CVE-2025-52449

Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux Extensible Protocol Service modules allows Alternative Execution Due to Deceptive Filenames RCE. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19...

Insufficiently Protected Credentials

Overview org.opencastproject:opencast-kernel is a free and open source solution for automated video capture and distribution at scale. Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the process of fetching MediaPackage elements included in a...

CVE-2025-52449

Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux Extensible Protocol Service modules allows Alternative Execution Due to Deceptive Filenames RCE. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19...

CVE-2025-52449

Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux Extensible Protocol Service modules allows Alternative Execution Due to Deceptive Filenames RCE. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19...

SAMSUNG MagicINFO 9 Server XML External Entity References Improperly Restricted Vulnerability

SAMSUNG MagicINFO 9 Server is an enterprise-class digital signage content management and device monitoring platform from Samsung South Korea. SAMSUNG MagicINFO 9 Server suffers from an improperly restricted XML external entity reference vulnerability that can be exploited by attackers to obtain...

Adobe ColdFusion XML Injection Vulnerability

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion has an XML injection vulnerability that can be exploited by attackers to access...

XML External Entity (XXE) Injection

Overview org.dspace:dspace-api is a DSpace core data model and service APIs. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the XML parsing process during archive imports or when handling XML responses from upstream services. An attacker can access...

ImageMagick 安全漏洞

ImageMagick is a suite of open source image processing software from ImageMagick Open Source. It can read, convert or write images in many formats. A security vulnerability exists in versions prior to ImageMagick 7.1.2-0 that stems from an infinite loop in a specific XMP file conversion command...

The vulnerability of the ColdFusion software platform, related to errors in XML request processing, allows attackers to read arbitrary files.

The vulnerability of the ColdFusion software platform is related to errors in processing XML requests. Exploiting this vulnerability allows a malicious actor to read arbitrary files remotely...

The vulnerability of the ColdFusion software platform lies in the improper limitation on XML references to external objects, which allows attackers to circumvent security restrictions.

The vulnerability of the ColdFusion software platform is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a malicious actor to bypass security restrictions remotely...

The vulnerability of the ColdFusion software platform lies in the improper limitation on XML references to external objects, which allows attackers to circumvent security restrictions.

The vulnerability of the ColdFusion software platform is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a malicious actor to bypass security restrictions remotely...

DEBIAN-CVE-2025-38315

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: Check dsbr size from EFI variable Since the size of struct btinteldsbr is already known, we can just start there instead of querying the EFI variable size. If the final result doesn't match what we expect also...

The vulnerability of the “Import from XML and YML” plugin exists due to the lack of protective measures for website structure. This allows attackers to execute XSS attacks.

The vulnerability of the “Import from XML, and YML” plugin exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

LDP$^3$: an Extensible and Multi-Threaded Toolkit for Local Differential Privacy Protocols and Post-Processing Methods

Local differential privacy LDP has become a prominent notion for privacy-preserving data collection. While numerous LDP protocols and post-processing PP methods have been developed, selecting an optimal combination under different privacy budgets and datasets remains a challenge. Moreover, the la...

ModSecurity 输入验证错误漏洞

ModSecurity is an open source, cross-platform web application firewall WAF engine from OWASP ModSecurity Open Source. An input validation error vulnerability exists in ModSecurity versions prior to 2.9.8 through 2.9.11, which stems from an empty XML tag that could lead to a segmentation error...

The vulnerability of the drivers/firmware/EFI/libstub components of the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the drivers/firmware/EFI/libstub components of the Linux operating system is related to the allocation of unlimited memory. Exploiting this vulnerability can allow an attacker to cause a service failure...

Akamai CloudTest 代码问题漏洞

Akamai CloudTest is a suite of scalable load testing platforms from Akamai, USA. A code issue vulnerability exists in Akamai CloudTest versions prior to 2025.06.02, which stems from XML external entity injection and may result in file inclusion...

[SECURITY] Fedora 41 Update: trafficserver-9.2.11-1.fc41

Traffic Server is a high-performance building block for cloud services. It's more than just a caching proxy server; it also has support for plugins to build large scale web applications. Key features: Caching - Improve your response time, while reducing server load and bandwidth needs by caching...

The vulnerability of the IhisiServiceSmm component in the InsydeH2O UEFI firmware creation framework allows a attacker to escalate their privileges.

The vulnerability of the IhisiServiceSmm component in the InsydeH2O UEFI firmware creation framework is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to increase their privileges remotely...

The vulnerability of the plugin “Import from XML, YML, JSON. Uploading product catalogs for 1C-Bitrix” allows a perpetrator to execute arbitrary commands.

The vulnerability of the plugin “Import from XML, YML, JSON. Uploading product catalogs for 1C-Bitrix” is related to the failure to take measures to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...