[SECURITY] Fedora 40 Update: trafficserver-9.2.10-1.fc40

Traffic Server is a high-performance building block for cloud services. It's more than just a caching proxy server; it also has support for plugins to build large scale web applications. Key features: Caching - Improve your response time, while reducing server load and bandwidth needs by caching...

The vulnerability of the E-Staff automation system for recruitment processes is related to errors in XML data filtering during document printing, allowing a perpetrator to execute arbitrary commands.

The vulnerability of the E-Staff recruitment process automation system is related to errors in XML data filtering during document printing. Exploiting this vulnerability allows a malicious actor to remotely execute arbitrary commands by sending a specially crafted XML document...

OESA-2025-1386 qt5-qtbase security update

Qt is a software toolkit for developing applications. Security Fixes: encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string with relocation of later data.CVE-2025-30348...

Adobe XMP Toolkit 缓冲区错误漏洞

Adobe XMP Toolkit is a toolkit from the American company Audobee Adobe. Used to integrate Xmp functionality into a product or solution. Adobe XMP Toolkit suffers from a buffer overflow vulnerability that originates from an out-of-bounds read, which can be exploited by an attacker to cause a...

Nakivo Backup & Replication 代码问题漏洞

Nakivo Backup & Replication is a reliable, fast and affordable virtual machine backup solution from Nakivo USA. A code issue vulnerability exists in Nakivo Backup & Replication versions 10.3.x through 11.0.1, which stems from an XXE vulnerability that allows remote attackers to obtain and parse a...

OpenSCAP Libraries 1.3.12

The openscap project is a set of open source libraries that support the SCAP Security Content Automation Protocol set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF...

PT-2025-15273

Name of the Vulnerable Software and Affected Versions EDK2 affected versions not specified Description The issue is related to a vulnerability in the HashPeImageByType function, where a user can cause a read out of bounds by sending corrupted data via the network. This could lead to a loss of...

WordPress plugin Easy Google Maps 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

PT-2025-14881 · Youkefu · Youkefu

Name of the Vulnerable Software and Affected Versions: zhangyanbo2007 youkefu versions up to 4.2.0 Description: A problematic issue was found in the XML Document Handler component, specifically affecting the CallCenterRouterController.java file. The manipulation of the routercontent argument lead...

WordPress plugin Import Export Suite for CSV and XML Datafeed 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2025-1341)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Analyzing open-source bootloaders: Finding vulnerabilities faster with AI

By leveraging Microsoft Security Copilot to expedite the vulnerability discovery process, Microsoft Threat Intelligence uncovered several vulnerabilities in multiple open-source bootloaders, impacting all operating systems relying on Unified Extensible Firmware Interface UEFI Secure Boot as well ...

CVE-2025-1781

There is a XXE in W3CSS Validator versions before cssval-20250226 that allows an attacker to use specially-crafted XML objects to coerce server-side request forgery SSRF. This could be exploited to read arbitrary local files if an attacker has access to exception messages...

encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data).

...

UBUNTU-CVE-2025-21872

In the Linux kernel, the following vulnerability has been resolved: efi: Don't map the entire mokvar table to determine its size Currently, when validating the mokvar table, we remap the entire table on each iteration of the loop, adding space as we discover new entries. If the table grows over a...

Vulnerabilities of EFI/unaccepted kernel components of the Linux operating system, allowing attackers to trigger a service failure

The vulnerability of the listdel function in efi/unaccepted kernel components of the Linux operating system is related to improper locking mechanisms. Exploiting this vulnerability could allow an attacker to trigger a service failure...

Libexpat: expat: improper restriction of xml entity expansion depth in libexpat

...

JetBrains GoLand 代码问题漏洞

JetBrains GoLand is a set of intelligent IDE Integrated Development Environment dedicated to Go language development from the Czech company JetBrains. A code issue vulnerability exists in JetBrains GoLand that stems from a networked system or product that does not have the correct filters set up ...

编号撤回

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI Open Source. This CVE number has been withdrawn...

编号撤回

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI Open Source. This CVE number has been withdrawn...