PT-2025-28012 · Mbed Tls · Mbed Tls

Name of the Vulnerable Software and Affected Versions: MbedTLS versions 3.3.0 through 3.6.3 Description: The issue allows an attacker to bypass LMS signature verification by reusing stale stack data, resulting in the acceptance of an invalid signature. This occurs when unchecked return values in...

Red Hat Ansible Automation Platform 代码注入漏洞

Red Hat Ansible Automation Platform Red Hat AAP is a unified solution for enabling strategic automation from Red Hat USA. A code injection vulnerability exists in Red Hat Ansible Automation Platform that stems from unvalidated user-supplied Git branches or reference values, which could lead to...

UBUNTU-CVE-2025-6709

The MongoDB Server is susceptible to a denial of service vulnerability due to improper handling of specific date values in JSON input when using OIDC authentication. This can be reproduced using the mongo shell to send a malicious JSON payload leading to an invariant failure and server crash. Thi...

CVE-2023-47295

A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings...

Evaluating Large Language Models for Phishing Detection, Self-Consistency, Faithfulness, and Explainability

Phishing attacks remain one of the most prevalent and persistent cybersecurity threat with attackers continuously evolving and intensifying tactics to evade the general detection system. Despite significant advances in artificial intelligence and machine learning, faithfully reproducing the...

Allegra 授权问题漏洞

Allegra is a project management software for mid-sized organizations from Allegra. An authorization issue vulnerability exists in Allegra that stems from a password recovery mechanism that relies on predictable values, which could lead to authentication bypass...

CVE-2025-45525

A NULL pointer dereference vulnerability has been identified in the JavaScript library microlight version 0.0.7, a lightweight syntax highlighting library. When processing elements with non-standard CSS color values, the library fails to validate the result of a regular expression match before...

PT-2025-25753 · Unknown · Microlight.Js

Name of the Vulnerable Software and Affected Versions: microlight.js version 0.0.7 Description: A null pointer dereference issue was discovered in a lightweight syntax highlighting library. The library fails to validate the result of a regular expression match before accessing its properties when...

CVE-2025-45525

A NULL pointer dereference vulnerability has been identified in the JavaScript library microlight version 0.0.7, a lightweight syntax highlighting library. When processing elements with non-standard CSS color values, the library fails to validate the result of a regular expression match before...

CVE-2025-49581

XWiki is a generic wiki platform. Any user with edit right on a page could be the user's profile can execute code Groovy, Python, Velocity with programming right by defining a wiki macro. This allows full access to the whole XWiki installation. The main problem is that if a wiki macro parameter...

CVE-2025-49581 XWiki allows remote code execution through default value of wiki macro wiki-type parameters

XWiki is a generic wiki platform. Any user with edit right on a page could be the user's profile can execute code Groovy, Python, Velocity with programming right by defining a wiki macro. This allows full access to the whole XWiki installation. The main problem is that if a wiki macro parameter...

starcitizentools/citizen-skin allows stored XSS in user registration date message

Summary Various date messages returned by Language::userDate are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. Details The result of $this-lang-userDate $timestamp, $this-user returns unescaped values, but is inserted as raw HTML by...

Security update for kubernetes1.24

This update for kubernetes1.24 fixes the following issues: CVE-2025-22872: Properly handle trailing solidus in unquoted attribute value in foreign content bsc1241865. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

PT-2025-27968

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, related to the SFQ perturb period in the net sched module. The issue was reported by Gerrard Tai, who found that the SFQ perturb...

CVE-2025-40658

An Insecure Direct Object Reference IDOR vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelection.asp...

Security update for libraw

This update for libraw fixes the following issues: CVE-2025-43961: Fixed out-of-bounds read in the Fujifilm 0xf00c tag parser in metadata/tiff.cpp bsc1241643 CVE-2025-43962: Fixed out-of-bounds read when tag 0x412 processing in phaseonecorrect function bsc1241585 CVE-2025-43963: Fixed out-of-buff...

SUSE-SU-2025:01811-1 Security update for gnuplot

This update for gnuplot fixes the following issues: - CVE-2025-31176: invalid read leads to segmentation fault on plot3dpoints bsc1240325. - CVE-2025-31177: improper bounds check leads to heap-buffer overflow on utf8copyone bsc1240326. - CVE-2025-31178: unvalidated user input leads to segmentatio...

CVE-2025-0325

A Guard Tour VAPIX API parameter allowed the use of arbitrary values and can be incorrectly called, allowing an attacker to block access to the guard tour configuration page in the web interface of the Axis device...

Craft CMS External Control of Assumed-Immutable Web Parameter Vulnerability

Craft CMS contains an external control of assumed-immutable web parameter vulnerability. This vulnerability could allow an unauthenticated client to introduce arbitrary values, such as PHP code, to a known local file location on the server. This vulnerability could be chained with CVE-2024-58136 ...

Privacy-Aware, Public-Aligned: Embedding Risk Detection and Public Values into Scalable Clinical Text De-Identification for Trusted Research Environments

Clinical free-text data offers immense potential to improve population health research such as richer phenotyping, symptom tracking, and contextual understanding of patient care. However, these data present significant privacy risks due to the presence of directly or indirectly identifying...