CVE-2025-21029

Improper handling of insufficient permission in System UI prior to SMR Sep-2025 Release 1 allows local attackers to send arbitrary replies to messages from the cover display...

Automattic: Sensei LMS IDOR to send message

Hi there, hope you are doing great. So, there is an option to send message to teacher privately by student on Sensei LMS. Each message sent by student will have different ID, Student1 cannot access or send message to the message from Student2 which is meant to be private with teacher Similarly...

Zulip 访问控制错误漏洞

Zulip server is an open source team chat application from the American company Zulip. An access control error vulnerability exists in versions of Zulip Server prior to 3.4, which stems from a bug in the implementation of replies to messages that send a webhook to a private stream.No details of th...

Fedora 18 : xen-4.2.3-7.fc18 (2013-20544)

Lock order reversal between page allocation and grant table locks ocaml xenstored mishandles oversized message replies systemd changes to allow oxenstored to be used instead of xenstored Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...

Fedora 20 : xen-4.3.1-1.fc20 (2013-20517)

update to xen-4.3.1, Lock order reversal between page allocation and grant table lock ocaml xenstored mishandles oversized message replies systemd changes to allow oxenstored to be used instead of xenstored Note that Tenable Network Security has extracted the preceding description block directly...

Outlook Express HTML file writing

During reply to a message with HTML file attached this file is saved to known location...