CVE-2025-45238

foxcms v1.2.5 was discovered to contain an arbitrary file deletion vulnerability via the delRestoreSerie method...

cve_repo

It is an offensive tool for web exploitation. This repository co...

CVE-2024-9877

: Use of GET Request Method With Sensitive Query Strings vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.This issue affects ANC: through 1.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4...

Hashicorp Vault Community vulnerable to Incorrect Authorization

Vault Community, Vault Enterprise “Vault” Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the boundlocations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18...

GHSA-F9CH-H8J7-8JWG Hashicorp Vault Community vulnerable to Incorrect Authorization

Vault Community, Vault Enterprise “Vault” Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the boundlocations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18...

CVE-2025-3879

Vault Community, Vault Enterprise “Vault” Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the boundlocations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18...

CVE-2023-53063

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Microsoft Sets Passkeys Default for New Accounts; 15 Billion Users Gain Passwordless Support

A year after Microsoft announced passkeys support for consumer accounts, the tech giant has announced a big change that pushes individuals signing up for new accounts to use the phishing-resistant authentication method by default. "Brand new Microsoft accounts will now be 'passwordless by...

PT-2025-18909 · Hashicorp +1 · Vault Community Edition +2

Name of the Vulnerable Software and Affected Versions: Vault Community Edition versions prior to 1.19.1 Vault Enterprise versions prior to 1.19.1, 1.18.7, 1.17.14, 1.16.18 Description: The Azure Auth method in Vault did not correctly validate the claims in the Azure-issued token. This resulted in...

Pushing passkeys forward: Microsoft’s latest updates for simpler, safer sign-ins

Happy World Passkey Day! As the world shifts from passwords to passkeys, we’re excited to join the FIDO Alliance in leaving “World Password Day” behind to celebrate the very first “World Passkey Day.” To commemorate this renaming, Microsoft and dozens of other organizations have taken the Passkey...

CVE-2022-49904

The CVE-2022-49904 entry documents a Linux kernel vulnerability in net/neigh: a null-ptr-deref in neigh_table_clear() that occurs when IPv6 initialization fails and cleanup calls pneigh_queue_purge() with a NULL device. The fix, as described, is to pass NULL to pneigh_queue_purge() in neigh_ifdow...

CVE-2022-49891 tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd()

In the Linux kernel, the following vulnerability has been resolved: tracing: kprobe: Fix memory leak in testgenkprobe/kretprobecmd testgenkprobecmd only free buf in fail path, hence buf will leak when there is no failure. Move kfreebuf from fail path to common path to prevent the memleak. The sam...

Exploring PLeak: An Algorithmic Method for System Prompt Leakage

What is PLeak, and what are the risks associated with it? We explored this algorithmic technique and how it can be used to jailbreak LLMs, which could be leveraged by threat actors to manipulate systems and steal sensitive data...

SQL injection in ADOdb PostgreSQL driver pg_insert_id() method

Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and calls pginsertid with user-supplied data. Note that the indicated Severity corresponds to a worst-case usage scenario...

CVE-2024-9877 Sensitive information submitted using GET method

: Use of GET Request Method With Sensitive Query Strings vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.This issue affects ANC: through 1.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4...

CVE-2024-9877 Sensitive information submitted using GET method

: Use of GET Request Method With Sensitive Query Strings vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.This issue affects ANC: through 1.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4...

CVE-2024-9877

CVE-2024-9877 affects ABB ANC, ABB ANC-L, and ABB ANC-mini up to version 1.1.4. The root cause is use of GET requests that transmit sensitive query strings, potentially exposing confidential data. Public references confirm affected versions through 1.1.4 and describe exposure vectors via GET para...

GHSA-927Q-G9W9-PM54 Panic in mp3-metadata due to the lack of bounds checking

The getid3 methods used by mp3metadata::readfromslice does not perform adequate bounds checking when recreating the tag due to the use of desynchronization. Fixed in Fix index error, released as part of 0.4.0...

The vulnerability of the Linux operating system’s kernel PCI component, which allows a hacker to trigger a service failure

The vulnerability of the Linux operating system’s kernel PCI component is related to a memory leak in the resetmethodstore function. Exploiting this vulnerability could allow an attacker to cause a service failure...

An Inversion Theorem for Buffered Linear Toeplitz (BLT) Matrices and Applications to Streaming Differential Privacy

Buffered Linear Toeplitz BLT matrices are a family of parameterized lower-triangular matrices that play an important role in streaming differential privacy with correlated noise. Our main result is a BLT inversion theorem: the inverse of a BLT matrix is itself a BLT matrix with different...