EUVD-2026-22650

InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2026-33797

An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker, sending a specific genuine BGP packet in an already established BGP session to reset only that session causing a Denial of Service DoS. An attacker repeatedly...

EUVD-2026-12825

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in OpenText™ ZENworks Service Desk allows Cross-Site Scripting XSS. The vulnerability could allow an attacker to execute arbitrary JavaScript leading to unauthorized actions on behalf of the user.This...

CVE-2026-3278 XSS Vulnerability discovered in OpenText™ ZENworks Service Desk.

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in OpenText™ ZENworks Service Desk allows Cross-Site Scripting XSS. The vulnerability could allow an attacker to execute arbitrary JavaScript leading to unauthorized actions on behalf of the user.This...

CVE-2025-55307

An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. Opening a malicious PDF containing a crafted JavaScript call to search.query with a crafted cDIPath parameter e.g., "/" may cause an out-of-bounds read in internal path-parsing logic, potentially leadi...

golang security update

An update is available for golang. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The golang packages provide the Go programming language compiler. Security...

CVE-2024-52588

Strapi is an open-source content management system. Prior to version 4.25.2, inputting a local domain into the Webhooks URL field leads to the application fetching itself, resulting in a server side request forgery SSRF. This issue has been patched in version 4.25.2...

CVE-2025-24510

A vulnerability has been identified in MS/TP Point Pickup Module All versions. Affected devices improperly handle specific incoming BACnet MSTP messages. This could allow an attacker residing in the same BACnet network to send a specially crafted MSTP message that results in a denial of service...

CVE-2024-30152

creationtimestamp| type| source ---|---|--- 2025-04-25 18:08:14+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/13481 2025-04-25 21:19:54+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lno5mnge4u2a 2025-04-25 21:41:44+00:00| seen| https://t.me/cvedetector/23778...

CVE-2025-2069

creationtimestamp| type| source ---|---|--- 2025-04-25 16:15:43+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114399493625863180 2025-04-25 17:07:56+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/13473 2025-04-25 19:11:04+00:00| seen| https://t.me/cvedetector/23760...

CVE-2025-22026

In the Linux kernel, the following vulnerability has been resolved: nfsd: don't ignore the return code of svcprocregister Currently, nfsdprocstatinit ignores the return value of svcprocregister. If the procfile creation fails, then the kernel will WARN when it tries to remove the entry later. Fix...

Medium: ruby3.2

Issue Overview: In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host. CVE-2025-27221 Affected Packages: ruby3.2 Issue Correction: Run dnf update...

CVE-2025-21597

An Improper Check for Unusual or Exceptional Conditions vulnerability in routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer to cause Denial of Service DoS. On all Junos OS and Junos OS Evolved platforms, when BGP...

CVE-2025-21879

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free on inode when scanning root during em shrinking At btrfsscanroot we are accessing the inode's root and fsinfo in a call to btrfsfsclosing after we have scheduled the inode for a delayed iput, and that ca...

CVE-2025-2857

Firefox on Windows was vulnerable to a sandbox-escape in the IPC code where a compromised child process could cause the parent to return an unintentionally powerful handle. This pattern mirrors the Chrome/CVE-2025-2783 lineage and was exploited in the wild. The issue affected Firefox on Windows o...

CVE-2025-2532 Luxion KeyShot USDC File Parsing Use-After-Free Remote Code Execution Vulnerability

Luxion KeyShot USDC File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicio...

CVE-2025-25040

CVE-2025-25040 affects HPE Aruba CX 9300 CX-9300 switches running AOS-CX. The issue is in port ACL enforcement on routed ports for egress traffic, allowing bypass of ACLs and potential unauthorized traffic flow. Affected: AOS-CX 10.14.xxxx (all patches) and 10.15.xxxx (10.15.1000 and below). Not ...

CVE-2024-12032

creationtimestamp| type| source ---|---|--- 2024-12-25 03:24:05+00:00| seen| https://infosec.exchange/users/cve/statuses/113711319937158435 2024-12-25 04:15:30+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3le43xhu7nl2f 2024-12-25 06:17:23+00:00| seen|...

Asterisk 代码问题漏洞

Asterisk is software for a PBX system that runs on Linux and supports IP calls using SIP, IAX, and H323 protocols. Asterisk version 19.x and prior versions of STIR/SHAKEN contain a security vulnerability that originates from the ability to send arbitrary requests e.g., GET to interfaces such as...

CVE-2022-0001

creationtimestamp| type| source ---|---|--- 2022-03-10 11:08:32+00:00| seen| https://t.me/sysodmins/14260 2022-03-11 07:04:29+00:00| published-proof-of-concept| https://t.me/SecLabNews/11732 2022-03-11 16:40:00+00:00| published-proof-of-concept| https://t.me/truesecator/2723 2022-06-16...