CVE-2025-1165

A vulnerability, which was classified as critical, was found in Lumsoft ERP 8. Affected is the function DoUpload/DoWebUpload of the file /Api/FileUploadApi.ashx. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been...

CVE-2024-5714

In lunary-ai/lunary version 1.2.4, an improper access control vulnerability allows members with team management permissions to manipulate project identifiers in requests, enabling them to invite users to projects in other organizations, change members to projects in other organizations with...

Google Chrome < 133.0.6943.53 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 133.0.6943.53. It is, therefore, affected by multiple vulnerabilities as referenced in the 202502stable-channel-update-for-desktop advisory. - Inappropriate implementation in Extensions API in Google Chrome prior to...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 12 security fixes: 390889644 High CVE-2025-0444: Use after free in Skia. Reported by Francisco Alonso @revskills on 2025-01-19 392521083 High CVE-2025-0445: Use after free in V8. Reported by 303f06e3 on 2025-01-27 40061026 Medium CVE-2025-0451:...

GHSA-F27P-CMV8-XHM6 fetch: Authorization headers not dropped when redirecting cross-origin

Summary When you send a request with the Authorization header to one domain, and the response asks to redirect to a different domain, Deno'sfetch redirect handling creates a follow-up redirect request that keeps the original Authorization header, leaking its content to that second domain. Details...

kernel: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumacltcam: Fix incorrect list API usage The Linux kernel CVE team has assigned CVE-2024-36006 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024052025-CVE-2024-36006-c032@gregkh/T...

CVE-2023-6208

When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard. This bug only affects Firefox on X11. Other systems are unaffected. This vulnerability affects Firefox 120, Firefox ESR 115.5.0, and...

PT-2023-23094 · Palantir · Palantir Tiles1

Name of the Vulnerable Software and Affected Versions: Palantir Tiles1 affected versions not specified Description: The Palantir Tiles1 service was found to be vulnerable to an API-wide issue where the service was not performing authentication/authorization on all the endpoints. Recommendations: ...

PT-2023-16356 · WordPress · Rest Api To Miniprogram

Name of the Vulnerable Software and Affected Versions: REST API TO MiniProgram WordPress plugin versions through 4.6.1 Description: The issue concerns a lack of authorization and CSRF checks in an AJAX action within the REST API TO MiniProgram WordPress plugin. This allows any authenticated users...

CVE-2023-2733 MStore API <= 3.9.0 - Authentication Bypass

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.0. This is due to insufficient verification on the user being supplied during the coupon redemption REST API request through the plugin. This makes it possible for unauthenticated...

PT-2023-10696 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab Community and Enterprise Edition versions 11.1.0 through 11.1.7 GitLab Community and Enterprise Edition versions 11.2.x through 11.2.4 GitLab Community and Enterprise Edition versions 11.3.x through 11.3.1 Description: An issue allows...

CVE-2023-26041

The CVE-2023-26041 issue affects Nextcloud Talk: when cron jobs are misconfigured, expired messages are not actually expired and the API still returns them, with frontend hiding not applied. This results in conversations showing messages that should have expired. Affected product: Nextcloud Talk ...

OESA-2022-1909 sqlite security update

SQLite is a C-language library that implements a small, fast, self-contained,high-reliability, full-featured, SQL database engine. SQLite is the most used database engine in the world. SQLite is built into all mobile phones and most computers and comes bundled inside countless other applications...

SUSE-SU-2021:4190-1 Security update for logstash

This update for logstash fixes the following issues: Fixed vulnerability related to log4j version 1.2.x - CVE-2021-4104: Fixed remote code execution through the JMS API via the ldap JNDI parser bsc1193662...

Design/Logic Flaw

An API issue in Accessibility TCC permissions was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A malicious application may be able to unexpectedly leak a user's credentials from secure text...

Google Chromium Resource Management Error Vulnerability

Google Chrome is a web browser from Google, an American company. A resource management error vulnerability previously existed in Google Chrome version 90.0.4430.212. The vulnerability stems from a use-after-free security issue found in the program's File API component. No details of the...

OpenSSL Code Issue Vulnerability

OpenSSL is an open source capable general-purpose cryptographic library from the Openssl team that implements the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. It supports a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...

CVE-2021-3349

GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution is the bes...

Code injection

An API issue existed in the handling of outgoing phone calls initiated with Siri. This issue was addressed with improved state handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierr...

CVE-2019-8856

An API issue existed in the handling of outgoing phone calls initiated with Siri. This issue was addressed with improved state handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierr...