CVE-2025-43734

Liferay Portal 7.4.0–7.4.3.132 and Liferay DXP 2025.Q1.0–2025.Q1.10, 2024.Q4.0–2024.Q4.7, 2024.Q3.1–2024.Q3.13, 2024.Q2.1–2024.Q2.13, 2024.Q1.1–2024.Q1.16 and 7.4 GA through update 92 are affected by a reflected XSS in the first display label field of a custom sort widget. A remote authenticated ...

CVE-2025-43734

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allows...

PT-2025-32880 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.132 Liferay DXP versions 2025.Q1.0 through 2025.Q1.10 Liferay DXP versions 2024.Q4.0 through 2024.Q4.7 Liferay DXP versions 2024.Q3.1 through 2024.Q3.13 Liferay DXP versions 2024.Q2.1 through...

CVE-2025-8854

The CVE-2025-8854 entry concerns bulletphysics bullet3 LoadOFF: a stack-based buffer overflow in the OFF parser. A crafted OFF file with an overlong initial token, processed by the VHACD test utility or via PyBullet’s vhacd function, can lead to remote code execution. Affected: bullet3 before ver...

Linux Distros Unpatched Vulnerability : CVE-2023-53070

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ACPI: PPTT: Fix to avoid sleep in the atomic context when PPTT is absent Commit 0c80f9e165f8...

CVE-2012-10041

WAN Emulator v2.3 contains two unauthenticated command execution vulnerabilities. The result.php script calls shellexec with unsanitized input from the pc POST parameter, allowing remote attackers to execute arbitrary commands as the www-data user. The system also includes a SUID-root binary name...

CVE-2025-8811 code-projects Simple Art Gallery registration.php sql injection

A vulnerability, which was classified as critical, has been found in code-projects Simple Art Gallery 1.0. Affected by this issue is some unknown functionality of the file /Admin/registration.php. The manipulation of the argument fname leads to sql injection. The attack may be launched remotely...

Linux Distros Unpatched Vulnerability : CVE-2024-39462

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: clk: bcm: dvp: Assign -num before accessing -hws Commit f316cdff8d67 clk: Annotate struct...

CVE-2023-41529

Hospital Management System v4 was discovered to contain multiple cross-site scripting XSS vulnerabilities in func2.php via the fname and lname parameters...

CVE-2012-10041

WAN Emulator v2.3 contains two unauthenticated command execution vulnerabilities. The result.php script passes unsanitized input from the pc POST parameter to shell_exec(), allowing remote command execution as the www-data user. Additionally, a SUID-root binary named dosu is vulnerable to command...

CVE-2012-10041 WAN Emulator v2.3 Command Execution

WAN Emulator v2.3 contains two unauthenticated command execution vulnerabilities. The result.php script calls shellexec with unsanitized input from the pc POST parameter, allowing remote attackers to execute arbitrary commands as the www-data user. The system also includes a SUID-root binary name...

drm/amd/display: Add null pointer check for get_first_active_display()

...

Hospital Management System 安全漏洞

Hospital Management System is a hospital management system by Kishan Lal, an individual developer. A security vulnerability exists in Hospital Management System version v4, which is caused by a cross-site scripting attack due to incorrect manipulation of the parameters fname and lname in the file...

GHSA-XHPR-465J-7P9Q Keycloak phishing attack via email verification step in first login flow

There is a flaw with the first login flow where, during a IdP login, an attacker with a registered account can initiate the process to merge accounts with an existing victim's account. The attacker will subsequently be prompted to "review profile" information, which allows the the attacker to...

CVE-2025-7361

A code injection vulnerability due to an improper initialization check exists in NI LabVIEW that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI using a CIN node. This vulnerability affects 32-bit NI LabVIEW 2025 Q1...

keycloak: Phishing attack via email verification step in first login flow

A flaw was found in Keycloak. When an authenticated attacker attempts to merge accounts with another existing account during an identity provider IdP login, the attacker will subsequently be prompted to "review profile" information. This vulnerability allows the attacker to modify their email...

keycloak: Phishing attack via email verification step in first login flow

A flaw was found in Keycloak. When an authenticated attacker attempts to merge accounts with another existing account during an identity provider IdP login, the attacker will subsequently be prompted to "review profile" information. This vulnerability allows the attacker to modify their email...

DEBIAN-CVE-2025-38475

In the Linux kernel, the following vulnerability has been resolved: smc: Fix various oops due to inetsock type confusion. syzbot reported weird splats 01 in cipsov4socksetattr while freeing inetsksk-inetopt. The address was freed multiple times even though it was read-only memory...

SUSE CVE-2025-38413

In the Linux kernel, the following vulnerability has been resolved: virtio-net: xsk: rx: fix the frame's length check When calling buftoxdp, the len argument is the frame data's length without virtio header's length vi-hdrlen. We check that len with xskpoolgetrxframesize + vi-hdrlen to ensure the...

DEBIAN-CVE-2025-38413

In the Linux kernel, the following vulnerability has been resolved: virtio-net: xsk: rx: fix the frame's length check When calling buftoxdp, the len argument is the frame data's length without virtio header's length vi-hdrlen. We check that len with xskpoolgetrxframesize + vi-hdrlen to ensure the...