One Time Password - Moderately critical - Access bypass - SA-CONTRIB-2025-063

This module enables you to allow users to include a second authentication method in addition to password authentication. The module doesn't sufficiently prevent the same TFA token within a 30 second window. This vulnerability is mitigated by the fact that an attacker must obtain a valid...

UBUNTU-CVE-2025-4574

In crossbeam-channel rust crate, the internal Channel type's Drop method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption...

php: Reference counting in php_request_shutdown causes Use-After-Free

A flaw was found in PHP. This vulnerability allows remote code execution via a crafted code path involving the set magic method or the null coalescing assignment ??= operator, in combination with exception handling. Attackers can trigger a use-after-free condition by controlling the memory layout...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the snippet helper or $kirby-snippet method with a dynamic snippet name. An attacker can access arbitrary files by manipulating the snippet path to traverse to directories outside of the intended snippet's root...

php: Reference counting in php_request_shutdown causes Use-After-Free

A flaw was found in PHP. This vulnerability allows remote code execution via a crafted code path involving the set magic method or the null coalescing assignment ??= operator, in combination with exception handling. Attackers can trigger a use-after-free condition by controlling the memory layout...

kernel: drm/amd: Guard against bad data for ATIF ACPI method

In the Linux kernel, the following vulnerability has been resolved: drm/amd: Guard against bad data for ATIF ACPI method If a BIOS provides bad data in response to an ATIF method call this causes a NULL pointer dereference in the caller. ? showregs arch/x86/kernel/dumpstack.c:478 discriminator 1 ...

PT-2025-23248 · Freescout · Freescout

Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.180 Description: The issue is related to a mass assignment vulnerability in the Customer object, which is updated using the fill method. This method processes fields such as channel and channel id, but it is...

Crossbeam 资源管理错误漏洞

Crossbeam is a Crossbeam open source tool for concurrent programming applications. A resource management error vulnerability exists in Crossbeam that stems from a contention condition in the Drop method of the Channel type, which could lead to a double release and memory corruption...

CVE-2024-56523

Radware Cloud Web Application Firewall WAF before 2025-05-07 allows remote attackers to bypass firewall filters by placing random data in the HTTP request body when using the HTTP GET method...

CVE-2024-56523

Radware Cloud Web Application Firewall WAF before 2025-05-07 allows remote attackers to bypass firewall filters by placing random data in the HTTP request body when using the HTTP GET method...

CVE-2024-56523

Radware Cloud Web Application Firewall WAF before 2025-05-07 allows remote attackers to bypass firewall filters by placing random data in the HTTP request body when using the HTTP GET method...

Radware Cloud Web Application Firewall 安全漏洞

Radware Cloud Web Application Firewall is a cloud-based web application firewall from Radware Israel. A security vulnerability exists in Radware Cloud Web Application Firewall versions prior to 2025-05-07, which originates in the HTTP GET method where the body of the HTTP request contains random...

Securing WiFi Fingerprint-Based Indoor Localization Systems from Malicious Access Points

WiFi fingerprint-based indoor localization schemes deliver highly accurate location data by matching the received signal strength indicator RSSI with an offline database using machine learning ML or deep learning DL models. However, over time, RSSI values degrade due to the malicious behavior of...

CVE-2024-56523

Radware Cloud Web Application Firewall WAF before 2025-05-07 allows remote attackers to bypass firewall filters by placing random data in the HTTP request body when using the HTTP GET method...

CVE-2024-56523

Summary: CVE-2024-56523 affects Radware Cloud Web Application Firewall (WAF). The vulnerability allows remote attackers to bypass firewall filters by placing random data in the HTTP request body when using the HTTP GET method, potentially enabling malicious inputs to reach the underlying web appl...

U.S. Dept Of Defense: Cross-Site Scripting via 'autoPlay' parameter

A Cross-Site Scripting XSS vulnerability was discovered on a website through the 'autoPlay' parameter in the GET method. Exploitation of this vulnerability allowed the injection of malicious scripts that could be executed. A proof-of-concept was provided demonstrating an alert pop-up...

U.S. Dept Of Defense: Cross-Site Scripting via 'currentImage' parameter

A Cross-Site Scripting XSS vulnerability was discovered on a website from the U.S. Navy through the 'currentImage' parameter in the GET method. The vulnerability allowed for the injection of malicious scripts that could potentially be executed. A proof of concept was provided that demonstrated th...

WordPress Depicter Plugin 3.6.1 - SQL Injection

Exploit Title: WordPress Depicter Plugin 3.6.1 - SQL Injection Google Dork: inurl:/wp-content/plugins/depicter/ Date: 2025-05-06 Exploit Author: Andrew Long datagoboom Vendor Homepage: https://wordpress.org/plugins/depicter/ Software Link: https://downloads.wordpress.org/plugin/depicter.3.6.1.zip...

RLSA-2024:11189 Moderate: python3.11-urllib3 security update

The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: urllib3: Request body not stripped after redirect from 303 status changes request method to GET CVE-2023-45803 For more details about the security issues, including the...

CVE-2025-30147 ALTBN128_ADD, ALTBN128_MUL, ALTBN128_PAIRING precompile functions do not check if points are on curve

Besu Native contains scripts and tooling that is used to build and package the native libraries used by the Ethereum client Hyperledger Besu. Besu 24.7.1 through 25.2.2, corresponding to besu-native versions 0.9.0 through 1.2.1, have a potential consensus bug for the precompiles ALTBN128ADD 0x06,...