CVE-2025-47784

Emlog is an open source website building system. Versions 2.5.13 and prior have a deserialization vulnerability. A user who creates a carefully crafted nickname can cause strreplace to replace the value of nameorig with empty, causing deserialization to fail and return false. Commit...

CVE-2025-47929

DumbDrop, a file upload application that provides an interface for dragging and dropping files, has a DOM cross-site scripting vulnerability in the upload functionality prior to commit db27b25372eb9071e63583d8faed2111a2b79f1b. A user could be tricked into uploading a file with a malicious payload...

CVE-2025-47784

Emlog is an open source website building system. Versions 2.5.13 and prior have a deserialization vulnerability. A user who creates a carefully crafted nickname can cause strreplace to replace the value of nameorig with empty, causing deserialization to fail and return false. Commit...

UBUNTU-CVE-2025-47928

Spotipy is a Python library for the Spotify Web API. As of commit 4f5759dbfb4506c7b6280572a4db1aabc1ac778d, using pullrequesttarget on .github/workflows/integrationtests.yml followed by the checking out the head.sha of a forked PR can be exploited by attackers, since untrusted code can be execute...

CVE-2025-47929 DumbDrop vulnerable to DOM XSS via file upload

DumbDrop, a file upload application that provides an interface for dragging and dropping files, has a DOM cross-site scripting vulnerability in the upload functionality prior to commit db27b25372eb9071e63583d8faed2111a2b79f1b. A user could be tricked into uploading a file with a malicious payload...

CVE-2025-47929

CVE-2025-47929 : DumbDrop has a DOM-based cross-site scripting vulnerability in the upload functionality present before commit db27b25372eb9071e63583d8faed2111a2b79f1b. A user could be tricked into uploading a file containing a malicious payload, enabling/script injection in the browser context. ...

CVE-2025-47929 DumbDrop vulnerable to DOM XSS via file upload

DumbDrop, a file upload application that provides an interface for dragging and dropping files, has a DOM cross-site scripting vulnerability in the upload functionality prior to commit db27b25372eb9071e63583d8faed2111a2b79f1b. A user could be tricked into uploading a file with a malicious payload...

CVE-2025-47929 DumbDrop vulnerable to DOM XSS via file upload

DumbDrop, a file upload application that provides an interface for dragging and dropping files, has a DOM cross-site scripting vulnerability in the upload functionality prior to commit db27b25372eb9071e63583d8faed2111a2b79f1b. A user could be tricked into uploading a file with a malicious payload...

CVE-2025-47784 Emlog vulnerable to Deserialization of Untrusted Data

Emlog is an open source website building system. Versions 2.5.13 and prior have a deserialization vulnerability. A user who creates a carefully crafted nickname can cause strreplace to replace the value of nameorig with empty, causing deserialization to fail and return false. Commit...

CVE-2025-47784 Emlog vulnerable to Deserialization of Untrusted Data

Emlog is an open source website building system. Versions 2.5.13 and prior have a deserialization vulnerability. A user who creates a carefully crafted nickname can cause strreplace to replace the value of nameorig with empty, causing deserialization to fail and return false. Commit...

CVE-2025-47784

Emlog (open-source website building system) is affected by CVE-2025-47784 in versions 2.5.13 and earlier, due to a deserialization vulnerability. A crafted nickname can trigger str_replace to set name_orig to an empty value, causing deserialization to fail and return false. The issue is mitigated...

CVE-2025-47292 Cap Collectif vulnerable to insecure deserialization leading to remote code execution

Cap Collectif is an online decision making platform that integrates several tools. Before commit 812f2a7d271b76deab1175bdaf2be0b8102dd198, the DebateAlternateArgumentsResolver deserializes a Cursor, allowing any classes and which can be controlled by unauthenticated user. Exploitation of this...

kernel: ext4: fix infinite loop when replaying fast_commit

In the Linux kernel, the following vulnerability has been resolved: ext4: fix infinite loop when replaying fastcommit When doing fastcommit replay an infinite loop may occur due to an uninitialized extentstatus struct. ext4extdetermineinserthole does not detect the replay and calls...

kernel: drm/i915: Fix NULL pointer dereference in capture_engine

In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix NULL pointer dereference in captureengine When the intelcontext structure contains NULL, it raises a NULL pointer dereference error in drminfo. cherry picked from commit 754302a5bc1bd8fd3b7d85c168b0a1af6d4bba4d...

kernel: ext4: fix access to uninitialised lock in fc replay path

In the Linux kernel, the following vulnerability has been resolved: ext4: fix access to uninitialised lock in fc replay path The following kernel trace can be triggered with fstest generic/629 when executed against a filesystem with fast-commit feature enabled: INFO: trying to register non-static...

Pagure 安全漏洞

Pagure is a Pagure open source Git repository written in Python that provides web services. A security vulnerability exists in the Pagure server that originates from a malicious user committing a specially crafted git repository, which could lead to the disclosure of sensitive information on the...

CVE-2025-46833 Programs/P73_SimplePythonEncryption.py has weak cryptographic key

Programs/P73SimplePythonEncryption.py illustrates a simple Python encryption example using the RSA Algorithm. In versions prior to commit 6ce60b1, an attacker may be able to decrypt the data using brute force attacks and because of this the whole application can be impacted. This issue has been...

CVE-2025-37814

CVE-2025-37814 : In the Linux kernel, the TIOCL_SELMOUSEREPORT ioctl now requires CAP_SYS_ADMIN for all usages. A prior patch loosened this for some modes, but it introduced inconsistent logic and a potential local risk: enabling mouse reports could allow injection-like input into terminal-report...

SUSE CVE-2022-49920

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: netlink notifier might race to release objects commit release path is invoked via callrcu and it runs lockless to release the objects after rcu grace period. The netlink notifier handler might win race to...

OPENSUSE-SU-2025:15060-1 kanidm-1.6.0~git0.d7ae0f336-1.1 on GA media

These are all security issues fixed in the kanidm-1.6.0git0.d7ae0f336-1.1 package on the GA media of openSUSE Tumbleweed...