Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-150600105 fixes several issues. The following security issues were fixed: CVE-2024-53146: NFSD: Prevent a potential integer overflow bsc1234854. CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability bsc1235005. CVE-2024-53173: NFSv4....

WordPress plugin ProfileGrid SQL注入漏洞

WordPress ProfileGrid is a user management plugin that is mainly used to create user groups, communities and membership systems, supporting multi-role management, permission control and personalized configuration. WordPress ProfileGrid suffers from a SQL injection vulnerability that stems from...

Security update for protobuf

This update for protobuf fixes the following issues: CVE-2025-4565: Fix parsing of untrusted Protocol Buffers data containing an arbitrary number of recursive groups or messages that can lead to crash due to RecursionError bsc1244663. Patch Instructions: To install this SUSE update use the SUSE...

Security update for protobuf

This update for protobuf fixes the following issues: CVE-2025-4565: Fix parsing of untrusted Protocol Buffers data containing an arbitrary number of recursive groups or messages that can lead to crash due to RecursionError bsc1244663. Patch Instructions: To install this SUSE update use the SUSE...

org.jboss.hal:hal-console: Wildfly HAL Console Cross-Site Scripting

A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups...

org.jboss.hal:hal-console: Wildfly HAL Console Cross-Site Scripting

A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups...

org.jboss.hal:hal-console: Wildfly HAL Console Cross-Site Scripting

A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups...

WeGIA 跨站脚本漏洞

WeGIA is a web manager for welfare organizations. WeGIA suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the relatoriogeracao.php endpoint, for which no detailed vulnerability details are currently available...

OESA-2025-1798 protobuf security update

Security Fixes: Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of...

Using Signal Groups for Activism

Good tutorial by Micah Lee. It includes some nonobvious use cases...

DEBIAN-CVE-2025-38255

In the Linux kernel, the following vulnerability has been resolved: lib/groupcpus: fix NULL pointer dereference from groupcpusevenly While testing nullblk with configfs, echo 0 pollqueues will trigger following panic: BUG: kernel NULL pointer dereference, address: 0000000000000010 Oops: Oops: 000...

UBUNTU-CVE-2025-38255

In the Linux kernel, the following vulnerability has been resolved: lib/groupcpus: fix NULL pointer dereference from groupcpusevenly While testing nullblk with configfs, echo 0 pollqueues will trigger following panic: BUG: kernel NULL pointer dereference, address: 0000000000000010 Oops: Oops: 000...

OESA-2025-1714 protobuf security update

Security Fixes: Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of...

OESA-2025-1713 protobuf security update

Security Fixes: Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of...

CVE-2024-9017 PeepSo Core: Groups <= 6.4.6.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Group Description

The PeepSo Core: Groups plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Group Description field in all versions up to, and including, 6.4.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-9017

CVE-2024-9017 : The PeepSo Core: Groups plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Group Description field in all versions up to and including 6.4.6.0. Exploitation requires authenticated access at Subscriber level or higher, enabling an attacker to inject scripts t...

WordPress plugin PeepSo Core Groups 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress PeepSo Core: Groups plugin <= 6.4.6.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Group Description vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via Group Description vulnerability discovered by Bikram Kharal in WordPress Plugin PeepSo Core: Groups versions = 6.4.6.0...

📄 Microsoft SharePoint 2019 NTLM Authentication Information Disclosure

Microsoft SharePoint Central Administration improperly exposes NTLM-authenticated endpoints to low-privileged or even brute-forced domain accounts. Once authenticated, an attacker can access the api/web endpoint, disclosing rich metadata about the SharePoint site, including user group...

Security Bulletin: Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit, affect watsonx.data

Summary Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit. These could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Any project that parses...