CVE-2025-49578

Citizen is a MediaWiki skin. CVE-2025-49578 describes an XSS where date messages produced by Language::userDate are inserted into raw HTML, enabling stored XSS on wikis where a user has the editinterface right but not the editsitejs right. The issue affects Citizen versions prior to 3.3.1 and is ...

CVE-2025-49579 Citizen allows stored XSS in menu heading message

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. All system messages in menu headings using the Menu.mustache template are inserted as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group h...

CVE-2025-49575

The CVE-2025-49575 issue affects the Citizen skin for MediaWiki. The underlying problem is that multiple system messages are inserted into the CommandPaletteFooter as raw HTML, enabling stored HTML injection by users who can edit those messages. This could allow arbitrary HTML execution in the af...

AZL-63681 CVE-2025-38001 affecting package kernel for versions less than 6.6.96.1-1

In the Linux kernel, the following vulnerability has been resolved: netsched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: "We are writing to report that this recent patch 141d34391abbb315d68556b7c67ad97885407547 1 can be bypassed, and a UAF can still occur when HFSC ...

DEBIAN-CVE-2025-38001

In the Linux kernel, the following vulnerability has been resolved: netsched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: "We are writing to report that this recent patch 141d34391abbb315d68556b7c67ad97885407547 1 can be bypassed, and a UAF can still occur when HFSC ...

UBUNTU-CVE-2025-38001

In the Linux kernel, the following vulnerability has been resolved: netsched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: "We are writing to report that this recent patch 141d34391abbb315d68556b7c67ad97885407547 1 can be bypassed, and a UAF can still occur when HFSC ...

CVE-2025-38001 net_sched: hfsc: Address reentrant enqueue adding class to eltree twice

In the Linux kernel, the following vulnerability has been resolved: netsched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: "We are writing to report that this recent patch 141d34391abbb315d68556b7c67ad97885407547 1 can be bypassed, and a UAF can still occur when HFSC ...

Joint Data Hiding and Partial Encryption of Compressive Sensed Streams

The paper proposes a method to secure the Compressive Sensing CS streams. It consists in protecting part of the measurements by a secret key and inserting the code into the rest. The secret key is generated via a cryptographically secure pseudo-random number generator CSPRNG and XORed with the...

CVE-2025-48749

Netwrix Directory Manager formerly Imanami GroupID v11.0.0.0 and before & after v.11.1.25134.03 inserts Sensitive Information into Sent Data...

Novel Loss-Enhanced Universal Adversarial Patches for Sustainable Speaker Privacy

Deep learning voice models are commonly used nowadays, but the safety processing of personal data, such as human identity and speech content, remains suspicious. To prevent malicious user identification, speaker anonymization methods were proposed. Current methods, particularly based on universal...

CVE-2024-22002

CORSAIR iCUE 5.9.105 with iCUE Murals on Windows allows unprivileged users to insert DLL files in the cuepkg-1.2.6 subdirectory of the installation directory...

CVE-2024-38443

C/sorting/binaryinsertionsort.c in The Algorithms - C through e5dad3f has a segmentation fault for deep recursion, which may affect common use cases such as sorting an array of 50 elements...

CVE-2024-31200

A “CWE-201: Insertion of Sensitive Information Into Sent Data” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext when an administrative session is open in the browser...

CVE-2024-29203

TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content insertion code. This allowed iframe elements containing malicious code to execute when inserted into the editor. These iframe elements are restricted in their permissions by...

CVE-2024-46665

An insertion of sensitive information into sent data vulnerability CWE-201 in FortiOS 7.6.0, 7.4.0 through 7.4.4 may allow an attacker in a man-in-the-middle position to retrieve the RADIUS accounting server shared secret via intercepting accounting-requests...

CVE-2024-57036

TOTOLINK A810R V4.1.2cu.5032B20200407 was found to contain a command insertion vulnerability in downloadFile.cgi main function. This vulnerability allows an attacker to execute arbitrary commands by sending HTTP request...

CVE-2024-53333

TOTOLINK EX200 v4.0.3c.7646B20201211 was found to contain a command insertion vulnerability in the setUssd function. This vulnerability allows an attacker to execute arbitrary commands via the "ussd" parameter...

CVE-2023-48301

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and Nextcloud Enterprise Server, an attacker could insert links into circles name that would be opened when clickin...

CVE-2023-33487

TOTOLINK X5000R V9.1.0u.6118B20201102 and V9.1.0u.6369B20230113 contains a command insertion vulnerability in setDiagnosisCfg.This vulnerability allows an attacker to execute arbitrary commands through the "ip" parameter...

CVE-2023-33486

TOTOLINK X5000R V9.1.0u.6118B20201102 and V9.1.0u.6369B20230113 contain a command insertion vulnerability in setOpModeCfg. This vulnerability allows an attacker to execute arbitrary commands through the "hostName" parameter...