54847 matches found
Mini site - Moderately critical - Cross-Site Scripting - SA-CONTRIB-2025-117
This module allows uploading a zip file and extracting its content in the public file directory to serve this content from a Drupal website. These zip files may contain arbitrary HTML or SVG content that could allow cross-site scripting vulnerabilities. While this is an expected feature, the modu...
Tagify - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-121
This module enables you to use the Tagify library to enhance text input fields with tag-style UI elements. The module does not sufficiently sanitize the infoLabel value under certain configurations, which can result in a cross-site scripting XSS vulnerability. This vulnerability is mitigated by t...
Security advisory: Improper validation of tag size in Text component parser in Qt declarative module impacts Qt
Improper Validation of Specified Quantity in Input vulnerability in Text component parser of the Qt declarative module has been discovered and has been assigned the CVE id CVE-2025-12385 Affected versions: From Qt 5.0.0 to 6.5.10 and from 6.6.0 to 6.8.5 and from 6.9.0 to 6.10.0 Impact: Allocation...
Huawei HarmonyOS Privilege Control Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in Huawei HarmonyOS, which stems from improper privilege control of the memory management module and can be exploite...
Huawei HarmonyOS/EMUI Privilege Control Vulnerability (CNVD-2026-00138)
Huawei HarmonyOS is Huawei's self-developed distributed operating system, designed for cell phones, tablets, smart homes and other full-scene devices to achieve seamless cross-device collaboration. Huawei EMUI is Huawei's deeply customized mobile operating system based on Android. A privilege...
Huawei HarmonyOS file management module privilege control vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in the Huawei HarmonyOS file management module, which can be exploited by an attacker to compromise service...
Huawei HarmonyOS screen recording framework module memory misreference vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A memory misreference vulnerability exists in the Huawei HarmonyOS screen recording framework module, which can be exploited by attackers to affect...
Huawei HarmonyOS Privilege Control Vulnerability (CNVD-2025-30300)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in Huawei HarmonyOS, which stems from improper privilege control of the printing module and can be exploited by an...
Huawei HarmonyOS Privilege Control Vulnerability (CNVD-2025-30296)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in Huawei HarmonyOS, which stems from improper privilege control of the boot recovery module, and can be exploited b...
Huawei HarmonyOS Privilege Control Vulnerability (CNVD-2025-30295)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in Huawei HarmonyOS, which stems from improper privilege control of the Wi-Fi module and can be exploited by an...
Huawei HarmonyOS App Lock Module Privilege Control Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in the Huawei HarmonyOS App Lock module, which can be exploited by attackers to affect availability...
Huawei HarmonyOS Security Checks for Improper Standards Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from an Improper Security Check Criteria vulnerability that originates from an improper security check criterion for the call module...
Huawei HarmonyOS Privilege Control Vulnerability (CNVD-2025-30302)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in Huawei HarmonyOS, which stems from improper privilege control of the Notepad module, and can be exploited by an...
EUVD-2025-200289
Singluarity ineffectively applies selinux / apparmor LSM process labels...
GHSA-WWRX-W7C9-RF87 Singluarity ineffectively applies selinux / apparmor LSM process labels
Impact Native Mode default Singularity's default native runtime allows users to apply restrictions to container processes using the apparmor or selinux Linux Security Modules LSMs, via the --security selinux: or --security apparmor: flags. LSM labels are written to process or thread attrs/exec...
EUVD-2025-200115
vLLM vulnerable to remote code execution via transformersutils/getconfig...
CVE-2025-64750 Singluarity ineffectively applies of selinux / apparmor LSM process labels
SingularityCE and SingularityPRO are open source container platforms. Prior to SingularityCE 4.3.5 and SingularityPRO 4.1.11 and 4.3.5, if a user relies on LSM restrictions to prevent malicious operations then, under certain circumstances, an attacker can redirect the LSM label write operation so...
CVE-2025-64750 Singluarity ineffectively applies of selinux / apparmor LSM process labels
SingularityCE and SingularityPRO are open source container platforms. Prior to SingularityCE 4.3.5 and SingularityPRO 4.1.11 and 4.3.5, if a user relies on LSM restrictions to prevent malicious operations then, under certain circumstances, an attacker can redirect the LSM label write operation so...
CVE-2025-64750
CVE-2025-64750 affects SingularityCE before 4.3.5 and SingularityPRO before 4.1.11 and 4.3.5. The issue arises when a user relies on LSM restrictions to prevent malicious operations; under certain conditions an attacker can redirect the LSM label write operation to be ineffective. Exploitation re...
CVE-2025-59705
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a Physically Proximate Attacker to Escalate Privileges by enabling the USB interface through chassis probe insertion during system boot, aka "Unauthorized Reactivation of the USB interface" or F01...