Ghost CMS <=4.32 - Cross-Site Scripting

Ghost CMS 4.0.0 to 4.3.2 contains a DOM cross-site scripting vulnerability. An unused endpoint added during the development of 4.0.0 allows attackers to gain access by getting logged-in users to click a link containing malicious code. id: CVE-2021-29484 info: name: Ghost CMS =4.32 - Cross-Site...

Kibana 8.19.16, 9.3.5, 9.4.1 Security Update (ESA-2026-32)

Uncontrolled Resource Consumption in Kibana Leading to Denial of Service Uncontrolled Resource Consumption CWE-400 in Kibana can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user holding a low-privileged role can submit a specially crafted, oversized payload to...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21783)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21783 advisory. - In the Linux kernel, the following vulnerability has been resolved: gpiolib: Fix crash on error in...

PT-2025-3667 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue arises in the Linux kernel's netfs subsystem, specifically when handling the copy to cache on write-begin operation for ceph filesystems. At the end of netfs unlock read foli...

SUSE-SU-2024:1540-1 Security update for xen

This update for xen fixes the following issues: - CVE-2024-2201: Mitigation for Native Branch History Injection XSA-456, bsc1222453 - CVE-2023-46842: HVM hypercalls may trigger Xen bug check XSA-454, bsc1221984 - CVE-2024-31142: Fixed incorrect logic for BTC/SRSO mitigations XSA-455, bsc1222302...

Security Bulletin: Vulnerabilities in Samba shipped with IBM OS Image for Red Hat Enterprise Linux System (CVE-2022-32742)

Summary Vulnerabilities have been found in Samba shipped with IBM OS Image for Red Hat Enterprise Linux System Vulnerability Details CVEID:CVE-2022-32742 DESCRIPTION: Samba could allow a remote authenticated attacker to obtain sensitive information, caused by a memory leak when handling SMB1...

Storage variable unstreamed can be artificially inflated

Handle harleythedog Vulnerability details Impact The storage variable unstreamed keeps track of the global amount of deposit token in the contract that have not been streamed yet. This variable is a public variable, and users that read this variable likely want to use its value to determine wheth...

OPENSUSE-SU-2021:0873-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-29650: Fixed an issue with the netfilter subsystem that allowed attackers to cause a denial of service panic because net/netfilter/xtables.c and...

HackerOne: "Bounties paid in the last 90 days" discloses the undisclosed bounty amount in program statistics

Hi Team, Summary: I have found a bypass on this disclosed report: Know undisclosed Bounty Amount when Bounty Statistics are enabled. Description: When a program does not disclose how much bounty is paid to particular report, but if bounty statics is enabled then undisclosed Bounty Amount can be...

Node.js third-party modules: [serve] XSS via HTML tag injection in directory lisiting page

I would like to report HTML injection in serve module. It allows malicious HTML tags injection and execution of arbitrary JS code Module module name: serve version: 9.6.0 npm page: https://www.npmjs.com/package/serve Module Description Assuming you would like to serve a static site, single page...