CVE-2019-16768

In affected versions of Sylius, exception messages from internal exceptions like database exception are wrapped by \Symfony\Component\Security\Core\Exception\AuthenticationServiceException and propagated through the system to UI. Therefore, some internal system information may leak and be visible...

CVE-2018-25049

A vulnerability was found in email-existence. It has been rated as problematic. Affected by this issue is some unknown functionality of the file index.js. The manipulation leads to inefficient regular expression complexity. The name of the patch is 0029ba71b6ad0d8ec0baa2ecc6256d038bdd9b56. It is...

CVE-2015-10097

A vulnerability was found in grinnellplans-php up to 3.0. It has been declared as critical. Affected by this vulnerability is the function interfacedisppage/interfacedisppage of the file read.php. The manipulation leads to sql injection. The attack can be launched remotely. The identifier of the...

CVE-2013-10018

A vulnerability was found in fanzila WebFinance 0.5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file htdocs/prospection/savecontact.php. The manipulation of the argument nom/prenom/email/tel/mobile/client/fonction/note leads to sql injectio...

CVE-2025-48063 XWiki Platform Security Authorization Bridge allows users with just edit right can enforce required rights with programming right

XWiki is a generic wiki platform. In XWiki 16.10.0, required rights were introduced as a way to limit which rights a document can have. Part of the security model of required rights is that a user who doesn't have a right also cannot define that right as required right. That way, users who are...

Security update for the Linux Kernel RT (Live Patch 4 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506001014 fixes several issues. The following security issues were fixed: CVE-2024-53042: ipv4: iptunnel: Fix suspicious RCU usage warning in iptunnelinitflow bsc1233678. CVE-2024-53156: wifi: ath9k: add range check for connrspepid in htcconnectservice...

CVE-2025-47934

OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. Startinf in version 5.0.1 and prior to versions 5.11.3 and 6.1.1, a maliciously modified message can be passed to either openpgp.verify or openpgp.decrypt, causing these functions to return a valid signature verification result...

CVE-2025-47782 motionEye vulnerable to RCE in add_camera Function Due to unsafe command execution

motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed camera device path with the add/addcamera motionEye web API allows an attacker with motionEye admin user credentials to execute...

Alibaba Cloud Linux 3 : 0171: java-1.8.0-openjdk (ALINUX3-SA-2022:0171)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0171 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-21619: Vulnerability in the Oracl...

CVE-2025-47271 OZI-Project/ozi-publish Code Injection vulnerability

The OZI action is a GitHub Action that publishes releases to PyPI and mirror releases, signature bundles, and provenance in a tagged release. In versions 1.13.2 through 1.13.5, potentially untrusted data flows into PR creation logic. A malicious actor could construct a branch name that injects...

PT-2025-20803 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver affected versions not specified Description: A critical issue in SAP NetWeaver is being actively exploited by Chinese state-sponsored hackers. Organizations are urged to patch immediately to mitigate the risk. Recommendations: A...

CVE-2023-53122

No description is available for this CVE...

CVE-2023-53122

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2023-53122

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2023-53122

...

CVE-2025-46554

XWiki is a generic wiki platform. In versions starting from 1.8.1 to before 14.10.22, from 15.0-rc-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.7.0, anyone can access the metadata of any attachment in the wiki using the wiki attachment REST endpoint...

CVE-2025-32777 Volcano Scheduler Denial of Service via Unbounded Response from Elastic Service/extender Plugin

Volcano is a Kubernetes-native batch scheduling system. Prior to versions 1.11.2, 1.10.2, 1.9.1, 1.11.0-network-topology-preview.3, and 1.12.0-alpha.2, attacker compromise of either the Elastic service or the extender plugin can cause denial of service of the scheduler. This is a privilege...

CVE-2025-32971 XWiki Solr script service doesn't take dropped programming right into account

XWiki is a generic wiki platform. In versions starting from 4.5.1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the Solr script service doesn't take dropped programming rights into account. The Solr script service that is accessible in XWiki's...

Exploit for Cross-Site Request Forgery (CSRF) in Nosurf_Project Nosurf

CVE-2025-46721: CSRF...

Security update for the Linux Kernel (Live Patch 52 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059188 fixes one issue. The following security issue was fixed: CVE-2024-56650: netfilter: xtables: fix LED ID check in ledtgcheck bsc1235431. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...