147 matches found
CVE-2025-48990 NeKernel has Heap Overflow in `rt_copy_memory`
NeKernal is a free and open-source operating system stack. Version 0.0.2 has a 1-byte heap overflow in rtcopymemory, which unconditionally wrote a null terminator at dstlen. When len equals the size of the destination buffer 256 bytes, that extra '\0' write overruns the buffer by one byte. To avo...
GHSA-69RH-HCCR-CXRJ Laravel Rest Api has a Search Validation Bypass
A validation bypass vulnerability was discovered prior to version 2.13.0, where multiple validations defined for the same attribute could be silently overridden. Due to how the framework merged validation rules across multiple contexts such as index, store, and update actions, malicious actors...
Laravel Rest Api has a Search Validation Bypass
A validation bypass vulnerability was discovered prior to version 2.13.0, where multiple validations defined for the same attribute could be silently overridden. Due to how the framework merged validation rules across multiple contexts such as index, store, and update actions, malicious actors...
CVE-2024-46978
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible for any user knowing the ID of a notification filter preference of another user, to enable/disable it or even delete it. The impact is that the target user might start loosing...
CVE-2022-39352
OpenFGA is a high-performance authorization/permission engine inspired by Google Zanzibar. Versions prior to 0.2.5 are vulnerable to authorization bypass under certain conditions. You are affected by this vulnerability if you added a tuple with a wildcard assigned to a tupleset relation the right...
CVE-2018-15804
An issue was discovered in the MapR File System in MapR Converged Data Platform and MapR-XD 6.x and earlier. Under certain conditions, it is possible for MapR ticket credentials to become compromised, allowing a user to escalate their privileges to act as aka impersonate any other user, including...
CVE-2011-10003
A vulnerability was found in XpressEngine up to 1.4.4. It has been rated as critical. This issue affects some unknown processing of the component Update Query Handler. The manipulation leads to sql injection. Upgrading to version 1.4.5 is able to address this issue. The patch is named...
CVE-2015-10039
A vulnerability was found in dobos domino. It has been rated as critical. Affected by this issue is some unknown functionality in the library src/Complex.Domino.Lib/Lib/EntityFactory.cs. The manipulation leads to sql injection. Upgrading to version 0.1.5524.38553 is able to address this issue. Th...
CVE-2025-37890 net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc
In the Linux kernel, the following vulnerability has been resolved: netsched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report 1, we have a UAF case when an hfsc class has a netem child qdisc. The crux of the issue is that hfsc is assuming that...
PT-2025-25828
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved. The issue was related to the debugfs summary output accessing uninitialized elements in the freq in and signal out arrays, causing...
Microsoft Windows Multiple Vulnerabilities (KB5058392)
This host is missing an important security update according to Microsoft KB5058392 SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...
ALSA-2025:7417 Important: gimp security update
The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. Security Fixes: gimp: dds buffe...
CVE-2023-53057
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix global-out-of-bounds To loop a variable-length array, hciinitstagesyncstage considers that stagei is valid as long as stagei-1.func is valid. Thus, the last element of stage.func should be intentionally invali...
CVE-2022-49762
CVE-2022-49762: In the Linux kernel, ntfs_attr_find() can overflow when iterating ATTR_RECORDs in MFT records, due to adding le32_to_cpu(a->length) to the current pointer and wrapping on 32‑bit systems. A patch adds bounds checks when computing the end address of the current ATTR_RECORD to pre...
PT-2025-18582
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, which was related to an information leak when sending a struct ifaddrlblmsg to the network. The issue occurred because the ifal...
CVE-2025-46331
OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.10 to v1.3.6 Helm chart = openfga-0.2.28, docker = v.1.8.10 are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Th...
CVE-2025-32971
XWiki is a generic wiki platform. In versions starting from 4.5.1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the Solr script service doesn't take dropped programming rights into account. The Solr script service that is accessible in XWiki's...
CISA Adds Actively Exploited Broadcom and Commvault Flaws to KEV Database
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added two high-severity security flaws impacting Broadcom Brocade Fabric OS and Commvault Web Server to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation in the wild. The vulnerabilities...
GHSA-8H6M-WV39-239M Rancher users who can create Projects can gain access to arbitrary projects
Impact A vulnerability has been identified within Rancher where a user with the ability to create a project, on a certain cluster, can create a project with the same name as an existing project in a different cluster. This results in the user gaining access to the other project in the different...
CVE-2025-32964 ManageWiki vulnerable to permission bypass when disabling extensions requiring certain permissions in Special:ManageWiki/extensions
ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 00bebea, when enabling a conflicting extension, a restricted extension would be automatically disabled even if the user did not hold the ManageWiki-restricted right. This issue has been patched in commit 00bebea. ...