CVE-2025-6013 Vault LDAP MFA Enforcement Bypass When Using Username As Alias

Vault and Vault Enterprise’s “Vault” ldap auth method may not have correctly enforced MFA if usernameasalias was set to true and a user had multiple CNs that are equal but with leading or trailing spaces. Fixed in Vault Community Edition 1.20.2 and Vault Enterprise 1.20.2, 1.19.8, 1.18.13, and...

Improper Handling of Case Sensitivity

Overview github.com/hashicorp/vault/builtin/credential/ldap is a package ldap for Hashicorp. Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity via the pathLoginAliasLookahead implementation. An attacker can gain unauthorized access and bypass authentication...

CVE-2025-51403

A stored cross-site scripting XSS vulnerability in the department assignment editing module of of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Alias Nick parameter...

CVE-2025-51403

A stored cross-site scripting XSS vulnerability in the department assignment editing module of of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Alias Nick parameter...

CVE-2025-51403

Vulnerability : CVE-2025-51403 affects Live Helper Chat (v4.60/v4.61 era) in the department assignment editing module. The issue is a stored XSS via the Alias Nick field, caused by insufficient validation/escaping of user input. Impact : stored XSS could allow a logged-in user with low privileges...

Live Helper Chat 安全漏洞

Live Helper Chat is an open source plugin that supports online chat by an individual developer Live Helper Chat. Provides chat functionality for web platforms. A security vulnerability exists in Live Helper Chat version v4.60, which stems from insufficient validation of the Alias Nick parameter...

Exploit for Cross-site Scripting in Livehelperchat Live_Helper_Chat

Exploit Title: LiveHelperChat...

SUSE CVE-2025-38286

In the Linux kernel, the following vulnerability has been resolved: pinctrl: at91: Fix possible out-of-boundary access at91gpioprobe doesn't check that given OF alias is not available or something went wrong when trying to get it. This might have consequences when accessing gpiochips array with...

DEBIAN-CVE-2025-38286

In the Linux kernel, the following vulnerability has been resolved: pinctrl: at91: Fix possible out-of-boundary access at91gpioprobe doesn't check that given OF alias is not available or something went wrong when trying to get it. This might have consequences when accessing gpiochips array with...

UBUNTU-CVE-2025-38286

In the Linux kernel, the following vulnerability has been resolved: pinctrl: at91: Fix possible out-of-boundary access at91gpioprobe doesn't check that given OF alias is not available or something went wrong when trying to get it. This might have consequences when accessing gpiochips array with...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an unchecked OF alias validity that could lead to out-of-bounds access to arrays...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/sched: actmirred: don't override retval if we already lost the skb CVE-2024-26739 In the Linux kernel, the following vulnerability has been resolved: mm/vmscan: fix a bug calling wakeupkswapd with a wrong zone...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix WRITESAME No Data Buffer crash In newer version of the SBC specs, we have a NDOB bit that indicates there is no data buffer that gets written out. If this bit is set using commands like...

GraphQL Alias Overloading Enabled

GraphQL is an open-source query and manipulation language for APIs. GraphQL alias overloading is a vulnerability where an attacker sends queries with numerous aliased fields to cause server performance degradation. The server must process each alias separately, which can lead to excessive CPU...

Intel Xeon 6 Processor Elevation of Privilege Vulnerability

The Intel Xeon 6 Processor is a new generation of server processors from Intel aimed at data centers, artificial intelligence AI and high performance computing HPC. The Intel Xeon 6 Processor suffers from an elevation of privilege vulnerability that stems from insufficient control flow management...

CVE-2024-45308

HedgeDoc is an open source, real-time, collaborative, markdown notes application. When using HedgeDoc 1 with MySQL or MariaDB, it is possible to create notes with an alias matching the ID of existing notes. The affected existing note can then not be accessed anymore and is effectively hidden by t...

CVE-2023-47163

Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Processing untrusted YAML files may cause a denial-of-service DoS condition...

CVE-2022-24565

Checkmk =2.0.0p19 Fixed in 2.0.0p20 and Checkmk =1.6.0p27 Fixed in 1.6.0p28 are affected by a Cross Site Scripting XSS vulnerability. The Alias of a site was not properly escaped when shown as condition for notifications...

CVE-2021-28054

An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A Stored Cross-Site Scripting XSS issue in "Configuration Hosts" allows remote authenticated users to inject arbitrary web script or HTML via the Alias parameter...

CVE-2020-14927

Navigate CMS 2.9 allows XSS via the Alias or Real URL field of the "Web Sites Create Aliases Add" screen...