libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may acce...

libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may acce...

Linux Distros Unpatched Vulnerability : CVE-2023-52893

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gsmi: fix null-deref in gsmigetvariable We can get EFI variables without fetching the attribute, so we must allow for that in gsmi. commit 859748255b43 efi:...

Linux Distros Unpatched Vulnerability : CVE-2025-0716

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS allows attackers to bypass common image source...

Linux Distros Unpatched Vulnerability : CVE-2018-13098

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in fs/f2fs/inode.c in the Linux kernel through 4.17.3. A denial of service slab out-of-bounds read and BUG can occur for a modified f2fs...

CVE-2025-54640

ParcelMismatch vulnerability in attribute deserialization. Impact: Successful exploitation of this vulnerability may cause playback control screen display exceptions...

CVE-2025-54640

ParcelMismatch vulnerability in attribute deserialization. Impact: Successful exploitation of this vulnerability may cause playback control screen display exceptions...

CVE-2025-54639

ParcelMismatch vulnerability in attribute deserialization. Impact: Successful exploitation of this vulnerability may cause playback control screen display exceptions...

CVE-2025-54639

ParcelMismatch vulnerability in attribute deserialization. Impact: Successful exploitation of this vulnerability may cause playback control screen display exceptions...

CVE-2025-54640

ParcelMismatch vulnerability in attribute deserialization. Impact: Successful exploitation of this vulnerability may cause playback control screen display exceptions...

CVE-2025-54640

ParcelMismatch vulnerability in attribute deserialization. Impact: Successful exploitation of this vulnerability may cause playback control screen display exceptions...

CVE-2025-54639

CVE-2025-54639 corresponds to a ParcelMismatch vulnerability in attribute deserialization affecting Huawei HarmonyOS. Elevated risk is limited to local exploitation with low privileges and no user interaction required, potentially causing playback control screen display exceptions (availability i...

CVE-2025-54639

ParcelMismatch vulnerability in attribute deserialization. Impact: Successful exploitation of this vulnerability may cause playback control screen display exceptions...

XWiki Platform 安全漏洞

XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform that stems from a database list attribute that could disclose password hashes...

PT-2025-32083 · Parcel · Parcel

Name of the Vulnerable Software and Affected Versions: Parcel affected versions not specified Description: A ParcelMismatch vulnerability exists in attribute deserialization. Successful exploitation of this issue may cause exceptions in the display of the playback control screen. Recommendations:...

CVE-2025-7845

The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanced Google Maps and Image Hotspot widgets in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...

[20250901] - Core - Inadequate content filtering within the checkAttribute filter code

Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components...

SUSE SLES15 Security Update : kubernetes1.28 (SUSE-SU-2025:02350-2)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02350-2 advisory. - CVE-2025-22872: Properly handle trailing solidus in unquoted attribute value in foreign content bsc1241865. Tenable has extracted the...

Metasploit Wrap-Up 08/01/2025

ESC support in Metasploit This week, we're excited to announce that Metasploit users can now detect certificate templates vulnerable to ESC9, ESC10, and ESC16 using the existing ldapescvulnerabletemplate module. In addition, users can now exploit these vulnerable templates with the brand new...

Security update for kubernetes1.28

This update for kubernetes1.28 fixes the following issues: CVE-2025-22872: Properly handle trailing solidus in unquoted attribute value in foreign content bsc1241865. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...