Ubuntu EDK2 安全漏洞

Ubuntu EDK2 is an open source firmware development kit for Ubuntu. A security vulnerability exists in Ubuntu edk2 that stems from the Secure Boot environment that allows access to the UEFI Shell, which could lead to Secure Boot constraints being bypassed...

@appium/base-driver (>=10.0.0 <=10.1.1), @breautek/storm (>=9.0.0 <=9.2.4) +77 more potentially affected by CVE-2025-13466 via body-parser (=2.2.0)

body-parser NPM version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on body-parser and may be impacted: - @appium/base-driver =10.0.0, =9.0.0, =3.8.8, =1.114.0, =11.8.0, =3.4.0, =11.0.19, =0.1.0, =8.13.0, =4.0.1, =1.0.0-beta.2, =0.0.1-beta.0,...

Exploit for Use of Uninitialized Resource in Microsoft

Proof-of-Concept exploit for the Untrusted Pointer Dereferenc...

Exploit for Out-of-bounds Write in Microsoft

Contents General Introduction This was made to clarify gen...

CVE-2025-56400

CVE-2025-56400 describes a CSRF-type flaw in the OAuth flow of the Tuya SDK 6.5.0 for Android/iOS, affecting Tuya Smart and Smartlife apps and third‑party apps that integrate the SDK. The root cause is failure to validate the OAuth state parameter during account linking, allowing an attacker to t...

[SECURITY] Fedora 43 Update: dotnet10.0-10.0.100-1.fc43

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

[SECURITY] Fedora 42 Update: dotnet10.0-10.0.100-1.fc42

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

[SECURITY] Fedora 41 Update: dotnet10.0-10.0.100-1.fc41

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

EUVD-2025-198363

Qlik Sense Enterprise v14.212.13 was discovered to contain an information leak via the /dev-hub/ directory...

EUVD-2025-198372

Improper authorization in Dynamics OmniChannel SDK Storage Containers allows an unauthorized attacker to elevate privileges over a network...

CVE-2025-64655 Dynamics OmniChannel SDK Storage Containers Elevation of Privilege Vulnerability

...

CVE-2025-64757

Astro is a web framework. Prior to version 5.14.3, a vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and allows remote...

Dynamics OmniChannel SDK Storage Containers Elevation of Privilege Vulnerability

Improper authorization in Dynamics OmniChannel SDK Storage Containers allows an unauthorized attacker to elevate privileges over a network...

TencentOS Server 4: pcs (TSSA-2025:0213)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0213 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 4: dpdk (TSSA-2025:0071)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0071 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Qlik Sense Enterprise 安全漏洞

Qlik Sense Enterprise is a data analytics platform from Qlik USA. A security vulnerability exists in Qlik Sense Enterprise version v14.212.13, which originates in the /dev-hub/ directory could lead to information disclosure...

Relative Path Traversal

Overview @astrojs/cloudflare is a Deploy your site to Cloudflare Workers/Pages Affected versions of this package are vulnerable to Relative Path Traversal via the href parameter in the image optimization endpoint during development mode. An attacker can access arbitrary local image files readable...

Relative Path Traversal

Overview @astrojs/node is a Deploy your site to a Node.js server Affected versions of this package are vulnerable to Relative Path Traversal via the href parameter in the image optimization endpoint during development mode. An attacker can access arbitrary local image files readable by the Node.j...

GHSA-X3H8-62X9-952G Astro Development Server has Arbitrary Local File Read

Summary A vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and allows remote attackers to read any image file accessible to t...

Astro Development Server has Arbitrary Local File Read

Summary A vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and allows remote attackers to read any image file accessible to t...