CI4MS Vulnerable to Post-Installation Re-entry via Cache-Dependent Install Guard Bypass

Summary The install route guard in ci4ms relies solely on a volatile cache check cache'settings' combined with .env file existence to block post-installation access to the setup wizard. When the database is temporarily unreachable during a cache miss TTL expiry or admin-triggered cache clear, the...

CVE-2025-61634 HTML rest endpoint needs PoolCounter and proper parser cache check

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Rest/Handler/PageHTMLHandler.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4, 1.44.1...

CVE-2025-61634

CVE-2025-61634 affects Wikimedia Foundation MediaWiki, involving the includes/Rest/Handler/PageHTMLHandler.Php file. Red Hat notes a remote-exploit possibility that requires user interaction and does not grant privileges, with no explicit confidentiality/integrity/availability guarantee beyond wh...

Linux Distros Unpatched Vulnerability : CVE-2023-53763

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Revert f2fs: fix to do sanity check on extent cache correctly syzbot reports a f2fs bug as below: UBSAN: array-index-out-of-bounds in fs/f2fs/f2fs.h:3275:19 ind...

SUSE CVE-2025-2926

A vulnerability was found in HDF5 up to 1.14.6 and classified as problematic. This issue affects the function H5Ocachechkserialize of the file src/H5Ocache.c. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public a...

Insufficient Session Expiration because of lacking of cache check

Description The web application's session management system suffers from an "Insufficient Session Expiration" vulnerability due to the lack of proper cache check. This vulnerability allows a user's session to remain valid even after the user has logged out, potentially granting unauthorized acces...

WordPress plugin RapidLoad Power-Up for Autoptimize 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

USN-5423-1: ClamAV vulnerabilities

Michał Dardas discovered that ClamAV incorrectly handled parsing CHM files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. CVE-2022-20770 Michał Dardas discovered that ClamAV incorrectly handled parsing TIFF files. A remote...

GHSA-QVP4-RPMR-XWRR Possible bypass of token claim validation when OAuth2 Introspection caching is enabled

Impact When you make a request to an endpoint that requires the scope foo using an access token granted with that foo scope, introspection will be valid and that token will be cached. The problem comes when a second requests to an endpoint that requires the scope bar is made before the cache has...