Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unvalidated nlattr length that could lead to an out-of-bounds read...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a missing nlapolicy description for the IFLAMACVLANBCCUTOFF attribute, which could lead to a heap...

Cross-site Scripting (XSS)

Overview joomla/filter is a Joomla Filter Package Affected versions of this package are vulnerable to Cross-site Scripting XSS via the checkAttribute method. An attacker can execute arbitrary scripts in the context of the affected application by submitting specially crafted input that bypasses...

Security Bulletin: Axios before 1.7.8 uses setAttribute('href') in isURLSameOrigin.js, raising potential security concern

Summary In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute'href',href call. NOTE: some parties feel that the code change only addresses a warning message from a SAST tool and does not fix a...

CVE-2025-59842

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to version 4.4.8, links generated with LaTeX typesetters in Markdown files and Markdown cells in JupyterLab and Jupyter Notebook did not include the noopener...

CVE-2025-59842

CVE-2025-59842 affects jupyterlab; prior to 4.4.8, links generated from LaTeX renderers in Markdown cells could lack noopener, enabling potential reverse-tabnabbing with target=_blank. The issue was patched in jupyterlab 4.4.8. Fedora and other advisories indicate the fixes are provided in jupyte...

Observable Discrepancy

Overview Affected versions of this package are vulnerable to Observable Discrepancy in the authentication process, when Multi-Attribute Login is enabled. An attacker can determine the existence of valid usernames by observing distinct error messages returned by the system in response to login...

GHSA-W82P-R9VW-4RG5 WSO2's Input Validation Management Service contains Observable Discrepancy when Multi-Attribute Login is enabled

A username enumeration vulnerability exists in multiple WSO2 products when Multi-Attribute Login is enabled. In this configuration, the system returns a distinct "User does not exist" error message to the login form, regardless of the validateusername setting. This behavior allows malicious actor...

WSO2's Input Validation Management Service contains Observable Discrepancy when Multi-Attribute Login is enabled

A username enumeration vulnerability exists in multiple WSO2 products when Multi-Attribute Login is enabled. In this configuration, the system returns a distinct "User does not exist" error message to the login form, regardless of the validateusername setting. This behavior allows malicious actor...

CVE-2025-1396

A username enumeration vulnerability exists in multiple WSO2 products when Multi-Attribute Login is enabled. In this configuration, the system returns a distinct "User does not exist" error message to the login form, regardless of the validateusername setting. This behavior allows malicious actor...

CVE-2025-1396

A username enumeration vulnerability exists in multiple WSO2 products when Multi-Attribute Login is enabled. In this configuration, the system returns a distinct "User does not exist" error message to the login form, regardless of the validateusername setting. This behavior allows malicious actor...

CVE-2025-1396

WSO2 username enumeration vulnerability (CVE-2025-1396) occurs when Multi-Attribute Login is enabled across multiple WSO2 products. The login flow returns a distinct error message for non-existing usernames, enabling observers to determine valid user IDs. Impact includes potential for targeted br...

CVE-2025-1396 Username Enumeration in Multiple WSO2 Products with Multi-Attribute Login Enabled

A username enumeration vulnerability exists in multiple WSO2 products when Multi-Attribute Login is enabled. In this configuration, the system returns a distinct "User does not exist" error message to the login form, regardless of the validateusername setting. This behavior allows malicious actor...

CVE-2025-1396 Username Enumeration in Multiple WSO2 Products with Multi-Attribute Login Enabled

A username enumeration vulnerability exists in multiple WSO2 products when Multi-Attribute Login is enabled. In this configuration, the system returns a distinct "User does not exist" error message to the login form, regardless of the validateusername setting. This behavior allows malicious actor...

PT-2025-39521

Name of the Vulnerable Software and Affected Versions WSO2 products affected versions not specified Description A username enumeration issue exists when Multi-Attribute Login is enabled. The system provides a different response for existing and non-existing usernames, regardless of the validate...

JupyterLab 安全漏洞

JupyterLab is a JupyterLab open source extensible environment for interactive and repeatable computation, based on the Jupyter Notebook and architecture. A security vulnerability exists in JupyterLab versions prior to 4.4.8, which stems from a missing noopener attribute on links generated by LaTe...

WSO2 Identity Server 安全漏洞

WSO2 Identity Server IS is an identity server from WSO2, Inc. A security vulnerability exists in WSO2 Identity Server that originates from the return of a specific error message when Multi-Attribute Login is enabled, which could lead to a username enumeration attack...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the data-iframeconfig attribute. An attacker can execute arbitrary JavaScript in the context of the affected site by injecting malicious attributes such as onload or onmouseenter through wikitext. Details...

CVE-2025-57352

A vulnerability exists in the 'min-document' package prior to version 2.19.0, stemming from improper handling of namespace operations in the removeAttributeNS method. By processing malicious input involving the proto property, an attacker can manipulate the prototype chain of JavaScript objects,...

CVE-2025-57352

A vulnerability exists in the 'min-document' package prior to version 2.19.0, stemming from improper handling of namespace operations in the removeAttributeNS method. By processing malicious input involving the proto property, an attacker can manipulate the prototype chain of JavaScript objects,...