TrustyAI Explainability 操作系统命令注入漏洞

TrustyAI Explainability is an open source TrustyAI toolkit from TrustyAI. TrustyAI Explainability suffers from an operating system command injection vulnerability that stems from command injection and could result in an authenticated user executing arbitrary commands...

PT-2025-35954

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the mm/ptdump component where the code can race with concurrent modifications of kernel page tables. Specifically, when intermediate levels of kernel...

CVE-2025-33117

IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 could allow a privileged user to modify configuration files that would allow the upload of a malicious autoupdate file to execute arbitrary commands...

SUSE CVE-2022-50224

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Treat NX as a valid SPTE bit for NPT Treat the NX bit as valid when using NPT, as KVM will set the NX bit when the NX huge page mitigation is enabled mindblowing and trigger the WARN that fires on reserved SPTE bits...

SUSE CVE-2022-50230

In the Linux kernel, the following vulnerability has been resolved: arm64: set UXN on swapper page tables This issue was fixed upstream by accident in c3cee924bd85 "arm64: head: cover entire kernel image in initial ID map" as part of a large refactoring of the arm64 boot flow. This simple fix is...

CVE-2025-36049 IBM webMethods Integration Sever XML external entity injection

IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands...

DEBIAN-CVE-2022-50230

In the Linux kernel, the following vulnerability has been resolved: arm64: set UXN on swapper page tables This issue was fixed upstream by accident in c3cee924bd85 "arm64: head: cover entire kernel image in initial ID map" as part of a large refactoring of the arm64 boot flow. This simple fix is...

DEBIAN-CVE-2022-50224

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Treat NX as a valid SPTE bit for NPT Treat the NX bit as valid when using NPT, as KVM will set the NX bit when the NX huge page mitigation is enabled mindblowing and trigger the WARN that fires on reserved SPTE bits...

UBUNTU-CVE-2022-50224

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Treat NX as a valid SPTE bit for NPT Treat the NX bit as valid when using NPT, as KVM will set the NX bit when the NX huge page mitigation is enabled mindblowing and trigger the WARN that fires on reserved SPTE bits...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from arm64 not setting the UXN in the swapper page table, which could result in access being denied...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the KVM x86 mmu not treating NX as an NPT valid bit, which could result in a reserved bit set warning...

Veeam Backup & Replication 安全漏洞

Veeam Backup & Replication is a backup and replication software from Veeam USA. A security vulnerability exists in Veeam Backup & Replication version 12.3.1.1139 and earlier, which originates from a backup job that can be modified by a user in the Backup Operator role, which could lead to the...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from arm64 not setting the UXN in the swapper page table, which could result in access being denied...

Malicious code in vscode-azurecontainerapps (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e5ad54ec265645c2e7358384082a1b1f2385a1caa652b65c359b13681a211b30 Any computer that has this package installed or running should be considered...

Google Chrome Resource Management Error Vulnerability

Google Chrome is a popular web browser. Google Chrome suffers from a resource management error vulnerability, which stems from a post-release reuse of a media component, that can be exploited by an attacker to cause an application to crash or execute arbitrary code in the context of the applicati...

CVE-2025-3594

Path traversal vulnerability with the downloading and installation of Xuggler in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 34, and older unsupported versions allows remote attackers to 1 add files to arbitrary locations on the server and 2 download and...

CVE-2025-40727 Reflected Cross-Site Scripting (XSS) in Phoenix CMS

A Reflected Cross Site Scripting XSS vulnerability was found in '/search' in Phoenix Site CMS from Phoenix, which allows remote attackers to execute arbitrary code via 's' GET parameter...

Malicious code in zxdb (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4b6e6fbdc6289a7a4946e72303aaeb98c9b837470df312ade4e634a7fa81fa52 Any computer that has this package installed or running should be considered...

CVE-2025-49468

A SQL injection vulnerability in No Boss Calendar component before 5.0.7 for Joomla was discovered. The vulnerability allows remote authenticated users to execute arbitrary SQL commands via the idmodule parameter...

CVE-2025-47959

Improper neutralization of special elements used in a command 'command injection' in Visual Studio allows an authorized attacker to execute code over a network...