The vulnerability of Websoft HCM’s automation software for HR processes lies in the lack of measures taken to protect the website structure, allowing attackers to carry out XSS attacks.

The vulnerability of Websoft HCM’s automation software for HR processes is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks by injecting specially crafted JavaScript code into HTML pages...

ROS-20250710-12

A vulnerability in the Libexif library for grammar parsing EXIF files is related to an optimization of the compiler optimization that removes buffer overflow protection in libexif. Exploitation of the vulnerability could Allow an attacker acting remotely to execute arbitrary code on the target...

The vulnerability of Websoft HCM’s automation software for HR processes lies in the lack of measures taken to protect the website structure, allowing attackers to carry out XSS attacks.

The vulnerability of Websoft HCM’s automation software for HR processes is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks by sending specially crafted HTTP requests remotely...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from adxlcomponentcount not being reset, which could lead to a generic protection error...

Important: kernel6.12

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: schhfsc: Fix qlen accounting bug when using peek in hfscenqueue CVE-2025-38000 In the Linux kernel, the following vulnerability has been resolved: can: bcm: add missing rcu read protection for procfs content...

The vulnerability of the “Maxima Praidex” electronic queue management system lies in the lack of measures taken to protect the SQL query structure, allowing attackers to execute arbitrary code.

The vulnerability of the “Maxima Praidex” electronic queue management system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted SQL query remotely...

The vulnerability of the Windows operating system’s kernel allows attackers to disclose sensitive information that is protected by security measures.

The vulnerability of the Windows operating system’s kernel is related to insufficient protection of privileged functions. Exploiting this vulnerability can allow an attacker to disclose protected information...

DRUPAL-CONTRIB-2025-088

This module enables users to login by email address with the minimal configurations. The module included some protection against brute force attacks on the login form, however they were incomplete. An attacker could bypass the brute force protection allowing them to potentially gain access to an...

CVE-2025-38264 nvme-tcp: sanitize request list handling

In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: sanitize request list handling Validate the request in nvmetcphandler2t to ensure it's not part of any list, otherwise a malicious R2T PDU might inject a loop in request list processing...

CVE-2025-38260 btrfs: handle csum tree error with rescue=ibadroots correctly

In the Linux kernel, the following vulnerability has been resolved: btrfs: handle csum tree error with rescue=ibadroots correctly BUG There is syzbot based reproducer that can crash the kernel, with the following call trace: With some debug output added DEBUG: rescue=ibadroots parsed BTRFS: devic...

CVE-2025-38260 btrfs: handle csum tree error with rescue=ibadroots correctly

In the Linux kernel, the following vulnerability has been resolved: btrfs: handle csum tree error with rescue=ibadroots correctly BUG There is syzbot based reproducer that can crash the kernel, with the following call trace: With some debug output added DEBUG: rescue=ibadroots parsed BTRFS: devic...

RHSA-2025:10671 Red Hat Security Advisory: kernel security update

Bulletin has no description...

CVE-2025-49535

creationtimestamp| type| source ---|---|--- 2025-07-09 00:24:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ltikhgrlxm2i...

Mail Login - Critical - Access bypass - SA-CONTRIB-2025-088

This module enables users to login by email address with the minimal configurations. The module included some protection against brute force attacks on the login form, however they were incomplete. An attacker could bypass the brute force protection allowing them to potentially gain access to an...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a memdupuser computational overflow in the s390 pkey driver, which could lead to a memory allocation error...

The vulnerability of the PI Connector for CygNet software in data integration lies in the insufficient protection of the website structure, which allows attackers to carry out XSS attacks.

The vulnerability of the PI Connector for CygNet data integration software is related to insufficient protection of the website structure. Exploiting this vulnerability could allow an attacker to carry out XSS attacks...

The vulnerability of the Adobe Experience Manager content and media data management system, related to the lack of measures taken to protect the website structure, allows a perpetrator to execute arbitrary code.

The vulnerability of the Adobe Experience Manager content and media data management system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

The vulnerability of the “Import from XML and YML” plugin exists due to the lack of protective measures for website structure. This allows attackers to execute XSS attacks.

The vulnerability of the “Import from XML, and YML” plugin exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

The vulnerability of the “Export to Excel” plugin, which exists due to the lack of protective measures for website structures, allows attackers to carry out XSS attacks.

The vulnerability of the “Export to Excel” plugin exists due to the lack of security measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

The vulnerability of the OpenSearch software package lies in its lack of measures to protect the structure of web pages, allowing attackers to execute arbitrary code.

The vulnerability of the OpenSearch software package is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability could allow a perpetrator to execute arbitrary code...