The vulnerability of the Chamilo LMS electronic learning and content management system lies in the lack of verification of the validity of XML objects’ sequences. This allows attackers to execute arbitrary SQL queries.

The vulnerability of the Chamilo LMS, a system for electronic teaching and content management, lies in the lack of verification of the validity of XML objects’ sequences. Exploiting this vulnerability could allow an attacker, operating remotely, to execute arbitrary SQL queries...

CVE-2025-49795

A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: Check the dsbr size from the EFI variable Since the size of the struct btinteldsbr is already known, we can simply start checking there instead of querying the size of the EFI variable. If the final result doe...

Astra Linux – Vulnerability in Intel Microcode

Improper input validation in the UEFI firmware CseVariableStorageSmm for some Intel processors may allow a privileged user to potentially enable privilege escalation through local access...

[SECURITY] Fedora 41 Update: aerc-0.20.1-2.fc41

Aerc is an email client that runs in your terminal. It is highly efficient and extensible, perfect for the discerning hacker...

[SECURITY] Fedora 42 Update: aerc-0.20.1-3.fc42

Aerc is an email client that runs in your terminal. It is highly efficient and extensible, perfect for the discerning hacker...

Insyde InsydeH2O 安全漏洞

Insyde InsydeH2O is a new EFI/UEFI specification from Insyde China. It is intended to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O, which can be exploited to alter certificates and execute .efi files...

The vulnerability of the online business analytics service IBM Cognos Analytics, related to incorrect restrictions on XML links to external objects, allows attackers to disclose protected information or exploit memory resources.

The vulnerability of the online business analytics service IBM Cognos Analytics is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information or access memory resources...

Poster: FedBlockParadox -- a Framework for Simulating and Securing Decentralized Federated Learning

A significant body of research in decentralized federated learning focuses on combining the privacy-preserving properties of federated learning with the resilience and transparency offered by blockchain-based systems. While these approaches are promising, they often lack flexible tools to evaluat...

CVE-2024-3467

There is a vulnerability in AVEVA PI Asset Framework Client that could allow malicious code to execute on the PI System Explorer environment under the privileges of an interactive user that was socially engineered to import XML supplied by an attacker...

CVE-2023-22662

Improper input validation of EpsdSrMgmtConfig in UEFI firmware for some IntelR Server Board S2600BP products may allow a privileged user to potentially enable denial of service via local access...

CVE-2022-21205

Improper restriction of XML external entity reference in DSP Builder Pro for IntelR QuartusR Prime Pro Edition before version 21.3 may allow an unauthenticated user to potentially enable information disclosure via network access...

CVE-2021-39300

Potential vulnerabilities have been identified in UEFI firmware BIOS for some PC products which may allow escalation of privilege and arbitrary code execution...

CVE-2008-1113

Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol PEAP, does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle MITM attacks...

Hitachi JP1/IT Desktop Management 2 安全漏洞

Hitachi JP1/IT Desktop Management 2 is an automatic collection of various types of information from Hitachi, Ltd. of Japan Hitachi, allowing you to manage it in one place. A security vulnerability exists in Hitachi JP1/IT Desktop Management 2 versions prior to 12-00 to 12-00-08, 11-10 to 11-10-08...

Important: Red Hat Security Advisory: Red Hat Developer Hub 1.6.0 release.

Red Hat Developer Hub 1.6.0 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

Peergos 代码问题漏洞

Peergos is a Peergos open source application. A security vulnerability exists in Peergos 1.1.0 and earlier versions that stems from improperly restricted XML external entity references in the WebDav servlet...

libxml2: Use-After-Free in libxml2

A flaw was found in libxml2. This vulnerability allows a use-after-free via a crafted XML document validated against an XML schema with certain identity constraints or a crafted XML schema...

Intel Server M50FCP和Intel Server D50DNP 安全漏洞

Intel Server M50FCP and Intel Server D50DNP are both servers from Intel Corporation USA. A security vulnerability exists in Intel Server M50FCP and Intel Server D50DNP that stems from improper initialization of the UEFI firmware, which could lead to information disclosure...

Intel Server M50FCP和Intel Server D50DNP 输入验证错误漏洞

Intel Server M50FCP and Intel Server D50DNP are both servers from Intel Corporation USA. An input validation error vulnerability exists in Intel Server M50FCP and Intel Server D50DNP, which stems from improper input validation in the UEFI firmware DXE module, which could lead to elevation of...