6771 matches found
USN-7228-1 libreoffice vulnerabilities
Thomas Rinsma discovered that LibreOffice incorrectly handled paths when processing embedded font files. If a user or automated system were tricked into opening a specially crafted LibreOffice file, a remote attacker could possibly use this issue to create arbitrary files ending with ".ttf"...
SUSE CVE-2025-22865
Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed...
PT-2025-5343 · Webpack +2 · Webpack +2
Name of the Vulnerable Software and Affected Versions: Nuxt versions 3.0.0 through 3.15.12 Nuxt versions 3.12.2 through 3.152 Description: Source code may be stolen during development when using the webpack or rspack builder and a victim opens a malicious website. Because the request for classic...
WordPress plugin Import WP – Export and Import CSV and XML files to WordPress 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Import WP -...
KWHotel 安全漏洞
KWHotel is a hotel software for desktop, web and mobile devices from KWHotel, Inc. A security vulnerability exists in KWHotel version 0.47, which stems from a CSV formula injection in the Add Guest function...
KWHotel 安全漏洞
KWHotel is a hotel software for desktop, web and mobile devices from KWHotel, Inc. A security vulnerability exists in KWHotel version 0.47, which stems from a CSV formula injection in the Add Invoice feature...
CVE-2025-22150
A flaw was found in the undici package for Node.js. Undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests t...
Use of Insufficiently Random Values in undici
Impact Undici fetch uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled websit...
CVE-2025-22150
Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...
CVE-2025-22150 Undici Uses Insufficiently Random Values
Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...
CVE-2025-22150 Undici Uses Insufficiently Random Values
Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...
CVE-2025-22150
Undici (HTTP/1.1 client) is affected by CVE-2025-22150 in versions prior to 5.28.5, 6.21.1, and 7.2.3 due to using Math.random() to generate multipart/form-data boundaries. This can enable an attacker-controlled endpoint to tamper with requests if specific conditions are met, potentially affectin...
CVE-2025-22150
Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...
Security update for pam_u2f
This update for pamu2f fixes the following issues: CVE-2025-23013: Fixed problematic PAMIGNORE return values in pamsmauthenticate bsc1233517 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you ca...
WordPress plugin Import any XML or CSV File to WordPress PRO 跨站脚本漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Import any XML or CSV Fil...
SUSE CVE-2024-55565
nanoid aka Nano ID before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version...
CLSA-2025-1737153705 squid34: Fix of CVE-2024-25617
CVE-2024-25617: Improve handling of expanding HTTP header values to prevent DoS...
CLSA-2025-1737153996 squid34: Fix of CVE-2024-25617
CVE-2024-25617: Improve handling of expanding HTTP header values to prevent DoS...
SUSE SLES15 Security Update : kernel (Live Patch 28 for SLE 15 SP4) (SUSE-SU-2025:0111-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0111-1 advisory. This update for the Linux Kernel 5.14.21-15040024125 fixes several issues. The following security issues were fixed: - CVE-2024-50264:...
CVE-2024-12086
A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare wi...