Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Insufficiently Random Values vulnerability in form-data.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Insufficiently Random Values vulnerability in form-data.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which could provide weaker than expected security due to crypto.js and vulnerable to CVE-2020-36732.

Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which could provide weaker than expected security due to crypto.js and vulnerable to CVE-2020-36732. This bulletin contains information addressing the vulnerability. Vulnerability Details...

curl: HTTP/3 Protocol Smuggling and Header Injection via CRLF in QPACK value conversion

A fundamental design flaw exists in how libcurl handles HTTP/3 QUIC response headers across all supported backends ngtcp2, quiche, openssl-quic. The vulnerability stems from the unsafe transcoding of binary QPACK headers HTTP/3 into the textual HTTP/1.1 format used internally by curl's pipeline...

SUSE CVE-2022-50736

In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix immediate work request flush to completion queue Correctly set send queue element opcode during immediate work request flushing in post sendqueue operation, if the QP is in ERROR state. An undefined ocode value...

SUSE CVE-2025-68365

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Initialize allocated memory before use KMSAN reports: Multiple uninitialized values detected: - KMSAN: uninit-value in ntfsreadhdr 3 - KMSAN: uninit-value in bcmp 3 Memory is allocated by getname, which is a wrapper for...

Apache Airflow Information Disclosure Vulnerability (CNVD-2026-00003)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow suffers from an information disclosure vulnerability th...

CVE-2018-25135 Anviz AIM CrossChex Standard 4.3.6.0 CSV Injection via User Import

Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers can craft payloads in fields like 'Name', 'Gender', or 'Position' to trigger Excel macro execution when importing...

CVE-2018-25135 Anviz AIM CrossChex Standard 4.3.6.0 CSV Injection via User Import

Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers can craft payloads in fields like 'Name', 'Gender', or 'Position' to trigger Excel macro execution when importing...

CVE-2023-54062

In the Linux kernel, the following vulnerability has been resolved: ext4: fix invalid free tracking in ext4xattrmovetoblock In ext4xattrmovetoblock, the value of the extended attribute which we need to move to an external block may be allocated by kvmalloc if the value is stored in an external...

CVE-2023-54062 ext4: fix invalid free tracking in ext4_xattr_move_to_block()

In the Linux kernel, the following vulnerability has been resolved: ext4: fix invalid free tracking in ext4xattrmovetoblock In ext4xattrmovetoblock, the value of the extended attribute which we need to move to an external block may be allocated by kvmalloc if the value is stored in an external...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not properly limiting values from firmware files, which could result in an integer overflow...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that originates from incorrectly setting the header generation time in the btrfsinitnewbuffer function, which could lead to the...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a substitution of incorrect ASCE index values, which could lead to address delivery errors and validity...

PT-2025-53355

Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers can craft payloads in fields like 'Name', 'Gender', or 'Position' to trigger Excel macro execution when importing...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the presence of uninitialized values in the idmouseopen function...

Anviz AIM CrossChex Standard 安全漏洞

Anviz AIM CrossChex Standard is a time and attendance and access control management software from Anviz Corporation. A security vulnerability exists in Anviz AIM CrossChex Standard version 4.3.6.0, which stems from a user import field that can be used to insert malicious formulas, potentially...

Missing Authorization

Jenkins is vulnerable to Missing Authorization. The vulnerability is due to a missing permission check on viewing encrypted credential data, which allows attackers with only View/Read permissions to access and view encrypted password values in views...

kernel: ext4: fix undefined behavior in bit shift for ext4_check_flag_values

A vulnerability was identified in the Linux kernel's ext4 filesystem implementation due to a flaw in how it processes filesystem metadata. An attacker with local privileges could create a malicious ext4 filesystem image to trigger this issue. When the system attempts to mount this malicious image...

RHEL 7 : kernel (RHSA-2025:23947)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:23947 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: ALSA: usb-audio: Validate UAC...

CVE-2023-53929

phpMyFAQ 3.1.12 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into their profile names. Attackers can modify their user profile name with a payload like 'calc|a!z|' to trigger code execution when an administrator exports user data as a CSV fil...