37007 matches found
CVE-2025-46558
The CVE-2025-46558 issue affects XWiki Contrib's Syntax Markdown (org.xwiki.contrib.markdown:syntax-markdown-commonmark12). A cross-site scripting (XSS) vulnerability exists in Markdown syntax versions 8.2 through before 8.9 via HTML, allowing any user to embed JavaScript that executes in other u...
CVE-2025-32974 org.xwiki.platform:xwiki-platform-security-requiredrights-default required rights analysis doesn't consider TextAreas with default content type
XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.8 and from 16.0.0-rc-1 to before 16.2.0, the required rights analysis doesn't consider TextAreas with default content type. When editing a page, XWiki warns since version 15.9 when there is content on the page...
CVE-2025-32974 org.xwiki.platform:xwiki-platform-security-requiredrights-default required rights analysis doesn't consider TextAreas with default content type
XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.8 and from 16.0.0-rc-1 to before 16.2.0, the required rights analysis doesn't consider TextAreas with default content type. When editing a page, XWiki warns since version 15.9 when there is content on the page...
CVE-2025-32470
A remote unauthenticated attacker may be able to change the IP adress of the device, and therefore affecting the availability of the device...
The vulnerability of the sub_49E098 function in Tenda AC8 microprogrammed router software allows a attacker to influence the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the sub49E098 function in Tenda AC8 software lies in buffer overflows during the processing of the list parameter. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
K000151082: PostgreSQL vulnerability CVE-2021-32027
Security Advisory Description A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory...
CVE-2025-3891
A flaw was found in the modauthopenidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability...
CVE-2025-3891 Mod_auth_openidc: dos via empty post in mod_auth_openidc with oidcpreservepost enabled
A flaw was found in the modauthopenidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability...
CVE-2025-3891
A flaw was found in the modauthopenidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability...
CVE-2025-3891
A flaw was found in the modauthopenidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability...
CVE-2025-22235
A flaw was found in the Spring Boot configuration. This vulnerability allows unauthorised access to the /null/ path via misconfigured security matchers when referencing disabled or non-exposed Spring Boot actuator endpoints. Mitigation Mitigation for this issue is either not available or the...
Security Bulletin: IBM Common Cryptographic Architecture (CCA) is vulnerable to denial of service (CVE-2022-22423)
Summary Insufficient input validation in IBM Common Cryptographic Architecture CCA may affect Hardware Security Module HSM availability. An affected IBM 4767 or IBM 4769 HSM may be forced into a check-stop condition by specially-crafted requests from HSM users. Recovery from a check-stop conditio...
Important: runc
Issue Overview: A flaw was found in runc. An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization, by adding a symlink to the rootfs that points to a directory on the volume. The highest threat from this...
Amazon Linux 2 : runc (ALASECS-2025-062)
The version of runc installed on the remote host is prior to 1.0.0-0.3.20210225.git12644e6. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-062 advisory. The runc package is vulnerable to a symlink exchange attack whereby an attacker can request a seemingly...
Amazon Linux 2 : runc (ALASECS-2025-064)
The version of runc installed on the remote host is prior to 1.0.0-0.1.20200204.gitdc9208a. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-064 advisory. A flaw was found in runc. An attacker who controls the container image for two containers that share a volume...
F5 Networks BIG-IP : PostgreSQL vulnerability (K000151082)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K000151082 advisory. A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While...
SUSE CVE-2025-43864
React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the...
Vulnerabilities in SICK Flexi Compact
SICK has found two vulnerabilities that affect the SICK Flexi Compact. The vulnerabilities may affect the availability and confidentiality of the products. SICK is currently not aware of any public exploits...
CVE-2025-32470
A remote unauthenticated attacker may be able to change the IP adress of the device, and therefore affecting the availability of the device...
CVE-2025-32470
CVE-2025-32470 describes a remote unauthenticated capability to change the IP address of a device, potentially impacting availability. Connected sources associate this CVE with SICK Flexi Compact products (e.g., FLX0-GPNT100, FLX3-CPUC200) and similar vendor advisories. The available material con...