11637 matches found
CVE-2025-23206
The AWS Cloud Development Kit AWS CDK is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. Users who use IAM OIDC custom resource provider package will download CA Thumbprints as part of the custom resource workflow...
CVE-2025-21606 Local Privilege Escalation via Exposed XPC Method Due to Client Verification Failure in stats
stats is a macOS system monitor in for the menu bar. The Stats application is vulnerable to a local privilege escalation due to the insecure implementation of its XPC service. The application registers a Mach service under the name eu.exelban.Stats.SMC.Helper. The associated binary,...
CVE-2024-26156
All versions of ETIC Telecom Remote Access Server RAS prior to 4.5.0 are vulnerable to reflected cross site scripting XSS attacks in the method parameter. The ETIC RAS web server uses dynamic pages that gets their input from the client side and reflects the input in its response to the client...
CVE-2024-26157
All versions of ETIC Telecom Remote Access Server RAS prior to 4.5.0 are vulnerable to reflected cross site scripting XSS attacks in get view method under view parameter. The ETIC RAS web server uses dynamic pages that get their input from the client side and reflect the input in their response t...
SUSE-SU-2025:0167-1 Security update for pam_u2f
This update for pamu2f fixes the following issues: - CVE-2025-23013: Fixed problematic PAMIGNORE return values in pamsmauthenticate bsc1233517...
ETIC Telecom Remote Access Server 跨站脚本漏洞
ETIC Telecom Remote Access Server is a remote maintenance solution from the French company ETIC Telecom. It is designed to enable manufacturers to remotely maintain automated equipment. A cross-site scripting vulnerability exists in ETIC Telecom Remote Access Server versions prior to 4.5.0, which...
PT-2025-2392 · Etic Telecom · Etic Telecom Remote Access Server
Name of the Vulnerable Software and Affected Versions: ETIC Telecom Remote Access Server RAS versions prior to 4.5.0 Description: The issue concerns reflected cross-site scripting XSS attacks. Specifically, the ETIC RAS web server is vulnerable to XSS attacks in the method parameter. This occurs...
PT-2025-5302 · Apple · Ipados +5
Name of the Vulnerable Software and Affected Versions: visionOS versions prior to 2.3 iOS versions prior to 18.3 iPadOS versions prior to 18.3 macOS Sequoia versions prior to 15.3 watchOS versions prior to 11.3 tvOS versions prior to 18.3 Description: A type confusion issue was addressed with...
ETIC Telecom Remote Access Server 跨站脚本漏洞
ETIC Telecom Remote Access Server is a remote maintenance solution from the French company ETIC Telecom. It is designed to enable manufacturers to remotely maintain automated equipment. A cross-site scripting vulnerability exists in ETIC Telecom Remote Access Server versions prior to 4.5.0, which...
BIT-PYTHON-MIN-2022-42919
Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network...
The vulnerability of the `asyncio._SelectorSocketTransport.writelines()` method in the Python programming language, which allows a hacker to cause a denial-of-service attack
The vulnerability of the asyncio.SelectorSocketTransport.writelines method in the Python programming language is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a remote attacker to cause a service failure...
jinja2: Jinja has a sandbox breakout through indirect reference to format method
A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...
CVE-2025-22146 Improper authentication on SAML SSO process allows user impersonation in sentry
Sentry is a developer-first error tracking and performance monitoring tool. A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via our private bug bounty program. The vulnerability allows an attacker to take over any user account by using a...
jinja2: Jinja has a sandbox breakout through indirect reference to format method
A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...
Moderate: Red Hat Security Advisory: tuned security update
An update for tuned is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as...
Jinja has a sandbox breakout through indirect reference to format method
...
CVE-2024-57761
An arbitrary file upload vulnerability in the parserXML method of JeeWMS before v2025.01.01 allows attackers to execute arbitrary code via uploading a crafted file...
PT-2025-34632
Name of the Vulnerable Software and Affected Versions: PhpOffice/PhpSpreadsheet versions prior to 1.30.0 PhpOffice/PhpSpreadsheet versions prior to 2.1.12 PhpOffice/PhpSpreadsheet versions prior to 2.4.0 PhpOffice/PhpSpreadsheet versions prior to 3.10.0 PhpOffice/PhpSpreadsheet versions prior to...
CVE-2024-55922
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...
CVE-2024-55920
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...