7471 matches found
Updated php packages fix security vulnerabilities
Opcache: - Reset global pointers to prevent use-after-free in zendjitstatus. PDO: - Fixed PDO quoting result null deref. Standard: - Fixed Null byte termination in dnsgetrecord - Heap buffer overflow in arraymerge - Information Leak of Memory in getimagesize...
GHSA-4HX9-48XH-5MXR Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization
A flaw was found in the Keycloak LDAP User Federation provider. This vulnerability allows an authenticated realm administrator to trigger deserialization of untrusted Java objects via a malicious LDAP server configuration. Mitigation Disable LDAP referrals in all LDAP user providers in all realms...
Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization
A flaw was found in the Keycloak LDAP User Federation provider. This vulnerability allows an authenticated realm administrator to trigger deserialization of untrusted Java objects via a malicious LDAP server configuration. Mitigation Disable LDAP referrals in all LDAP user providers in all realms...
EUVD-2025-199598
Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization...
PT-2025-52493
pluginsGLPI's Database Inventory Plugin "manages" the Teclib' inventory agents in order to perform an inventory of the databases present on the workstation. Prior to version 1.1.2, in certain conditions database write access must first be obtained through another vulnerability or misconfiguration...
EUVD-2025-204347
An information disclosure vulnerability in Kentico Xperience allows authenticated users to view sensitive system objects through the live site widget properties dialog. Attackers can exploit this vulnerability to access unauthorized system information without proper access controls...
CVE-2019-25230
An information disclosure vulnerability in Kentico Xperience allows authenticated users to view sensitive system objects through the live site widget properties dialog. Attackers can exploit this vulnerability to access unauthorized system information without proper access controls...
CVE-2019-25230
An information disclosure vulnerability in Kentico Xperience allows authenticated users to view sensitive system objects through the live site widget properties dialog. Attackers can exploit this vulnerability to access unauthorized system information without proper access controls...
CVE-2019-25230 Kentico Xperience <= 12.0.0 User Widget Information Disclosure
An information disclosure vulnerability in Kentico Xperience allows authenticated users to view sensitive system objects through the live site widget properties dialog. Attackers can exploit this vulnerability to access unauthorized system information without proper access controls...
Kentico Xperience 安全漏洞
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from an information disclosure vulnerability that originates in the Live Site Part Properties dialog box that could disclose sensitive system objects and can be exploited by an attacker to cause unauthorize...
PT-2025-52296
An information disclosure vulnerability in Kentico Xperience allows authenticated users to view sensitive system objects through the live site widget properties dialog. Attackers can exploit this vulnerability to access unauthorized system information without proper access controls...
CVE-2025-63951
An insecure deserialization vulnerability exists in the rss-mp3.php script of the MiczFlor RPi-Jukebox-RFID project through commit 4b2334f0ae0e87c0568876fc41c48c38aa9a7014 2025-10-07. The 'rss' GET parameter receives data that is passed directly to the unserialize function without validation. Thi...
Improper Validation of Specified Type of Input
Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input due to the improper validation of plugin bot identity. An attacker can cause users to add reactions to arbitrary GitHub objects by sending crafted notification posts. Remediation Upgrade...
CVE-2025-13352 Mattermost GitHub Plugin allows unauthorized GitHub reactions via reaction forwarding hijacking
Mattermost versions 10.11.x = 10.11.6 and Mattermost GitHub plugin versions =2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary GitHub objects via crafted notification posts...
CVE-2025-68199
In the Linux kernel, the following vulnerability has been resolved: codetag: debug: handle existing CODETAGEMPTY in markobjextsempty for slabobjext When allocslabobjexts fails and then later succeeds in allocating a slab extension vector, it calls handlefailedobjextsalloc to mark all objects in t...
CVE-2025-68189 drm/msm: Fix GEM free for imported dma-bufs
In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix GEM free for imported dma-bufs Imported dma-bufs also have obj-resv != &obj-resv. So we should check both this condition in addition to flags for handling the NOSHARE case. Fixes this splat that was reported with IRI...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from improper release of active objects, which could lead to a system crash...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from mishandling of GEM objects imported into dma-bufs, which could lead to memory corruption...
CIS-BA: Continuous Interaction Space Based Backdoor Attack for Object Detection in the Real-World
Object detection models deployed in real-world applications such as autonomous driving face serious threats from backdoor attacks. Despite their practical effectiveness,existing methods are inherently limited in both capability and robustness due to their dependence on single-trigger-single-objec...
BIT-MONGODB-2025-12657 Malformed KMIP response may result in access violation
The KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Later reads of this object can result in read access violations...