UBUNTU-CVE-2025-10529

Same-origin policy bypass in the Layout component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3...

CVE-2025-10529 Same-origin policy bypass in the Layout component

Same-origin policy bypass in the Layout component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3...

CVE-2025-10529

Same-origin policy bypass in the Layout component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3...

Firefox -- Same-origin policy bypass

https://bugzilla.mozilla.org/showbug.cgi?id=1970490 reports: Same-origin policy bypass in the Layout component...

KLA88012 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Use-after-free vulnerability in Graphics: Canvas2D...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

peda

This repository is an offensive tool for exploit development. It is a Python Exploit Development Assistance for GDB PED A, which is a script that helps speed up the exploit development process on Linux/Unix. The tool is designed to work with GDB 7.x and Python 2.6+. The tool has various features,...

Stored Cross-site Scripting (XSS)

com.liferay, com.liferay.layout.admin.web is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper validation of the comliferaylayoutadminwebportletGroupPagesPortlettype parameter, which allows a remote authenticated attacker to inject and execute malicious JavaScrip...

CVE-2025-55729

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the ac:type in the ConfluenceLayoutSection macro allows remote code execution for any user who can edit any page The...

CVE-2025-55729

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the ac:type in the ConfluenceLayoutSection macro allows remote code execution for any user who can edit any page The...

CVE-2025-55729

CVE-2025-55729 affects XWiki Remote Macros (ConfluenceLayoutSection macro) where missing escaping of the ac:type and use of the classes parameter in XWiki syntax enable remote code execution for users with edit access. The issue arises in versions 1.0 through 1.26.4 and is fixed in version 1.26.5...

CVE-2025-55729 XWiki Remote Macros vulnerable to remote code execution using the ConfluenceLayoutSection macro

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the ac:type in the ConfluenceLayoutSection macro allows remote code execution for any user who can edit any page The...

CVE-2025-55729 XWiki Remote Macros vulnerable to remote code execution using the ConfluenceLayoutSection macro

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the ac:type in the ConfluenceLayoutSection macro allows remote code execution for any user who can edit any page The...

CVE-2025-55729 XWiki Remote Macros vulnerable to remote code execution using the ConfluenceLayoutSection macro

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the ac:type in the ConfluenceLayoutSection macro allows remote code execution for any user who can edit any page The...

CVE-2025-58746 Volkov Labs Business Links plugin vulnerable to privilege escalation attack

The Volkov Labs Business Links panel for Grafana provides an interface to navigate using external links, internal dashboards, time pickers, and dropdown menus. Prior to version 2.4.0, a malicious actor with Editor privileges can escalate their privileges to Administrator and perform arbitrary...

PT-2025-44131

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's crypto component related to context allocation and freeing operations within the compression framework. A discrepancy in the definition and order of...

pNFS: Fix uninited ptr deref in block/scsi layout

...

SUSE CVE-2025-38691

In the Linux kernel, the following vulnerability has been resolved: pNFS: Fix uninited ptr deref in block/scsi layout The error occurs on the third attempt to encode extents. When function exttreepreparecommit reallocates a larger buffer to retry encoding extents, the "layoutupdatepages" page arr...

Reflected Cross-Site Scripting (Reflected XSS)

com.liferay, com.liferay.layout.taglib is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper sanitization of user input in the content page's name field, which allows an attacker to inject and execute malicious JavaScript code when a user views the "document Vi...

DEBIAN-CVE-2025-38691

In the Linux kernel, the following vulnerability has been resolved: pNFS: Fix uninited ptr deref in block/scsi layout The error occurs on the third attempt to encode extents. When function exttreepreparecommit reallocates a larger buffer to retry encoding extents, the "layoutupdatepages" page arr...