PT-2025-14881 · Youkefu · Youkefu

Name of the Vulnerable Software and Affected Versions: zhangyanbo2007 youkefu versions up to 4.2.0 Description: A problematic issue was found in the XML Document Handler component, specifically affecting the CallCenterRouterController.java file. The manipulation of the routercontent argument lead...

WordPress plugin Easy Google Maps 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

WordPress plugin Import Export Suite for CSV and XML Datafeed 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2025-1341)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Analyzing open-source bootloaders: Finding vulnerabilities faster with AI

By leveraging Microsoft Security Copilot to expedite the vulnerability discovery process, Microsoft Threat Intelligence uncovered several vulnerabilities in multiple open-source bootloaders, impacting all operating systems relying on Unified Extensible Firmware Interface UEFI Secure Boot as well ...

CVE-2025-1781

There is a XXE in W3CSS Validator versions before cssval-20250226 that allows an attacker to use specially-crafted XML objects to coerce server-side request forgery SSRF. This could be exploited to read arbitrary local files if an attacker has access to exception messages...

encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data).

...

UBUNTU-CVE-2025-21872

In the Linux kernel, the following vulnerability has been resolved: efi: Don't map the entire mokvar table to determine its size Currently, when validating the mokvar table, we remap the entire table on each iteration of the loop, adding space as we discover new entries. If the table grows over a...

Vulnerabilities of EFI/unaccepted kernel components of the Linux operating system, allowing attackers to trigger a service failure

The vulnerability of the listdel function in efi/unaccepted kernel components of the Linux operating system is related to improper locking mechanisms. Exploiting this vulnerability could allow an attacker to trigger a service failure...

Libexpat: expat: improper restriction of xml entity expansion depth in libexpat

...

JetBrains GoLand 代码问题漏洞

JetBrains GoLand is a set of intelligent IDE Integrated Development Environment dedicated to Go language development from the Czech company JetBrains. A code issue vulnerability exists in JetBrains GoLand that stems from a networked system or product that does not have the correct filters set up ...

编号撤回

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI Open Source. This CVE number has been withdrawn...

编号撤回

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI Open Source. This CVE number has been withdrawn...

编号撤回

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI Open Source. This CVE number has been withdrawn...

ImageMagick 7.1.1-35 Arbitrary Code Execution

ImageMagick versions 7.1.1-35 and below proof of concept exploit allowing arbitrary code execution via malicious XML delegation...

AZL-58803 CVE-2025-2295 affecting package edk2 for versions less than 20240524git3e722403cd16-14

EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service...

SUSE CVE-2024-8176

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash...

UBUNTU-CVE-2024-8176

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash...

[SECURITY] Fedora 41 Update: trafficserver-9.2.9-1.fc41

Traffic Server is a high-performance building block for cloud services. It's more than just a caching proxy server; it also has support for plugins to build large scale web applications. Key features: Caching - Improve your response time, while reducing server load and bandwidth needs by caching...

[SECURITY] Fedora 40 Update: trafficserver-9.2.9-1.fc40

Traffic Server is a high-performance building block for cloud services. It's more than just a caching proxy server; it also has support for plugins to build large scale web applications. Key features: Caching - Improve your response time, while reducing server load and bandwidth needs by caching...