CVE-2019-25230

An information disclosure vulnerability in Kentico Xperience allows authenticated users to view sensitive system objects through the live site widget properties dialog. Attackers can exploit this vulnerability to access unauthorized system information without proper access controls...

CVE-2019-25230

An information disclosure vulnerability in Kentico Xperience allows authenticated users to view sensitive system objects through the live site widget properties dialog. Attackers can exploit this vulnerability to access unauthorized system information without proper access controls...

CVE-2019-25230 Kentico Xperience <= 12.0.0 User Widget Information Disclosure

An information disclosure vulnerability in Kentico Xperience allows authenticated users to view sensitive system objects through the live site widget properties dialog. Attackers can exploit this vulnerability to access unauthorized system information without proper access controls...

Kentico Xperience 安全漏洞

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from an information disclosure vulnerability that originates in the Live Site Part Properties dialog box that could disclose sensitive system objects and can be exploited by an attacker to cause unauthorize...

PT-2025-52296

An information disclosure vulnerability in Kentico Xperience allows authenticated users to view sensitive system objects through the live site widget properties dialog. Attackers can exploit this vulnerability to access unauthorized system information without proper access controls...

CVE-2025-63951

An insecure deserialization vulnerability exists in the rss-mp3.php script of the MiczFlor RPi-Jukebox-RFID project through commit 4b2334f0ae0e87c0568876fc41c48c38aa9a7014 2025-10-07. The 'rss' GET parameter receives data that is passed directly to the unserialize function without validation. Thi...

Improper Validation of Specified Type of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input due to the improper validation of plugin bot identity. An attacker can cause users to add reactions to arbitrary GitHub objects by sending crafted notification posts. Remediation Upgrade...

CVE-2025-13352 Mattermost GitHub Plugin allows unauthorized GitHub reactions via reaction forwarding hijacking

Mattermost versions 10.11.x = 10.11.6 and Mattermost GitHub plugin versions =2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary GitHub objects via crafted notification posts...

CVE-2025-68199

In the Linux kernel, the following vulnerability has been resolved: codetag: debug: handle existing CODETAGEMPTY in markobjextsempty for slabobjext When allocslabobjexts fails and then later succeeds in allocating a slab extension vector, it calls handlefailedobjextsalloc to mark all objects in t...

CVE-2025-68189 drm/msm: Fix GEM free for imported dma-bufs

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix GEM free for imported dma-bufs Imported dma-bufs also have obj-resv != &obj-resv. So we should check both this condition in addition to flags for handling the NOSHARE case. Fixes this splat that was reported with IRI...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from improper release of active objects, which could lead to a system crash...

CIS-BA: Continuous Interaction Space Based Backdoor Attack for Object Detection in the Real-World

Object detection models deployed in real-world applications such as autonomous driving face serious threats from backdoor attacks. Despite their practical effectiveness,existing methods are inherently limited in both capability and robustness due to their dependence on single-trigger-single-objec...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from mishandling of GEM objects imported into dma-bufs, which could lead to memory corruption...

BIT-MONGODB-2025-12657 Malformed KMIP response may result in access violation

The KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Later reads of this object can result in read access violations...

CVE-2025-67508

gardenctl is a command-line client for the Gardener which configures access to clusters and cloud provider CLI tools. When using non‑POSIX shells such as Fish and PowerShell, versions 2.11.0 and below of gardenctl allow an attacker with administrative privileges for a Gardener project to craft...

openSUSE 16 Security Update : python-Django (openSUSE-SU-2025-20153-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025-20153-1 advisory. - CVE-2025-64459: Fixed a potential SQL injection via connector keyword argument in QuerySet and Q objects bsc1252926 -...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the Objects module. An authenticated attacker with Instance Administrator privileges can execute arbitrary code by submitting specially crafted Groovy scripts through Object Actions or Validations. Remediation...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the Objects module. An authenticated attacker with Instance Administrator privileges can execute arbitrary code by submitting specially crafted Groovy scripts through Object Actions or Validations. Remediation...

Prototype Pollution

Overview org.webjars.npm:vuetify is an a Material Design component framework for Vue.js. Affected versions of this package are vulnerable to Prototype Pollution via the mergeDeep function used to merge preset options with defaults. An attacker can inject arbitrary properties into all JavaScript...

CVE-2025-67508 gardenctl is vulnerable to Command Injection when used with non‑POSIX shells

gardenctl is a command-line client for the Gardener which configures access to clusters and cloud provider CLI tools. When using non‑POSIX shells such as Fish and PowerShell, versions 2.11.0 and below of gardenctl allow an attacker with administrative privileges for a Gardener project to craft...