Revive Adserver: Reflected XSS in banner-acl.php and channel-acl.php via executionorder

Vulnerability description not provided...

ShuffleV: A Microarchitectural Defense Strategy against Electromagnetic Side-Channel Attacks in Microprocessors

The run-time electromagnetic EM emanation of microprocessors presents a side-channel that leaks the confidentiality of the applications running on them. Many recent works have demonstrated successful attacks leveraging such side-channels to extract the confidentiality of diverse applications, suc...

EUVD-2022-3338

Malicious code in bioql PyPI...

EUVD-2025-25895

Malicious code in bioql PyPI...

CVE-2025-53105

GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 10.0.0 to before 10.0.19, a connected user without administration rights can change th...

UBUNTU-CVE-2025-53105

GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 10.0.0 to before 10.0.19, a connected user without administration rights can change th...

CVE-2025-53105 GLPI permits unauthorized rules execution order

GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 10.0.0 to before 10.0.19, a connected user without administration rights can change th...

GLPI 安全漏洞

GLPI is an open source IT and asset management software from GLPI Open Source. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

CVE-2022-50022

In the Linux kernel, the following vulnerability has been resolved: drivers:md:fix a potential use-after-free bug In line 2884, "raid5releasestripesh;" drops the reference to sh and may cause sh to be released. However, sh is subsequently used in lines 2886 "if sh-batchhead && sh != sh-batchhead"...

Incorrect Execution-Assigned Permissions

aws-cdk-lib is vulnerable to Incorrect Execution-Assigned Permissions. The vulnerability is due to unexpected Aspect execution order due to the introduction of a new priority system that overrides hierarchical aspect evaluation, potentially leading to incorrect permissions boundaries being assign...

GHSA-G85V-WF27-67XC Harden-Runner has a command injection weaknesses in `setup.ts` and `arc-runner.ts`

Summary Versions of step-security/harden-runner prior to v2.10.2 contain multiple command injection weaknesses via environment variables that could potentially be exploited under specific conditions. However, due to the current execution order of pre-steps in GitHub Actions and the placement of...

CVE-2024-52587 Harden-Runner has command injection weaknesses in `setup.ts` and `arc-runner.ts`

StepSecurity's Harden-Runner provides network egress filtering and runtime security for GitHub-hosted and self-hosted runners. Versions of step-security/harden-runner prior to v2.10.2 contain multiple command injection weaknesses via environment variables that could potentially be exploited under...

WEM Log displayed in VUEMRSAV.exe not showing correct order of external tasks

When using the VUEMRSAV.exe to determine the outcome of the WEM configuration for a user within the log the order in which the WEM external tasks are executing does not reflect the configured order in the WEM configuration set and also the actual order the external tasks are executing...

SUSE-SU-2023:0011-1 Security update for saphanabootstrap-formula

This update for saphanabootstrap-formula fixes the following issues: - Version bump 0.13.1 revert changes to spec file to re-enable SLES RPM builds CVE-2022-45153: Fixed privilege escalation for arbitrary users in hana/hacluster.sls bsc1205990 - Version bump 0.13.0 pass sid to sudoers in a SLES12...

tokenID that is not minted will be stored into the feeRecipient storage

Lines of code Vulnerability details Impact In the original code, tokenID is incremented just after mint function is executed. Afterwards, tokenID is stored into the feeRecipient storage. As a result, tokenID that is not minted will be stored into the feeRecipient storage. Proof of Concept In the...

Fedora Core 6 : gimp-2.2.14-5.fc6 (2007-489)

The GIMP package in Fedora includes a helper script /usr/sbin/gimp-plugin-mgr for plugins contained in other packages, for example, xsane-gimp. This script manages symlinks from the GIMP plugin directory which may change between upgrades to the actual location of the plugins. A bug has been fixed...