Liferay Cross-site Scripting vulnerability

A stored cross-site scripting XSS vulnerability exists with radio button type custom fields in Liferay Portal 7.2.0 through 7.4.3.129, and Liferay DXP 2024.Q4.1 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10...

Trusted Identities for AI Agents: Leveraging Telco-Hosted ESIM Infrastructure

The rise of autonomous AI agents in enterprise and industrial environments introduces a critical challenge: how to securely assign, verify, and manage their identities across distributed systems. Existing identity frameworks based on API keys, certificates, or application-layer credentials lack t...

CVE-2025-32850

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'LockTcmSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and...

The vulnerability of the ASP.NET Core software platform and the Microsoft Visual Studio development environment, related to authentication bypass techniques, allows attackers to escalate their privileges.

The vulnerability of the ASP.NET Core software platform and the Microsoft Visual Studio development environment is related to the ability to bypass authentication. Exploiting this vulnerability can allow attackers to enhance their privileges remotely...

Ubuntu: Security Advisory (USN-7405-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in the Snowflake JDBC driver

Summary Multiple vulnerabilities in the Snowflake JDBC driver that is used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2024-43382 DESCRIPTION: Snowflake JDBC driver could provide weaker than expected security, caused by an incorrect security setting. A remote...

The vulnerability of the Form_Login() function in TOTOLINK EX200 router microprogramming software allows a intruder to bypass security restrictions.

The vulnerability of the FormLogin function in TOTOLINK EX200 router microprogramming software relates to bypassing the authentication process by using an alternative path or channel. Exploiting this vulnerability allows a malicious actor to circumvent security restrictions remotely...

freeradius bug fix update

An update is available for freeradius. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list FreeRADIUS is a high-performance and highly configurable free Remote...

CVE-2025-2339

A vulnerability was found in otale Tale Blog 2.0.5. It has been classified as problematic. This affects an unknown part of the file /%61dmin/api/logs. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public an...

hostapd vulnerable to improper processing of RADIUS packets

Overview hostapd provided by Jouni Malinen fails to process crafted RADIUS packets properly CWE-826. KUSABA Takeshi of Internet Initiative Japan Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When...

CVE-2024-54085

AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability...

CVE-2024-54085

AMI MegaRAC SPx BMC contains an authentication bypass via the Redfish Host Interface that allows remote attackers to bypass authentication. This affects SPx products, with CVSS data indicating CRITICAL impact (NVD CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, base 9.8) and (CVSS 4.0: AV:N/AC:L/A...

Linux Distros Unpatched Vulnerability : CVE-2023-2088

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated...

Linux Distros Unpatched Vulnerability : CVE-2015-0241

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The tochar function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticate...

Linux Distros Unpatched Vulnerability : CVE-2016-5420

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the...

Linux Distros Unpatched Vulnerability : CVE-2016-3521

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and...

Esri ArcGIS Server 路径遍历漏洞

Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A path traversal vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which stems from the program failing to properly filter for special elements in the path of a resour...

Linux Distros Unpatched Vulnerability : CVE-2010-2940

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The authsend function in providers/ldap/ldapauth.c in System Security Services Daemon SSSD 1.3.0, when LDAP authentication and anonymous bind are enabled, allow...

Linux Distros Unpatched Vulnerability : CVE-2011-0904

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and...

CVE-2024-47266

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in share file list functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users with administrator privileges to read specific files...