3793 matches found
Microsoft Surface 输入验证错误漏洞
Microsoft Surface is a tablet computer from Microsoft Corporation USA. An input validation error vulnerability exists in Microsoft Surface. An attacker exploiting this vulnerability could bypass certain features. The following products and versions are affected:Surface Laptop 4 with Intel...
Microsoft Windows Kernel 访问控制错误漏洞
Microsoft Windows Kernel is the kernel of the Windows operating system from Microsoft Corporation USA. An access control error vulnerability exists in Microsoft Windows Kernel. An attacker exploiting this vulnerability could bypass certain features. The following products and editions are...
PT-2025-6357 · Adobe · Commerce
Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7-beta1 through 2.4.4-p11 and earlier Description: The issue is related to an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this...
Adobe Commerce 授权问题漏洞
Adobe Commerce is the United States of America Odobie Adobe company's a kind of merchants and brands for the world's leading digital commerce solutions. A security bypass vulnerability exists in Adobe Commerce, which can be exploited by an attacker to cause a security feature bypass...
CVE-2024-20895
Improper access control in Dar service prior to SMR Jul-2024 Release 1 allows local attackers to bypass restriction for calling SDP features...
CVE-2024-37287
A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML and Alerting connector features, as well as write access to internal ML indices can trigger a prototype pollution vulnerability, ultimately leading to arbitrary code execution...
Watch Out For These 8 Cloud Security Shifts in 2025
As cloud security evolves in 2025 and beyond, organizations must adapt to both new and evolving realities, including the increasing reliance on cloud infrastructure for AI-driven workflows and the vast quantities of data being migrated to the cloud. But there are other developments that could...
Security update for the Linux Kernel
The SUSE Linux Enterprise Micro 6.0 kernel was updated to receive various security bugfixes. This release includes the first live patch. The following security bugs were fixed: CVE-2023-52489: mm/sparsemem: fix race in accessing memorysection-usage bsc1221326. CVE-2023-52581: netfilter: nftables:...
WordPress plugin Shortcodes and extra features for Phlox theme 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
CVE-2025-21682 eth: bnxt: always recalculate features after XDP clearing, fix null-deref
In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: always recalculate features after XDP clearing, fix null-deref Recalculate features when XDP is detached. Before: ip li set dev eth0 xdp obj xdpdummy.bpf.o sec xdp ip li set dev eth0 xdp off ethtool -k eth0 | grep gro...
CGA-W672-GW3G-GFGQ
Bulletin has no description...
Advisory ROSA-SA-2025-2675
software: libssh2 1.10.0 OS: ROSA-CHROME packageevrstring: libssh2-1.10.0-3 CVE-ID: CVE-2023-48795 BDU-ID: 2023-08853 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection negotiation process...
CVE-2025-24367
Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed...
UBUNTU-CVE-2025-24367
Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed...
Virtuozzo Hybrid Infrastructure 6.3 Update 1 (6.3.1-91)
In this release, Virtuozzo Hybrid Infrastructure provides a range of new features that cover improvements in the compute service, core and object storage, as well as monitoring and alerting. Additionally, this release delivers stability and security improvements, and addresses issues found in...
PT-2025-3845 · WordPress · Divi Carousel Maker
Name of the Vulnerable Software and Affected Versions: Divi Carousel Maker plugin for WordPress versions up to, and including, 2.0.4 Description: The Divi Carousel Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Carousel and Logo Carousel in all...
CVE-2024-52972 Kibana allocation of resources without limits or throttling leads to crash
An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted request to /api/metrics/snapshot. This can be carried out by users with read access to the Observability Metrics or Logs features in Kibana...
Unspecified Vulnerability in Fortinet FortiOS (CNVD-2025-02529)
Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. Fortinet FortiOS has a security...
CVE-2025-22450
Inclusion of undocumented features issue exists in UD-LT2 firmware Ver.1.00.008SE and earlier. A remote attacker may disable the LAN-side firewall function of the affected products, and open specific ports...
JVN#15293958: Multiple vulnerabilities in I-O DATA router UD-LT2
UD-LT2 provided by I-O DATA DEVICE, INC. contains multiple vulnerabilities listed below. OS Command Injection CWE-78 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 7.2 CVE-2025-20617, CVE-2025-26856 Inclusion of Undocumented Features CWE-1242 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N...