versions 18.5 through 18.5.2 GitLab EE versions 18.6 through 18.6.0 Description An authenticated user could potentially view information from security reports under specific configuration...

WordPress plugin Peer Publish 跨站请求伪造漏洞

The WordPress Peer Publish plugin is a tool for multi-author collaboration that allows users to submit posts to a WordPress blog for review and publication by other users. A cross-site request forgery vulnerability exists in WordPress Peer Publish plugin, which stems from a lack of random number...

CVE-2025-12394 Backup Migration < 2.0.0 - Unauthenticated Backup Download

The Backup Migration WordPress plugin before 2.0.0 does not properly generate its backup path in certain server configurations, allowing unauthenticated users to fetch a log that discloses the backup filename. The backup archive is then downloadable without authentication...

PT-2025-47884

The Backup Migration WordPress plugin before 2.0.0 does not properly generate its backup path in certain server configurations, allowing unauthenticated users to fetch a log that discloses the backup filename. The backup archive is then downloadable without authentication...

CVE-2025-65107 Langfuse SSO Account Takeover via CSRF or phishing attack

Langfuse is an open source large language model engineering platform. In versions from 2.95.0 to before 2.95.12 and from 3.17.0 to before 3.131.0, in SSO provider configurations without an explicit AUTHCHECK setting, a potential account takeover may happen if an authenticated user is made to call...

PT-2025-47813

Name of the Vulnerable Software and Affected Versions Langfuse versions 2.95.0 through 2.95.11 Langfuse versions 3.17.0 through 3.130.0 Description Langfuse is a large language model engineering platform. In Single Sign-On SSO provider configurations lacking an explicit AUTH CHECK setting, a...

ABB Edgenius Management Portal

SUMMARY ABB identified a critical vulnerability present in ABB Ability Edgenius starting from version 3.2.0.0. We have not received any reports of this vulnerability being exploited. An unauthenticated attacker could exploit this vulnerability to: → install and run arbitrary code, → uninstall...

GHSA-7P63-W6X9-6GR7 Eclipse Jersey has a Race Condition

In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain...

CVE-2025-9312

CVE-2025-9312 relates to a missing authentication enforcement in WSO2 products’ mTLS implementation used by System REST APIs and SOAP services. The root cause is improper validation of client certificate–based authentication under certain default configurations, allowing unauthenticated requests ...

Eclipse Jersey 竞争条件问题漏洞

Eclipse Jersey is a Java Web services development framework from the Eclipse Foundation. A Competitive Conditions Issue vulnerability exists in Eclipse Jersey versions 2.45, 3.0.16, and 3.1.9, which stems from a competitive condition that could lead to the omission of critical SSL configurations,...

PT-2025-47394

Name of the Vulnerable Software and Affected Versions Eurolab ELTS100 UBX version ELTS100v1.UBX Description The Eurolab ELTS100 UBX device is subject to Broken Access Control because of a lack of authentication on critical administrative endpoints. Attackers can directly access and modify sensiti...