280 matches found
Apache CXF 安全漏洞
Apache CXF is an open-source web service framework developed by the Apache Foundation in the United States. This framework supports various web service standards and multiple front-end programming APIs. There are security vulnerabilities in Apache CXF; these vulnerabilities arise from incomplete...
GHSA-JG2M-9X48-3GVJ Apache Camel has an incomplete fix for CVE-2025-27636
The fix for CVE-2025-27636 added setLowerCasetrue to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCasetrue call was not applied to five non-HTTP HeaderFilterStrategy...
CVE-2025-48609
In multiple functions of MmsProvider.java, there is a possible way to arbitrarily delete files which affect telephony, SMS, and MMS functionalities due to a path traversal error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not...
CVE-2025-48609
In multiple functions of MmsProvider.java, there is a possible way to arbitrarily delete files which affect telephony, SMS, and MMS functionalities due to a path traversal error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not...
CVE-2025-48609
In multiple functions of MmsProvider.java, there is a possible way to arbitrarily delete files which affect telephony, SMS, and MMS functionalities due to a path traversal error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not...
CVE-2025-48609
In multiple functions of MmsProvider.java, there is a possible way to arbitrarily delete files which affect telephony, SMS, and MMS functionalities due to a path traversal error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not...
CVE-2025-48609
CVE-2025-48609 is not described in the initial CVE entry. Connected PT-Security documents show it is among patches in Samsung/Google January 2026 Maintenance Release (SMR Jan-2026), indicating it was addressed in the patch packages. No concrete technical details (root cause, affected component/ve...
CVE-2026-23685
CVE-2026-23685 describes a deserialization vulnerability in the SAP NetWeaver JMS service. An attacker authenticated as an administrator with local access can submit specially crafted content to the server; if processed by the application, this may trigger unintended logic execution that leads to...
BIT-MOODLE-2025-3645 Moodle: idor in messaging web service allows access to some user details
A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users' names and online statuses...
SUSE CVE-2025-51602
mmstu.c in VideoLAN VLC media player before 3.0.22 allows an out-of-bounds read and denial of service via a crafted 0x01 response from an MMS server...
CVE-2025-51602
mmstu.c in VideoLAN VLC media player before 3.0.22 allows an out-of-bounds read and denial of service via a crafted 0x01 response from an MMS server...
CVE-2025-51602
CVE-2025-51602 affects VideoLAN VLC media player prior to 3.0.22. The vulnerability is an out-of-bounds read in mmstu.c that can lead to a denial of service when processing a crafted 0x01 response from an MMS server. Exploitation details are not provided beyond the MMS-triggered read/DoS describe...
CVE-2022-38687
In messaging service, there is a missing permission check. This could lead to local denial of service in messaging service with no additional execution privileges needed...
CVE-2025-59923
An improper access control vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least read-only admin permission to obtain the...
CVE-2025-59923
An improper access control vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least read-only admin permission to obtain the...
PT-2025-50122
An improper access control vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least read-only admin permission to obtain the...
CVE-2025-12080
CVE-2025-12080 affects Google Messages for Wear OS when it is the default SMS/MMS/RCS app. The root cause is improper handling of ACTION_SENDTO intents using sms:, smsto:, mms:, and mmsto: URI schemes, enabling an attacker who can invoke an Android intent to covertly send messages on behalf of th...
EUVD-2016-0608
Malware in sbrugna...
EUVD-2014-7837
Malware in sbrugna...
EUVD-2008-0883
Malware in sbrugna...