CLSA-2026-1771332544 grub2: Fix of CVE-2025-0689

CVE-2025-0689: don't load UDF module in the lockdown mode...

CVE-2025-13979

Privilege Defined With Unsafe Actions vulnerability in Drupal Mini site allows Stored XSS.This issue affects Mini site: from 0.0.0 before 3.0.2...

PT-2026-5198

Name of the Vulnerable Software and Affected Versions Drupal Mini site versions prior to 3.0.2 Description A flaw exists in Drupal Mini site that allows for Stored Cross-Site Scripting XSS due to unsafe actions with defined privileges. This allows an attacker to inject malicious scripts into the...

Safeguard: Security Controls at the Software Defined Network Layer

Improvements in software defined networking allow for policy to be informed and modified by data-driven applications that can adjust policy to accommodate fluctuating requirements at line speed. However, there is some concern that over-correction can occur and cause unintended consequences...

ROS-20260120-7311

A vulnerability in the !defined function kernel/sched/core.c of the Linux kernel is related to the execution of a loop with an unreachable exit condition. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Thecus N4800Eco Nas Server Control Panel: Operating System Command Injection Vulnerability

The Thecus N4800Eco Nas Server Control Panel is a NAS control panel developed by Thecus Corporation. The Thecus N4800Eco Nas Server Control Panel has a vulnerability related to operating system command injection. This vulnerability stems from commands executed by user-defined endpoints, which may...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001569)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001569 advisory. A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udffilewriteiter function for the malicious UDF...

PoC_Software-Defined-Perimeter

PoC...

MiracleLinux 3 : kernel-2.6.18-274.5.AXS3 (AXSA:2012-220:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-220:01 advisory. The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic functions of the operating...

HPE EdgeConnect SD-WAN Orchestrator 安全漏洞

HPE EdgeConnect SD-WAN Orchestrator is a centralized SD-WAN management platform from HPE America. It provides complete visibility and control over the WAN. A security vulnerability exists in HPE EdgeConnect SD-WAN Orchestrator that stems from the presence of stored cross-site scripting in the web...

CVE-2023-49620

Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized which almost used in sql task, with unauthorized access vulnerability IDOR, but after version 3.1.0 we fixed this issue. We mark this cve as moderate level because it still requires...

CVE-2024-39361

Mattermost versions 9.8.0, 9.7.x = 9.7.4, 9.6.x = 9.6.2 and 9.5.x = 9.5.5 fail to prevent users from specifying a RemoteId for their posts which allows an attacker to specify both a remoteId and the post ID, resulting in creating a post with a user-defined post ID. This can cause some broken...

CVE-2025-1727

The protocol used for remote linking over RF for End-of-Train and Head-of-Train also known as a FRED relies on a BCH checksum for packet creation. It is possible to create these EoT and HoT packets with a software defined radio and issue brake control commands to the EoT device, disrupting...

Ecessa WANWorx WVR-30 跨站请求伪造漏洞

The Ecessa WANWorx WVR-30 is a software-defined WAN appliance from Ecessa Corporation, USA. A cross-site request forgery vulnerability exists in the Ecessa WANWorx WVR-30 versions prior to 10.7.4, which stems from susceptibility to a cross-site request forgery attack that could lead to the...

DeepGuard: Defending Deep Joint Source-Channel Coding against Eavesdropping at Physical-Layer

Deep joint source-channel coding DeepJSCC has emerged as a promising paradigm for efficient and robust information transmission. However, its intrinsic characteristics also pose new security challenges, notably an increased vulnerability to eavesdropping attacks. Existing studies on defending...

Privilege Escalation

awsadvancedpythonwrapper is vulnerable to Privilege Escalation. The vulnerability is due to improper execution context handling of user-defined functions, which allows an attacker to create crafted functions that execute with elevated privileges and gain unauthorized access...

Advantech WISE-DeviceOn Server Cross-Site Scripting Vulnerability

Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data...

CVE-2025-34257

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/action/defined endpoint. When an authenticated user creates a task, the definedname value is stored and later rendered in the Overview page without HTML sanitization. An...

CVE-2025-34257

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/action/defined endpoint. When an authenticated user creates a task, the definedname value is stored and later rendered in the Overview page without HTML sanitization. An...

CVE-2025-34257

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/action/defined endpoint. When an authenticated user creates a task, the definedname value is stored and later rendered in the Overview page without HTML sanitization. An...