rsdirectory

Extension: RSDirectory! Version: Old 2.2.7 / New 2.2.8 Update details: Versions affected 1.0.0 through 2.2.7 Stored XSS allows remote authenticated attackers to inject arbitrary web script or HTML via the review reply component. Fixed in 2.2.8 Update URL:...

Cross-site Scripting (XSS)

Overview cadwyn is a Production-ready community-driven modern Stripe-like API versioning in FastAPI Affected versions of this package are vulnerable to Cross-site Scripting XSS via the version parameter of the /docs endpoint. An attacker can execute arbitrary JavaScript code in a user's browser b...

GHSA-2GXP-6R36-M97R Cadwyn vulnerable to XSS on the docs page

Summary The version parameter of the /docs endpoint is vulnerable to a Reflected XSS Cross-Site Scripting attack. PoC 1. Setup a minimal app following the quickstart guide: https://docs.cadwyn.dev/quickstart/setup/ 2. Click on the following PoC link:...

Cadwyn vulnerable to XSS on the docs page

Summary The version parameter of the /docs endpoint is vulnerable to a Reflected XSS Cross-Site Scripting attack. PoC 1. Setup a minimal app following the quickstart guide: https://docs.cadwyn.dev/quickstart/setup/ 2. Click on the following PoC link:...

CVE-2025-47917

Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation. The function mbedtlsx509stringtonames takes a head argument that is documented as an output argument. The documentation does not suggest that the function...

CVE-2025-47917

Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation. The function mbedtlsx509stringtonames takes a head argument that is documented as an output argument. The documentation does not suggest that the function...

CVE-2025-38349 eventpoll: don't decrement ep refcount while still holding the ep mutex

In the Linux kernel, the following vulnerability has been resolved: eventpoll: don't decrement ep refcount while still holding the ep mutex Jann Horn points out that epoll is decrementing the ep refcount and then doing a mutexunlock&ep-mtx; afterwards. That's very wrong, because it can lead to a...

mcp-package-docs 命令注入漏洞

mcp-package-docs is an MCP server for Sam Individual Developers that provides LLM with efficient access to package documentation across multiple programming languages. A command injection vulnerability exists in mcp-package-docs that stems from not cleaning up input parameters, which could lead t...

Expanding ML-Documentation Standards for Better Security

This article presents the current state of ML-security and of the documentation of ML-based systems, models and datasets in research and practice based on an extensive review of the existing literature. It shows a generally low awareness of security aspects among ML-practitioners and organization...

GHSA-8MX3-GP3P-VGG7

creationtimestamp| type| source ---|---|--- 2025-07-16 05:00:07+00:00| seen| https://gist.github.com/safer-bot/3dcff2aa616dcde9ac2ac8aefaa3438b 2025-07-16 16:06:16+00:00| seen| https://gist.github.com/safer-bot/315612cf6371bc59c08bf1d8656dc747...

Adobe Framemaker Integer Overflow Vulnerability

Adobe FrameMaker is a powerful tool for creating complex technical documentation and publishing it to a variety of delivery channels. An integer underflow vulnerability exists in Adobe Framemaker versions 2020.8, 2022.6 and earlier. An attacker can exploit this vulnerability to execute arbitrary...

Adobe Framemaker Stack Buffer Overflow Vulnerability

Adobe FrameMaker is a powerful tool for creating complex technical documentation and publishing it to a variety of delivery channels. A stack buffer overflow vulnerability exists in Adobe Framemaker 2020.8, 2022.6 and earlier versions. An attacker could exploit this vulnerability to cause a...

CVE-2025-50091

...

CVE-2025-50090

Oracle E-Business Suite - Oracle Applications Framework Personalization vulnerability (CVE-2025-50090) affects 12.2.3–12.2.14. A low-privileged, network-access attacker can exploit via HTTP with user interaction to cause unauthorized data modification, insertion, deletion, or read access. Root ca...

CVE-2025-50082

...

CVE-2025-50065

...

Improper Neutralization of Special Elements Used in a Template Engine

Overview binarytorch/larecipe is a Generate gorgeous recipes for your Laravel applications using MarkDown Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the replaceLinks function in Models/Documentation.php. An attacke...

CVE-2025-38267

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not trigger WARNON due to a commitoverrun When reading a memory mapped buffer the reader page is just swapped out with the last page written in the write buffer. If the reader page is the same as the commit buffer...

CVE-2016-9844

creationtimestamp| type| source ---|---|--- 2025-07-08 07:10:42+00:00| seen| https://infosec.exchange/users/certvde/statuses/114816361290443115...

CVE-2025-53611

creationtimestamp| type| source ---|---|--- 2025-07-08 06:52:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ltgpobwi322t...