CVE-2025-55006

CVE-2025-55006 affects Frappe LMS 2.34.x/2.35.0. The issue stems from an incomplete fix for CVE-2025-55006, enabling cross-site scripting via manipulated input. Remote exploitation is described as possible; an exploit has been made public per connected sources. A remediation is to upgrade to a ve...

CVE-2025-55006 Frappe Learning Holds Potential for Malicious SVG Upload in Image Upload Feature

Frappe Learning is a learning system that helps users structure their content. In versions 2.33.0 and below, the image upload functionality did not adequately sanitize uploaded SVG files. This allowed users to upload SVG files containing embedded JavaScript or other potentially malicious content...

CVE-2025-55135

In Agora Foundation Agora fall23-Alpha1 before 690ce56, there is XSS via a profile picture to server/controller/userController.js. Formats other than PNG, JPEG, and WEBP are permitted by server/routes/userRoutes.js; this includes SVG...

Frappe Learning 输入验证错误漏洞

Frappe Learning is an easy-to-use open source learning management system from Frappe Open Source. An input validation error vulnerability exists in Frappe Learning version 2.33.0 and earlier, which stems from insufficient cleanup of uploaded SVG files and could lead to the execution of arbitrary...

Balancing Privacy and Efficiency: Music Information Retrieval Via Additive Homomorphic Encryption

In the era of generative AI, ensuring the privacy of music data presents unique challenges: unlike static artworks such as images, music data is inherently temporal and multimodal, and it is sampled, transformed, and remixed at an unprecedented scale. These characteristics make its core vector...

PT-2025-32424

Name of the Vulnerable Software and Affected Versions Frappe Learning versions 2.33.0 and below Description Frappe Learning is a learning system designed to help users structure content. The image upload functionality did not properly sanitize uploaded SVG files, allowing users to upload files...

Linux Distros Unpatched Vulnerability : CVE-2020-15254

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that Vec::fromiter ha...

Linux Distros Unpatched Vulnerability : CVE-2022-50143

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: intelth: Fix a resource leak in an error handling path If an error occurs after calling...

Linux Distros Unpatched Vulnerability : CVE-2020-10684

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansiblefacts as a subkey of...

Linux Distros Unpatched Vulnerability : CVE-2023-45359

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-toc-toggle-button-label is not escaped, but...

arm64/fpsimd: Discard stale CPU state when handling SME traps

...

Linux Distros Unpatched Vulnerability : CVE-2010-3192

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Certain run-time memory protection mechanisms in the GNU C Library aka glibc or libc6 print argv0 and backtrace information, which might allow context-dependent...

openSUSE Security Advisory (SUSE-SU-2025:02666-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Advisory (SUSE-SU-2025:02672-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the StyleElement class in the SVG image processing library canvg allows an attacker to execute a “ prototype pollution ” attack.

The vulnerability of the StyleElement class in the SVG image processing library is related to uncontrolled changes to prototype attributes of objects. Exploiting this vulnerability could allow a malicious actor to execute a “prototype pollution” attack...

Why AI Systems Use Vector Databases to Improve Performance and Reduce Costs

...

SUSE: Security Advisory (SUSE-SU-2025:02589-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2025-c5b7a12d2d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2025:02563-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-4259-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...