NiceGUI has a Reflected XSS

Summary A Cross-Site Scripting XSS risk exists in NiceGUI when developers render unescaped user input into the DOM using ui.html. Before version 3.0, NiceGUI does not enforce HTML or JavaScript sanitization, so applications that directly combine components like ui.input with ui.html without...

HCL MyXalytics 安全漏洞

HCL MyXalytics is an analytics software product from HCL India. It is used to perform data analysis and other related tasks. A security vulnerability exists in HCL MyXalytics version 6.6, which stems from a lack of proper validation and access control when automatically binding user inputs to...

PT-2025-40597

Name of the Vulnerable Software and Affected Versions OpenSupports versions 4.11.0 Description The application’s API endpoint, /api/staff/get-new-tickets, directly incorporates the user-supplied parameter departmentId into a SQL query without proper sanitization. This allows an authenticated staf...

[SECURITY] Fedora 41 Update: python-nh3-0.2.15-7.fc41

Python binding to Ammonia HTML sanitizer Rust crate...

[SECURITY] Fedora 42 Update: python-nh3-0.2.21-2.fc42

Python binding to Ammonia HTML sanitizer Rust crate...

UBUNTU-CVE-2025-39925

In the Linux kernel, the following vulnerability has been resolved: can: j1939: implement NETDEVUNREGISTER notification handler syzbot is reporting unregisternetdevice: waiting for vcan0 to become free. Usage count = 2 problem, for j1939 protocol did not have NETDEVUNREGISTER notification handler...

CVE-2025-56676

TitanSystems Zender v3.9.7 contains an account takeover vulnerability in its password reset functionality. A temporary password or reset token issued to one user can be used to log in as another user, due to improper validation of token-user linkage. This allows remote attackers to gain...

[SECURITY] Fedora 43 Update: python-nh3-0.2.21-8.fc43

Python binding to Ammonia HTML sanitizer Rust crate...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an underexploited delayed binding job that could result in a null pointer dereference...

CVE-2025-56676

TitanSystems Zender v3.9.7 contains an account takeover vulnerability in its password reset functionality. A temporary password or reset token issued to one user can be used to log in as another user, due to improper validation of token-user linkage. This allows remote attackers to gain...

CVE-2025-56676

TitanSystems Zender v3.9.7 contains an account takeover vulnerability in its password reset functionality. A temporary password or reset token issued to one user can be used to log in as another user, due to improper validation of token-user linkage. This allows remote attackers to gain...

PT-2025-40002

Name of the Vulnerable Software and Affected Versions TitanSystems Zender version 3.9.7 Description TitanSystems Zender version 3.9.7 has an account takeover issue in its password reset feature. A temporary password or reset token for one user can be used to log in as another user because of...

CVE-2025-56676

TitanSystems Zender v3.9.7 contains an account takeover vulnerability in its password reset feature. The reset token is not correctly bound to the requesting account and may be accepted for other user emails during login, allowing an attacker to log in as any user and potentially escalate privile...

CVE-2025-10725

A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, for example as a data scientist using a standard Jupyter notebook, can escalate their privileges to a full cluster administrator. This allows for the complete compromise of the...

LibreChat 安全漏洞

LibreChat is an enhanced ChatGPT clone by Danny Avila Personal Developer. A security vulnerability exists in LibreChat that stems from a lack of proper filtering when automatically binding user-supplied data to internal object properties or database fields, which could lead to manipulation and...

PT-2025-39846

Name of the Vulnerable Software and Affected Versions librechat affected versions not specified Description A mass assignment issue exists that allows manipulation of sensitive fields. Attackers can exploit this by automatically binding user-provided data to internal object properties or database...

SUSE-SU-2025:03406-1 Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506002322 fixes several issues. The following security issues were fixed: - CVE-2024-49860: ACPI: sysfs: validate return type of STR method bsc1231862. - CVE-2025-38177: schhfsc: make hfscqlennotify idempotent bsc1246356. - CVE-2025-38109: net/mlx5: fix ECV...

SUSE-SU-2025:03397-1 Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-15050055103 fixes several issues. The following security issues were fixed: - CVE-2025-38177: schhfsc: make hfscqlennotify idempotent bsc1246356. - CVE-2025-38181: calipso: Fix null-ptr-deref in calipsoreqset,delattr bsc1246001. - CVE-2025-38498:...

SUSE-SU-2025:03393-1 Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005580 fixes several issues. The following security issues were fixed: - CVE-2024-49860: ACPI: sysfs: validate return type of STR method bsc1231862. - CVE-2025-38177: schhfsc: make hfscqlennotify idempotent bsc1246356. - CVE-2025-38181: calipso: Fix...

SUSE SLES15 Security Update : kernel (Live Patch 34 for SLE 15 SP4) (SUSE-SU-2025:03381-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03381-1 advisory. This update for the Linux Kernel 5.14.21-15040024144 fixes several issues. The following security issues were fixed: - CVE-2025-38177: schhfsc...