Improper Verification of Cryptographic Signature

Overview github.com/minio/minio/cmd is an open source object storage server compatible with Amazon S3 APIs. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature for unsigned-trailer uploads. An attacker can upload arbitrary objects to buckets by usi...

SHA-1 collision attacks are not detected

Summary gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. Details gitoxide uses the sha1smol or sha1 crate, both of which implement standard SHA-1 without any mitigations for collision attacks. This means that two distinct G...

PT-2025-14868 · Gitoxide · Gitoxide

Name of the Vulnerable Software and Affected Versions: gitoxide versions prior to 0.42.0 Description: The issue arises from gitoxide's use of SHA-1 hash implementations without collision detection, making it vulnerable to hash collision attacks. This means two distinct Git objects with colliding...

API Platform Core 安全漏洞

API Platform Core is a server component of API Platform open source by API Platform. A security vulnerability exists in API Platform Core versions prior to 4.0.21 that stems from a GraphQL license that may cache different objects...

The vulnerability of the Web Intelligence component of the SAP BusinessObjects Business Intelligence Platform allows a attacker to execute XSS attacks.

The vulnerability of the Web Intelligence component of the SAP BusinessObjects Business Intelligence Platform relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

CVE-2025-1781

There is a XXE in W3CSS Validator versions before cssval-20250226 that allows an attacker to use specially-crafted XML objects to coerce server-side request forgery SSRF. This could be exploited to read arbitrary local files if an attacker has access to exception messages...

Kentico Xperience Authentication Bypass Vulnerability

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from an authentication bypass vulnerability that can be exploited by an attacker to cause control of managed objects...

Kentico Xperience Authentication Bypass Vulnerability (CNVD-2026-05134)

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from an authentication bypass vulnerability that can be exploited by an attacker to cause control of managed objects...

SAP Business Objects Business Intelligence Platform Cross-Site Scripting Vulnerability (CNVD-2025-07541)

SAP Business Objects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from SAP. SAP Business Objects Business Intelligence Platform suffers from a cross-site scripting vulnerability that stems from the application's lack of effective...

SAP Business Objects Business Intelligence Platform Information Disclosure Vulnerability (CNVD-2025-07542)

SAP Business Objects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from SAP. An information disclosure vulnerability exists in SAP Business Objects Business Intelligence Platform, which stems from the application's inadequate...

CVE-2025-23203

Icinga Director is an Icinga config deployment tool. A Security vulnerability has been found starting in version 1.0.0 and prior to 1.10.3 and 1.11.3 on several director endpoints of REST API. To reproduce this vulnerability an authenticated user with permission to access the Director is required...

UBUNTU-CVE-2025-23203

Icinga Director is an Icinga config deployment tool. A Security vulnerability has been found starting in version 1.0.0 and prior to 1.10.4 and 1.11.4 on several director endpoints of REST API. To reproduce this vulnerability an authenticated user with permission to access the Director is required...

BIT-NGINX-INGRESS-CONTROLLER-2025-24513 ingress-nginx controller - auth secret file path traversal vulnerability

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or...

CVE-2025-24513

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or...

CVE-2025-24513

Technical details for CVE-2025-24513 are not provided in the given documents. Monitor for updates and subsequent disclosures to obtain affected products, root cause, impact, and fixes.

CVE-2025-2746

An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server password handling of empty SHA1 usernames in digest authentication. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through...

CVE-2025-2747

An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.1...

Kentico Xperience 安全漏洞

Kentico Xperience is a digital experience platform from Kentico, Inc. A security vulnerability exists in Kentico Xperience version 13.0.172 and earlier, which stems from an authentication bypass that could lead to the control of managed objects...

CVE-2025-30347

Varnish Enterprise before 6.0.13r13 allows remote attackers to obtain sensitive information via an out-of-bounds read for range requests on ephemeral MSE4 stevedore objects...

CVE-2024-7804

A flaw was found in PyTorch. This vulnerability allows an attacker to execute arbitrary code remotely via a maliciously crafted serialized PythonUDF object. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security...