OpenPLC Runtime version 3 安全漏洞

OpenPLC Runtime version 3 is a programmable logic controller developed by Thiago Alves. There is a security vulnerability in OpenPLC Runtime version 3, which stems from the use of unsafe default values during resource initialization. This vulnerability could allow attackers to access the system...

CVE-2026-33310

Intake is a package for finding, investigating, loading and disseminating data. Prior to version 2.0.9, the shell syntax within parameter default values appears to be automatically expanded during the catalog parsing process. If a catalog contains a parameter default such as shell, the command ma...

UBUNTU-CVE-2026-23235

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix out-of-bounds access in sysfs attribute read/write Some f2fs sysfs attributes suffer from out-of-bounds memory access and incorrect handling of integer values whose size is not 4 bytes. For example: vm: echo 65537...

PT-2026-22921

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The f2fs file system in the Linux kernel contains a flaw related to out-of-bounds memory access and incorrect handling of integer values when reading and writing sysfs attributes...

Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2026-50113)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50113 advisory. - sunrpc: fix client side handling of tls alerts Olga Kornievskaia Orabug: 38334981 CVE-2025-38571 - sunrpc: fix handling of server side tls alert...

TYPO3 CMS Allows Broken Access Control in Edit Document Controller

Problem By exploiting the defVals parameter, attackers could bypass field‑level access checks during record creation in the TYPO3 backend. This gave them the ability to insert arbitrary data into prohibited exclude fields of a database table for which the user already has write permission for a...

CVE-2025-59020

By exploiting the defVals parameter, attackers could bypass field‑level access checks during record creation in the TYPO3 backend. This gave them the ability to insert arbitrary data into prohibited exclude fields of a database table for which the user already has write permission for a reduced s...

PT-2025-51622

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the mlx5 driver related to the creation of completion queues CQs. Currently, CQs without a completion function are assigned the mlx5 add cq to tasklet...

EUVD-2025-124962

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcrrt5651: Fix invalid quirk input mapping When an invalid value is passed via quirk option, currently bytcrrt5640 driver just ignores and leaves as is, which may lead to unepxected results like OOB access. This...

CVE-2025-40121 ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcrrt5651: Fix invalid quirk input mapping When an invalid value is passed via quirk option, currently bytcrrt5640 driver just ignores and leaves as is, which may lead to unepxected results like OOB access. This...

MediaTek Chipsets 安全漏洞

MediaTek Chipsets is a series of chips from China's MediaTek Corporation MediaTek. A security vulnerability exists in MediaTek Chipsets that stems from an insecure default value that could lead to local elevation of privilege...

CVE-2025-34306

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the pienumber parameter when updating the default firewall IP search values. When a user updates these defaults,...

EUVD-2024-52809

Malicious code in bioql PyPI...

CVE-2025-49581

XWiki is a generic wiki platform. Any user with edit right on a page could be the user's profile can execute code Groovy, Python, Velocity with programming right by defining a wiki macro. This allows full access to the whole XWiki installation. The main problem is that if a wiki macro parameter...

CVE-2025-49581 XWiki allows remote code execution through default value of wiki macro wiki-type parameters

XWiki is a generic wiki platform. Any user with edit right on a page could be the user's profile can execute code Groovy, Python, Velocity with programming right by defining a wiki macro. This allows full access to the whole XWiki installation. The main problem is that if a wiki macro parameter...

CVE-2022-48110

CKSource CKEditor 5 35.4.0 was discovered to contain a cross-site scripting XSS vulnerability via the Full Featured CKEditor5 widget. NOTE: the vendor's position is that this is not a vulnerability. The CKEditor 5 documentation discusses that it is the responsibility of an integrator who is addin...

Dell Common Event Enabler 安全漏洞

Dell Common Event Enabler is a framework from Dell USA. An unauthorized access vulnerability exists in Dell Common Event Enabler, which arises from the use of insecure default values when initializing resources, and can be exploited by an attacker to cause unauthorized access...

CVE-2024-55560

MailCleaner before 28d913e has default values of sshhostdsakey, sshhostrsakey, and sshhosted25519key that persist after installation...

GHSA-V7GV-XPGF-6395 Keycloak Build Process Exposes Sensitive Data

A flaw was found in Keycloak. This issue occurs because sensitive runtime values, such as passwords, may be captured during the Keycloak build process and embedded as default values in bytecode, leading to unintended information disclosure. In Keycloak 26, sensitive data specified directly in...

Duplicate Advisory: Keycloak Build Process Exposes Sensitive Data

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-v7gv-xpgf-6395. This link is maintained to preserve external references. Original Description A flaw was found in Keycloak. This issue occurs because sensitive runtime values, such as passwords, may be captured...