CVE-2011-3796

PrestaShop 1.4.0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by product-sort.php and certain other files...

CVE-2019-1010290

Babel: Multilingual site Babel All is affected by: Open Redirection. The impact is: Redirection to any URL, which is supplied to redirect.php in a "newurl" parameter. The component is: redirect.php. The attack vector is: The victim must open a link created by an attacker. Attacker may use any...

CVE-2014-2313

Directory traversal vulnerability in the Importers plugin in Atlassian JIRA before 6.0.5 allows remote attackers to create arbitrary files via unspecified vectors...

CVE-1999-0146

The campas CGI program provided with some NCSA web servers allows an attacker to execute arbitrary commands via encoded carriage return characters in the query string, as demonstrated by reading the password file...

kernel: vsock: Keep the binding until socket destruction

A flaw was found in the Linux kernel's virtual socket protocol network driver, where an improperly timed socket unbinding could result in a use-after-free issue. This flaw allows an attacker who can create and destroy arbitrary connections on virtual connections to read or modify system memory,...

SAP NetWeaver Visual Composer Metadata Uploader Deserialization Vulnerability

SAP NetWeaver Visual Composer Metadata Uploader is a component in SAP NetWeaver for uploading metadata. A deserialization vulnerability exists in SAP NetWeaver Visual Composer Metadata Uploader that originates from deserializing malicious content, which can be exploited by an attacker to cause a...

CVE-2024-8245

The GamiPress WordPress plugin before 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2024-8094

The CVE-2024-8094 entry identifies a CSRF flaw in the Ntz Antispam WordPress plugin (versions up to 2.0e) where the settings update flow lacks CSRF protection. Root cause: missing CSRF check when updating plugin settings. Impact: a CSRF attack could cause a logged-in admin to change settings. Pub...

CVE-2025-47789 Horilla Open Redirect Vulnerability in Login

Horilla is a free and open source Human Resource Management System HRMS. In versions up to and including 1.3, an attacker can craft a Horilla URL that refers to an external domain. Upon clicking and logging in, the user is redirected to an external domain. This allows the redirection to any...

CVE-2025-29689

CVE-2025-29689 describes an XSS in OA System prior to 2025.01.01. The vulnerability stems from improper input handling of the password parameter in the endpoint “/mail/MailController.java”, allowing execution of arbitrary web scripts/HTML. A fix is available: upgrade OA System to 2025.01.01 or la...

CVE-2025-30011 Multiple vulnerabilities in SAP Supplier Relationship Management (Live Auction Cockpit)

The Live Auction Cockpit in SAP Supplier Relationship Management SRM uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to send an malicious request to the application, which could disclose the internal version details of the affected...

Intel Processors 安全漏洞

Intel Processors is a family of processors produced by Intel Corporation, covering a wide range of laptop, desktop, workstation, and server applications, providing basic to professional-level performance support. A denial of service vulnerability exists in Intel Processors that stems from an...

U.S. Dept Of Defense: Cross-Site Scripting via 'description_extra' parameter

A Cross-Site Scripting XSS vulnerability was discovered in the 'descriptionextra' parameter of the application. The vulnerability allowed an attacker to inject malicious scripts that could be executed, potentially leading to unintended consequences. The vulnerability was reported and the necessar...

Breaking the Sound Barrier Part I: Fuzzing CoreAudio with Mach Messages

Guest post by Dillon Franke, Senior Security Engineer, 20% time on Project Zero Every second, highly-privileged MacOS system daemons accept and process hundreds of IPC messages. In some cases, these message handlers accept data from sandboxed or unprivileged processes. In this blog post, I’ll...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when using either the Elastic service or the extender plugin. An attacker can cause the scheduler to crash or become completely unavailable to the cluster. This is only exploitable if...

glibc: buffer overflow in the GNU C Library's assert()

A flaw was found in the GNU C Library glibc. A buffer overflow condition via the assert function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading t...

CVE-2025-41395 Webapp DoS via malicious retrospective post in Playbooks

Mattermost versions 10.4.x = 10.4.2, 10.5.x = 10.5.0, 9.11.x = 9.11.10 fail to properly validate the props used by the RetrospectivePost custom post type in the Playbooks plugin, which allows an attacker to create a specially crafted post with maliciously crafted props and cause a denial of servi...

PT-2025-18684 · Unknown +1 · Llama Factory +1

Name of the Vulnerable Software and Affected Versions: LLaMA-Factory version prior to 1.0.0 Description: LLaMA Factory enables fine-tuning of large language models. A critical issue exists in the llamafy baichuan2.py script, which performs insecure deserialization using torch.load on user-supplie...

CVE-2025-3840 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

An improper neutralization of input vulnerability was identified in the End of Life EOL OVA based connect installer component which is deployed for installation purposes in a customer network. This EOL component was deprecated in September 2023 with end of support extended till January 2024. An...

CVE-2025-26153

A Stored XSS vulnerability exists in the message compose feature of Chamilo LMS 1.11.28. Attackers can inject malicious scripts into messages, which execute when victims, such as administrators, reply to the message...