CVE-2025-2747

An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.1...

Kentico Xperience 安全漏洞

Kentico Xperience is a digital experience platform from Kentico, Inc. A security vulnerability exists in Kentico Xperience version 13.0.172 and earlier, which stems from an authentication bypass that could lead to the control of managed objects...

CVE-2025-30347

Varnish Enterprise before 6.0.13r13 allows remote attackers to obtain sensitive information via an out-of-bounds read for range requests on ephemeral MSE4 stevedore objects...

CVE-2024-7804

A flaw was found in PyTorch. This vulnerability allows an attacker to execute arbitrary code remotely via a maliciously crafted serialized PythonUDF object. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security...

Threat landscape for industrial automation systems in Q4 2024

Statistics across all threats In Q4 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 0.1 pp from the previous quarter to 21.9%. Percentage of ICS computers on which malicious objects were blocked, by quarter, 2022–2024 Compared to Q4 2023, the percentage...

CVE-2025-30347

Varnish Enterprise before 6.0.13r13 allows remote attackers to obtain sensitive information via an out-of-bounds read for range requests on ephemeral MSE4 stevedore objects...

CVE-2025-30347

CVE-2025-30347 affects Varnish Enterprise prior to 6.0.13r13. The issue is an out-of-bounds read for range requests on ephemeral MSE4 stevedore objects, enabling remote attackers to obtain sensitive information. The provided sources confirm the affected product/version and the basic impact (infor...

Excessive Data Query Operations in a Large Data Table

Overview aim is a super-easy way to record, search and compare AI experiments. Affected versions of this package are vulnerable to Excessive Data Query Operations in a Large Data Table through the tracking and simultaneous querying of a large number of Text objects via the web API. An attacker ca...

CVE-2024-10096

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2024-7804

This CVE entry is rejected/not used and does not represent an active vulnerability entry.

CVE-2024-7804

...

Aim 安全漏洞

Aim is an easy-to-use and high-performance open source experiment tracker from Aim Open Source USA. A security vulnerability exists in Aim version 3.25.0 that originates when tracking a large number of Text objects and querying them simultaneously via the Web API, which can lead to server...

PT-2025-18445

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak issue has been resolved in the Linux kernel, specifically in the drm/imagination module. The issue occurred when the module was unloaded, causing memory used to hold firmwa...

Insecure Storage of Sensitive Information

Overview Affected versions of this package are vulnerable to Insecure Storage of Sensitive Information where vCenter credentials are stored in plaintext within the ClusterProvision object after provisioning a vSphere cluster. Users with read access to ClusterProvision objects can extract these...

SUSE CVE-2025-25196

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.4 Helm chart openfga-0.2.22, docker v.1.8.4 are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Users on OpenFGA...

Adobe Acrobat Reader DC Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

GHSA-GFH6-3PQW-X2J4 SmallRye Fault Tolerance out-of-memory (OOM) issue

A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory OOM issue. This vulnerability is externally triggered when calling the metrics URI. Every call creates a new object within meterMap and may lead to a denial of service DoS issue...

CVE-2025-23185

Due to improper error handling in SAP Business Objects Business Intelligence Platform, technical details of the application are revealed in exceptions thrown to the user and in stack traces. Only an attacker with administrator level privileges has access to this disclosed information, and they...