CVE-2024-6960

The H2O machine learning platform uses "Iced" classes as the primary means of moving Java Objects around the cluster. The Iced format supports inclusion of serialized Java objects. When a model is deserialized, any class is allowed to be deserialized no class whitelist. An attacker can construct ...

CVE-2024-28165

SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to manipulate a parameter in the Opendocument URL which could lead to high impact on Confidentiality and Integrity of the application...

Improper Access Control

github.com/kubewarden/kubewarden-controller is vulnerable to Improper Access Control. The vulnerability is due to insufficient restrictions on AdmissionPolicy and AdmissionPolicyGroup, allowing attackers to manipulate or block PolicyReport objects, leading to compliance data tampering or evasion...

CVE-2024-13662 eHive Objects Image Grid <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The eHive Objects Image Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ehiveobjectsimagegrid' shortcode in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-13662 eHive Objects Image Grid <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The eHive Objects Image Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ehiveobjectsimagegrid' shortcode in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-13662

CVE-2024-13662 describes an authenticated Stored Cross-Site Scripting vulnerability in the WordPress plugin eHive Objects Image Grid (versions up to and including 2.4.1). The issue arises from insufficient input sanitization and output escaping in the shortcode ehive_objects_image_grid , allowing...

Unauthorized Rule Injection

ArgoCD is vulnerable to unauthorized rule injection. The vulnerability is due to improper namespace isolation, as the openshift.io/cluster-monitoring label is automatically applied to all namespaces deploying an ArgoCD CR instance, allowing them to create unauthorized PrometheusRule objects...

PT-2025-2239 · WordPress · Ehive Objects Image Grid

Name of the Vulnerable Software and Affected Versions: eHive Objects Image Grid plugin for WordPress versions up to, and including, 2.4.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'ehive objects image grid' shortcode due to insufficient input sanitization a...

CVE-2025-24376

kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. By design, AdmissionPolicy and AdmissionPolicyGroup can evaluate only namespaced resources. The resources to be evaluated are determined by the rules provided by the user when...

CVE-2025-24376 The kubewarden-controller AdmissionPolicy and AdmissionPolicyGroup policies can be used to alter PolicyReport resources

kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. By design, AdmissionPolicy and AdmissionPolicyGroup can evaluate only namespaced resources. The resources to be evaluated are determined by the rules provided by the user when...

Windows Bug Class: Accessing Trapped COM Objects with IDispatch

Posted by James Forshaw, Google Project Zero Object orientated remoting technologies such as DCOM and .NET Remoting make it very easy to develop an object-orientated interface to a service which can cross process and security boundaries. This is because they're designed to support a wide range of...

Prototype Pollution

Overview org.webjars:redoc is an OpenAPI/Swagger-generated API Reference Documentation. Affected versions of this package are vulnerable to Prototype Pollution via the mergeObjects method in utils/helpers.ts due to improper user input sanitization. PoC js async = const lib = await import'redoc';...

Prototype Pollution

Overview org.webjars.bower:redoc is an OpenAPI/Swagger-generated API Reference Documentation. Affected versions of this package are vulnerable to Prototype Pollution via the mergeObjects method in utils/helpers.ts due to improper user input sanitization. PoC js async = const lib = await...

CVE-2024-37526

IBM Watson Query on Cloud Pak for Data IBM Data Virtualization 1.8, 2.0, 2.1, 2.2, and 3.0.0 could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism...

IBM Watson Query 安全漏洞

IBM Watson Query is a general purpose query engine from International Business Machines IBM. It can perform distributed and virtualized queries across databases, data warehouses, data lakes, and streaming data without additional manual changes, data movement, or replication. A security...

OESA-2025-1079 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: ext4: don't set SBRDONLY after filesystem errors When the filesystem is mounted with errors=remount-ro, we were setting SBRDONLY flag to stop all filesystem...

MacOS CoreAudio Framework Sandbox Escape

MacOS suffers from a sandbox escape vulnerability due to a type confusion issue in coreaudiod/CoreAudio Framework. The com.apple.audio.audiohald Mach service on MacOS is hosted by the coreaudiod process. This process exposes the Hardware Abstraction Layer HAL of the CoreAudio framework, which...

CVE-2025-21563

Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft component: Run Control Management. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

Oracle PeopleSoft Enterprise CC Common Application Objects 安全漏洞

Oracle PeopleSoft Enterprise CC Common Application Objects is a Common Application Objects component from Oracle Corporation USA. A security vulnerability exists in Oracle PeopleSoft Enterprise CC Common Application Objects version 9.2. An attacker could exploit the vulnerability to update, inser...

Oracle PeopleSoft 安全漏洞

Oracle PeopleSoft is a suite of enterprise human capital management solutions from Oracle Corporation USA. The product provides human capital management, financial management, supplier relationship management, and other capabilities. A security vulnerability exists in Oracle PeopleSoft's PeopleSo...