CVE-2025-3687 misstt123 oasys Sticky Notes cross-site request forgery

A vulnerability, which was classified as problematic, has been found in misstt123 oasys 1.0. Affected by this issue is some unknown functionality of the component Sticky Notes Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been...

CVE-2025-3687 misstt123 oasys Sticky Notes cross-site request forgery

A vulnerability, which was classified as problematic, has been found in misstt123 oasys 1.0. Affected by this issue is some unknown functionality of the component Sticky Notes Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been...

Fedora 41 : dotnet9.0 (2025-2edd9dc83b)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-2edd9dc83b advisory. This is the monthly update for .NET 9 for March 2025. Release Notes: - SDK: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.3/9.0.104.md -...

oasys 安全漏洞

oasys is an OA automated office system by the individual developer Programmer Second Senior Brother. A security vulnerability exists in oasys version 1.0, which stems from the Sticky Notes Handler component being susceptible to cross-site request forgery attacks...

Fedora 40 : dotnet9.0 (2025-78dcffbaa1)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-78dcffbaa1 advisory. This is the monthly update for .NET 9 for March 2025. Release Notes: - SDK: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.3/9.0.104.md -...

Low: cuda-toolkit-12

Issue Overview: NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service. CVE-2024-53870...

Fedora: Security Advisory (FEDORA-2025-e317a33d16)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 7 : mariadb-galera (RHSA-2014:1940)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:1940 advisory. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Galera is a synchronous multi-master clust...

Medium: ecs-service-connect-agent

Issue Overview: Envoy is a cloud-native high-performance edge/middle/service proxy. Prior to 1.33.1, 1.32.4, 1.31.6, and 1.30.10, Envoy's extproc HTTP filter is at risk of crashing if a local reply is sent to the external server due to the filter's life time issue. A known situation is the failur...

CVE-2025-32391

HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.3, a malicious SVG file uploaded to HedgeDoc results in the possibility of XSS when opened in a new tab instead of the editor itself. The XSS is possible by exploiting the JSONP capabilities of GitHub...

CVE-2025-32391

HedgeDoc has a vulnerability (CVE-2025-32391) up to version 1.10.2 where uploading a malicious SVG can trigger cross-site scripting when the file is opened in a new tab, via the GitHub Gist JSONP embedding feature. The issue affects instances using the local filesystem upload backend or configura...

e-Diary Management System add-notes.php File SQL Injection Vulnerability

The e-Diary Management System is an electronic diary management system. The e-Diary Management System suffers from a SQL injection vulnerability that originates from a missing validation of an externally entered SQL statement in the Category parameter of the add-notes.php file. An attacker can...

Important: Red Hat Security Advisory: Red Hat Edge Manager Version 0.5.1 (Technology Preview) security fixes

Red Hat Edge Manager Version 0.5.1 Technology Preview RPMs and security fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

CVE-2025-20950

Use of implicit intent for sensitive communication in SamsungNotes prior to version 4.4.26.45 allows local attackers to access sensitive information...

CVE-2025-20950

Use of implicit intent for sensitive communication in SamsungNotes prior to version 4.4.26.45 allows local attackers to access sensitive information...

PT-2025-15350 · Samsung · Samsung Notes

Name of the Vulnerable Software and Affected Versions: SamsungNotes versions prior to 4.4.26.45 Description: The issue allows local attackers to access sensitive information due to the use of implicit intent for sensitive communication. Recommendations: For versions prior to 4.4.26.45, update to...

Pixel Watch Security Bulletin—April 2025Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Watch Security Bulletin contains details of security vulnerabilities affecting Pixel Watch devices Google Devices. For Google devices, security patch levels of 2025-04-05 or later address all issues in this bulletin and all issues in the April 2025 Android Security Bulletin and all issu...

CVE-2025-3188

A vulnerability classified as critical has been found in PHPGurukul e-Diary Management System 1.0. This affects an unknown part of the file /add-notes.php. The manipulation of the argument Category leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

XXE (XML External Entity Injection) in Jira Core Data Center and Server and Jira Software Server

This High severity XXE XML External Entity Injection vulnerability was introduced in version 9.12.0 of Jira Core Data Center and Server and Jira Software Server. This XXE XML External Entity Injection vulnerability, with a CVSS Score of 7.7, allows an attacker to access local and remote content...

Medium: golang

Issue Overview: NOTE: https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ NOTE: https://github.com/golang/go/issues/71984 NOTE: Fixed by: https://github.com/golang/go/commit/334de7982f8ec959c74470dd709ceedfd6dbd50a go1.24.1 NOTE: Fixed by:...