11632 matches found
CVE-2025-25789
FoxCMS v1.2.5 was discovered to contain a remote code execution RCE vulnerability via the index method at \controller\Sitemap.php...
CVE-2025-25789
CVE-2025-25789 affects FoxCMS v1.2.5 and is described as a remote code execution (RCE) via the index() method in Sitemap.php. The vulnerability is detailed as a high-severity issue (CVSS v3.1: 9.8, CRITICAL) with NETWORK attack vector, LOW attack complexity, no privileges required, no user intera...
GHSA-HW62-58PR-7WC5 DOM Expressions has a Cross-Site Scripting (XSS) vulnerability due to improper use of string.replace
!NOTE This advisory was originally emailed to [email protected] by @nsysean. To sum it up, the use of javascript's .replace opens up to potential XSS vulnerabilities with the special replacement patterns beginning with $. Particularly, when the attributes of Meta tag from solid-meta are...
USN-7292-1 Several security issues were fixed in Dropbear
Manfred Kaiser discovered that Dropbear through 2020.81 does not properly check the available authentication methods in the client-side SSH code. An attacker could use this vulnerability to gain unauthorized access to remote systems. CVE-2021-36369 Fabian Bäumer, Marcus Brinkmann, and Jörg Schwen...
urllib3: Request body not stripped after redirect from 303 status changes request method to GET
A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as POST to GET, as is required by HTTP...
Moderate: Red Hat Security Advisory: tuned security update
An update for tuned is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...
tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method
A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick t...
Driver Disk for Qlogic qla2xxx 10.02.13.00_k - For Citrix Hypervisor 8.2 Cumulative Update 1 LTSR
Who should install this driver disk? Customers running the Citrix Hypervisor 8.2 Cumulative Update 1 LTSR release who use Qlogic's qla2xxx driver and wish to use the latest version of the following: Driver Module| Driver Type| Version ---|---|--- qla2xxx| Fibre Channel HBA/Storage Controller|...
February 25, 2025—KB5052077 (OS Build 19045.5555) Preview
February 25, 2025—KB5052077 OS Build 19045.5555 Preview Support for Windows 10 has ended on October 14, 2025 After October 14, 2025, Microsoft will no longer provide free software updates from Windows Update, technical assistance, or security fixes for Windows 10. Your PC will still work, but we...
CVE-2024-53543
NovaCHRON Zeitsysteme GmbH & Co. KG Smart Time Plus v8.x to v8.6 was discovered to contain a SQL injection vulnerability via the addProject method in the smarttimeplus/MySQLConnection endpoint...
Phusion Passenger denial of service
The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method...
GHSA-2CJ2-QQXJ-5M3R Phusion Passenger denial of service
The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method...
DEBIAN-CVE-2025-26803
The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method...
CVE-2025-26803
The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method...
CVE-2025-26803
The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method...
UBUNTU-CVE-2025-26803
The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method...
Advisory ROSA-SA-2025-2703
Software: jbig2dec 0.16 OS: ROSA Virtualization 3.0 packageevrstring: jbig2dec-0.16 CVE-ID: CVE-2020-12268 BDU-ID: 2022-05687 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the jbig2imagecompose function of the jbig2imagecompose component of the jbig2image.c decoder of the JBIG2 Jbig2dec image...
CVE-2025-26803
The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method...
CVE-2025-26803
The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method...
Phusion Passenger 安全漏洞
Phusion Passenger is a fast and powerful web server and application server from Phusion Open Source. A security vulnerability exists in Phusion Passenger versions 6.0.21 through 6.0.25 that originates in a denial of service when the HTTP parser resolves an invalid HTTP method...