crossbeam-channel Vulnerable to Double Free on Drop

The internal Channel type's Drop method has a race which could, in some circumstances, lead to a double-free. This could result in memory corruption. Quoting from the upstream description in merge request \1187: The problem lies in the fact that dicardallmessages contained two paths that could le...

Private Data Structure Returned From A Public Method

github.com/apache/answer, is vulnerable to Private Data Structure Returned From A Public Method. The vulnerability is due to the application allowing external content to be loaded without restriction, allowing an attacker to track or identify users by collecting their IP addresses through...

CVE-2025-28411

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method in /tool/gen/editSave...

CVE-2025-28407

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the edit method of the /edit/dictId endpoint does not properly validate whether the requesting user has permission to modify the specified dictId...

CVE-2025-28403

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method does not properly validate whether the requesting user has administrative privileges before allowing modifications to system configuration settings...

(Pwn2Own) Lexmark CX331adwe loadCFFdata Type Confusion Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX331adwe printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the loadCFFdata method. The issue results from the lack of proper...

The software’s vulnerability related to secure remote access to data through the Palo Alto Networks GlobalProtect App. This vulnerability stems from an open and insecure ActiveX method, allowing attackers to execute arbitrary commands.

The vulnerability of the software for providing secure remote access to data in the Palo Alto Networks GlobalProtect App is related to an open and insecure ActiveX method. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

(Pwn2Own) Samsung Galaxy S24 Gaming Hub Exposed Dangerous Method Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Samsung Galaxy S24. An attacker must first obtain the ability to execute low-privileged script on the target system in order to exploit this vulnerability. The specific flaw exists within the Gaming Hub...

Joomla Framework Database Package Vulnerable to SQL Injection

Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Please note: the affected method is a protected method. It has no usages in the original packages in neither the 2.x nor 3.x branch and therefore the vulnerability in questio...

GHSA-44V2-PRCF-PC3M Joomla Framework Database Package Vulnerable to SQL Injection

Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Please note: the affected method is a protected method. It has no usages in the original packages in neither the 2.x nor 3.x branch and therefore the vulnerability in questio...

CVE-2025-26651

Exposed dangerous method or function in Windows Local Session Manager LSM allows an authorized attacker to deny service over a network...

CVE-2025-26651

Exposed dangerous method or function in Windows Local Session Manager LSM allows an authorized attacker to deny service over a network...

CVE-2025-25226

Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Please note: the affected method is a protected method. It has no usages in the original packages in neither the 2.x nor 3.x branch and therefore the vulnerability in questio...

CVE-2025-25226

Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Please note: the affected method is a protected method. It has no usages in the original packages in neither the 2.x nor 3.x branch and therefore the vulnerability in questio...

CVE-2025-25226

CVE-2025-25226 affects Joomla Framework’s Database package: the quoteNameStr protected method may allow SQL injection if a subclass invokes it. Original 2.x/3.x packages show no direct usages of the method, so exploitation in the base class is not possible, but subclasses extending the affected c...

CVE-2025-25226 [20250401] - Joomla Framework - SQL injection vulnerability in quoteNameStr method of Database package

Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Please note: the affected method is a protected method. It has no usages in the original packages in neither the 2.x nor 3.x branch and therefore the vulnerability in questio...

CVE-2025-25226 [20250401] - Joomla Framework - SQL injection vulnerability in quoteNameStr method of Database package

Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Please note: the affected method is a protected method. It has no usages in the original packages in neither the 2.x nor 3.x branch and therefore the vulnerability in questio...

CVE-2025-30166

Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page...

Description of the security update for Office 2016: April 8, 2025 (KB5002700)

Description of the security update for Office 2016: April 8, 2025 KB5002700 Summary This security update resolves a Microsoft Office remote code execution vulnerability, Microsoft Office elevation of privilege vulnerability, Microsoft Word security feature bypass vulnerability, and Microsoft Exce...

PT-2025-15468 · Joomla · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla versions prior to 2.1.1 and 3.3.1 Description: The issue arises from improper handling of identifiers, leading to a SQL injection vulnerability in the quoteNameStr method of the database package. This method is protected and has no...