YugabyteDB 安全漏洞

YugabyteDB is a high-performance transactional distributed SQL database for cloud-native applications from Yugabyte USA. A security vulnerability exists in YugabyteDB that stems from a diagnostic information transfer over HTTP that could lead to the disclosure of sensitive data...

CVE-2025-5095

Burk Technology ARC Solo's password change mechanism can be utilized without proper authentication procedures, allowing an attacker to take over the device. A password change request can be sent directly to the device's HTTP endpoint without providing valid credentials. The system does not enforc...

CVE-2025-55009 AuthKit: Sensitive auth data rendered in HTML

The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In versions 0.14.1 and below, @workos-inc/authkit-remix exposed sensitive authentication artifacts — specifically sealedSession and accessToken — by returning the...

CVE-2012-10047

Cyclope Employee Surveillance Solution versions 6.x are vulnerable to a SQL injection flaw in its login mechanism. The username parameter in the auth-login POST request is not properly sanitized, allowing attackers to inject arbitrary SQL statements. This can be leveraged to write and execute a...

Linux Distros Unpatched Vulnerability : CVE-2025-6554

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium securit...

CVE-2025-8582

Insufficient validation of untrusted input in Core in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Low...

Akamai Ghost 环境问题漏洞

Akamai Ghost is an HTTP service program from Akamai Corporation. An environmental issue vulnerability exists in versions of Akamai Ghost prior to 2025-03-26, which stems from inconsistent parsing of HTTP requests and could lead to a request entrapment attack...

PT-2025-32330 · Burk Technology · Arc Solo

Name of the Vulnerable Software and Affected Versions: Burk Technology ARC Solo affected versions not specified Description: The password change mechanism in Burk Technology ARC Solo does not require proper authentication, potentially allowing an attacker to take over the device. A password chang...

CVE-2025-55014

The YouDao plugin for StarDict, as used in stardict 3.0.7+git20220909+dfsg-6 in Debian trixie and elsewhere, sends an X11 selection to the dict.youdao.com and dict.cn servers via cleartext HTTP...

[SECURITY] Fedora 42 Update: libsoup3-3.6.5-2.fc42

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications...

Security update for python311

This update for python311 fixes the following issues: CVE-2025-6069: Avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser bsc1244705. Update to 3.11.13: Security gh-135034: Fixes multiple issues that allowed tarfile extraction filters filter="data...

Google Chrome 安全漏洞

Google Chrome is a free web browser developed by Google. It is the world's largest browser in terms of market share due to its speed, security, simplicity, multi-platform support and built-in privacy protection. Google Chrome suffers from a post-release reuse vulnerability that stems from a...

firefox: thunderbird: Incorrect URL stripping in CSP reports

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The username:password part is incorrectly stripped from URLs in CSP reports, potentially leaking HTTP Basic Authentication credentials...

SUSE CVE-2024-32663

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19...

tomcat: Apache Tomcat denial of service

A denial of service flaw was found in Apache Tomcat. An uncontrolled resource consumption vulnerability, where an HTTP/2 client fails to acknowledge the initial settings frame that reduces the maximum permitted concurrent streams, could result in a denial of service...

TOTOLINK A702R Buffer Overflow Vulnerability

The TOTOLINK A702R is a wireless router model from China's Gion Electronics, with key features including dual-band 2.4GHz/5.8GHz network connectivity, up to 1200Mbps transfer rate, four 5dBi antennas, and a built-in firewall. A buffer overflow vulnerability exists in the TOTOLINK A702R, which...

OpenBlow 安全漏洞

OpenBlow is a web-based system for accepting anonymous reports and protecting the privacy of informants within an organization by OpenBlow Italy. A security vulnerability exists in OpenBlow that stems from a missing critical HTTP response header that could lead to cross-site scripting, clickjacki...

Virtual Local Area Network over HTTP for Launching an Insider Attack

Computers and computer networks have become integral to virtually every aspect of modern life, with the Internet playing an indispensable role. Organizations, businesses, and individuals now store vast amounts of proprietary, confidential, and personal data digitally. As such, ensuring the securi...

Possible HTML Injection in Accept-Language header

This report is not public...

SUSE CVE-2025-8037

Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the Secure attribute. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...