CVE-2023-53438 x86/MCE: Always save CS register on AMD Zen IF Poison errors

In the Linux kernel, the following vulnerability has been resolved: x86/MCE: Always save CS register on AMD Zen IF Poison errors The Instruction Fetch IF units on current AMD Zen-based systems do not guarantee a synchronous MC is delivered for poison consumption errors. Therefore,...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the mishandling of instruction fetch unit errors in the AMD Zen architecture, which may result in failure to...

PT-2025-38457

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the x86/MCE subsystem related to handling Machine Check Exceptions MCE on AMD Zen-based systems. Specifically, the Instruction Fetch IF units may...

CVE-2025-59414 Nuxt Client-Side Path Traversal in Nuxt Island Payload Revival

Nuxt is an open-source web development framework for Vue.js. Prior to 3.19.0 and 4.1.0, A client-side path traversal vulnerability in Nuxt's Island payload revival mechanism allowed attackers to manipulate client-side requests to different endpoints within the same application domain when specifi...

Security update for sevctl

This update for sevctl fixes the following issues: CVE-2025-3416: openssl: Fixed Use-After-Free in Md::fetch and Cipher::fetch bsc1242618 CVE-2024-12224: idna: Fixed Punycode improper validation bsc1243860 Patch Instructions: To install this SUSE update use the SUSE recommended installation metho...

CVE-2025-10399

A weakness has been identified in Korzh EasyQuery up to 7.4.0. This issue affects some unknown processing of the file /api/easyquery/models/nwind/fetch of the component Query Builder UI. This manipulation causes sql injection. The attack may be initiated remotely. The exploit has been made...

GHSA-HR92-4Q35-4J3M FlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerability

Summary --- A Server-Side Request Forgery SSRF vulnerability was discovered in the /api/v1/fetch-links endpoint of the Flowise application. This vulnerability allows an attacker to use the Flowise server as a proxy to access internal network web services and explore their link structures. The...

Server-side Request Forgery (SSRF)

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetch function in the fetch-links feature when user-supplied URLs are not validated. An attacker can access internal network resources and sensitive...

FlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerability

Summary --- A Server-Side Request Forgery SSRF vulnerability was discovered in the /api/v1/fetch-links endpoint of the Flowise application. This vulnerability allows an attacker to use the Flowise server as a proxy to access internal network web services and explore their link structures. The...

CVE-2022-50327

In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: idle: Check acpifetchacpidev return value The return value of acpifetchacpidev could be NULL, which would cause a NULL pointer dereference to occur in acpidevicehid. rjw: Subject and changelog edits, added empty...

AZL-74646 CVE-2022-50327 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: idle: Check acpifetchacpidev return value The return value of acpifetchacpidev could be NULL, which would cause a NULL pointer dereference to occur in acpidevicehid. rjw: Subject and changelog edits, added empty...

Fetch streams are great, but not for measuring upload/download progress

Part of my role at Mozilla is making sure we're focusing on the right features, and we got onto the topic of fetch upload streams. It's something Chrome has supported for a while, but it isn't yet supported in either Firefox or Safari. I asked folks on various social platforms what they thought o...

PT-2025-39072

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.6 Flowise version 3.0.5 Description A Server-Side Request Forgery SSRF vulnerability exists in the /api/v1/fetch-links endpoint of the Flowise application. This allows an attacker to use the Flowise server as a...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an unchecked acpifetchacpidev return value that could result in a null pointer dereference...

CVE-2025-10399

A weakness has been identified in Korzh EasyQuery up to 7.4.0. This issue affects some unknown processing of the file /api/easyquery/models/nwind/fetch of the component Query Builder UI. This manipulation causes sql injection. The attack may be initiated remotely. The exploit has been made...

CVE-2025-10399

CVE-2025-10399 concerns Korzh EasyQuery (up to version 7.4.0). The vulnerability arises from improper handling in the Query Builder UI component, specifically the file path /api/easyquery/models/nwind/fetch, enabling SQL injection. The issue can be triggered remotely and has been publicly exposed...

CVE-2025-10399 Korzh EasyQuery Query Builder UI fetch sql injection

A weakness has been identified in Korzh EasyQuery up to 7.4.0. This issue affects some unknown processing of the file /api/easyquery/models/nwind/fetch of the component Query Builder UI. This manipulation causes sql injection. The attack may be initiated remotely. The exploit has been made...

CVE-2025-10399 Korzh EasyQuery Query Builder UI fetch sql injection

A weakness has been identified in Korzh EasyQuery up to 7.4.0. This issue affects some unknown processing of the file /api/easyquery/models/nwind/fetch of the component Query Builder UI. This manipulation causes sql injection. The attack may be initiated remotely. The exploit has been made...

Korzh EasyQuery SQL注入漏洞

Korzh EasyQuery is a query builder software from Korzh. A SQL injection vulnerability exists in Korzh EasyQuery 7.4.0 and earlier versions, which stems from improper handling of files/api/easyquery/models/nwind/fetch in the Query Builder UI component, which can lead to SQL injection attacks...

SUSE-SU-2025:20716-1 Security update for sevctl

This update for sevctl fixes the following issues: - CVE-2025-3416: openssl: Fixed Use-After-Free in Md::fetch and Cipher::fetch bsc1242618 - CVE-2024-12224: idna: Fixed Punycode labels not producing any non-ASCII when decode bsc1243860...