Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from ipmr's call to mrmfcusesdev on an unparsed entry...

GLPI 信息泄露漏洞

GLPI is an open source IT and asset management software from GLPI Open Source. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

Google Cloud KMS Adds Quantum-Safe Digital Signatures to Defend Against Future Threats

Google Cloud has announced quantum-safe digital signatures in Google Cloud Key Management Service Cloud KMS for software-based keys as a way to bulletproof encryption systems against the threat posed by cryptographically-relevant quantum computers. The feature, currently in preview, coexists with...

[SECURITY] Fedora 41 Update: chromium-133.0.6943.126-1.fc41

Chromium is an open-source web browser, powered by WebKit Blink...

[SECURITY] Fedora 40 Update: chromium-133.0.6943.126-1.fc40

Chromium is an open-source web browser, powered by WebKit Blink...

CVE-2025-26617

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, historicopaciente.php endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthorized...

CVE-2025-26614

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, deletardocumento.php endpoint. This vulnerability allow an authorized attacker to execute arbitrary SQL queries, allowing access t...

Litespeed Technologie LiteSpeed QUIC（LSQUIC） 安全漏洞

Litespeed Technologie LiteSpeed QUIC LSQUIC is an open source implementation of QUIC and HTTP/3 functionality for servers and clients from Litespeed Technologie, USA. A security vulnerability exists in Litespeed Technologie LiteSpeed QUIC LSQUIC prior to version 4.2.0 that stems from the presence...

CVE-2025-26607 SQL Injection endpoint 'documento_excluir.php' parameter 'id_funcionario' in WeGIA

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, documentoexcluir.php endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthorized...

CVE-2025-26613 OS Command Injection endpoint 'gerenciar_backup.php' parameter 'file' (RCE) in WeGIA

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. An OS Command Injection vulnerability was discovered in the WeGIA application, gerenciarbackup.php endpoint. This vulnerability could allow an attacker to execute arbitrary code remotely. This issue ha...

[SECURITY] Fedora 40 Update: chromium-133.0.6943.98-1.fc40

Chromium is an open-source web browser, powered by WebKit Blink...

CVE-2025-25206

eLabFTW is an open source electronic lab notebook for research labs. Prior to version 5.1.15, an incorrect input validation could allow an authenticated user to read sensitive information, including login token or other content stored in the database. This could lead to privilege escalation if...

CVE-2025-25203 Ctrlpanel has stored XSS vulnerability in TicketsController priority field

CtrlPanel is open-source billing software for hosting providers. Prior to version 1.0, a Cross-Site Scripting XSS vulnerability exists in the TicketsController and Moderation/TicketsController due to insufficient input validation on the priority field during ticket creation and unsafe rendering o...

CVE-2025-25203 Ctrlpanel has stored XSS vulnerability in TicketsController priority field

CtrlPanel is open-source billing software for hosting providers. Prior to version 1.0, a Cross-Site Scripting XSS vulnerability exists in the TicketsController and Moderation/TicketsController due to insufficient input validation on the priority field during ticket creation and unsafe rendering o...

Siemens OpenV2G

SUMMARY The open source software OpenV2G contains a buffer overflow vulnerability that could allow an attacker to trigger a memory corruption. Siemens has released an update for the OpenV2G and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general security measure,...

CVE-2025-25187

Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by adding note titles to the document using React's dangerouslySetInnerHTML, without first escaping HTML entities. Joplin lacks a...

CVE-2021-39196

pcapture is an open source dumpcap web service interface . In affected versions this vulnerability allows an authenticated but unprivileged user to use the REST API to capture and download packets with no capture filter and without adequate permissions. This is important because the capture filte...

CVE-2021-39166

Pimcore is an open source data & experience management platform. Prior to version 10.1.2, text-values were not properly escaped before printed in the version preview. This allowed XSS by authenticated users with access to the resources. This issue is patched in Pimcore version 10.1.2...

CVE-2021-39162

Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, can abnormally terminate if an H/2 GOAWAY and SETTINGS frame are received in the same IO event. This can lead to a DoS in the presence of untrusted upstream servers. 0.15.1 contains an upgraded envoy binary...

[SECURITY] Fedora 41 Update: SimGear-2020.3.19-7.fc41

SimGear is a set of open-source libraries designed to be used as building blocks for quickly assembling 3d simulations, games, and visualization applications...