OpenSlides 访问控制错误漏洞

OpenSlides is an open-source, free web-based system for presentations and meetings. It is used to manage meeting agendas, motions, and votes. Versions of OpenSlides prior to 4.2.29 had a security vulnerability related to access control. This vulnerability stemmed from improper access control duri...

📄 Microsoft Windows 11 Build 10.0.27898.1000 Advanced Admin Protection Bypass

This enhanced proof of concept demonstrates an advanced method for bypassing Windows Administrator Protection by manipulating registry hives using both WinAPI and NTAPI. The code implements safe smart‑pointer wrappers for handles, secure SID management, deep registry enumeration, privilege checks...

ROS-20260203-73-0048

A vulnerability in the netfilter component of the Linux operating system kernel is related to simultaneous execution using a shared resource with improper synchronization. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data, compromise its integrity, and cau...

Exploit for CVE-2025-2304

PoC: CVE-2025-2304 - Camaleon CMS Privilege Escalation Tec...

CVE-2020-36966

Dolibarr 11.0.3 contains a persistent cross-site scripting vulnerability in LDAP synchronization settings that allows attackers to inject malicious scripts through multiple parameters. Attackers can exploit the host, slave, and port parameters in /dolibarr/admin/ldap.php to execute arbitrary...

UBUNTU-CVE-2020-36966

Dolibarr 11.0.3 contains a persistent cross-site scripting vulnerability in LDAP synchronization settings that allows attackers to inject malicious scripts through multiple parameters. Attackers can exploit the host, slave, and port parameters in /dolibarr/admin/ldap.php to execute arbitrary...

EUVD-2020-30964

Dolibarr 11.0.3 contains a persistent cross-site scripting vulnerability in LDAP synchronization settings that allows attackers to inject malicious scripts through multiple parameters. Attackers can exploit the host, slave, and port parameters in /dolibarr/admin/ldap.php to execute arbitrary...

CVE-2020-36966

CVE-2020-36966 affects Dolibarr 11.0.3: a persistent XSS in LDAP synchronization (/dolibarr/admin/ldap.php) allows injection via host, slave, and port parameters, enabling arbitrary JavaScript execution and potential cookie theft. Public sources describe the vulnerability; no patch details are pr...

Exploit for CVE-2026-7731

CTT-Refraction-Vortex-CVE-2026-7731- Under CTT, we see it as a...

Dolibarr cross-site scripting vulnerabilities

Dolibarr is an open-source application developed by Dolibarr developers. It helps manage activities of user organizations. Version Dolibarr 11.0.3 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper cleaning of the host, slave, and port parameters in LDAP...

Survey of 100+ Energy Systems Reveals Critical OT Cybersecurity Gaps

A study by OMICRON has revealed widespread cybersecurity gaps in the operational technology OT networks of substations, power plants, and control centers worldwide. Drawing on data from more than 100 installations, the analysis highlights recurring technical, organizational, and functional issues...

Icinga 2 security vulnerabilities

Icinga 2 is an open-source monitoring system developed by Icinga. Versions of Icinga 2 prior to 2.13.14, 2.14.8, and 2.15.2 contained security vulnerabilities. These vulnerabilities were caused by improper Windows folder permission settings, which could allow all local users to access private key...

Funambol security vulnerabilities

Funambol is a data synchronization framework developed by the Funambol company in the United States. Version Funambol v30.0.0.20 contains a security vulnerability. This vulnerability stems from the URL displayed in the thumbnail; attackers can decrypt and encrypt the parameters used by the...

ROS-20260128-73-0059

Vulnerability in kernel-lt related to synchronization errors when using a shared resource. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Advisory ROSA-SA-2026-3126

software: suricata 7.0.12 AXIS: ROSA-CHROME unaffected versions = suricata-7.0.12-1 affected versions suricata-7.0.12-1 CVE-ID: CVE-2025-59147 BDU-ID: 2025-12460 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Suricata Intrusion Detection and Prevention System is related to incorrect security...

SUSE CVE-2025-71162

In the Linux kernel, the following vulnerability has been resolved: dmaengine: tegra-adma: Fix use-after-free A use-after-free bug exists in the Tegra ADMA driver when audio streams are terminated, particularly during XRUN conditions. The issue occurs when the DMA buffer is freed by...

ROS-20260126-73-0021

A vulnerability in the Linux operating system kernel is related to synchronization errors when using a shared resource. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

CVE-2025-71162

In the Linux kernel, the following vulnerability has been resolved: dmaengine: tegra-adma: Fix use-after-free A use-after-free bug exists in the Tegra ADMA driver when audio streams are terminated, particularly during XRUN conditions. The issue occurs when the DMA buffer is freed by...

CVE-2025-71162

In the Linux kernel, the following vulnerability has been resolved: dmaengine: tegra-adma: Fix use-after-free A use-after-free bug exists in the Tegra ADMA driver when audio streams are terminated, particularly during XRUN conditions. The issue occurs when the DMA buffer is freed by...

UBUNTU-CVE-2025-71162

In the Linux kernel, the following vulnerability has been resolved: dmaengine: tegra-adma: Fix use-after-free A use-after-free bug exists in the Tegra ADMA driver when audio streams are terminated, particularly during XRUN conditions. The issue occurs when the DMA buffer is freed by...