CVE-2022-23580

Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, a...

CVE-2021-37684

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementations of pooling in TFLite are vulnerable to division by 0 errors as there are no checks for divisors not being 0. We have patched the issue in GitHub commit...

CVE-2021-21407

Combodo iTop is an open source, web based IT Service Management tool. Prior to version 2.7.4, the CSRF token validation can be bypassed through iTop portal via a tricky browser procedure. The vulnerability is patched in version 2.7.4 and 3.0.0...

CVE-2015-10087

UNSUPPORTED WHEN ASSIGNED A vulnerability has been found in UpThemes Theme DesignFolio Plus 1.2 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit h...

CVE-2019-16768

In affected versions of Sylius, exception messages from internal exceptions like database exception are wrapped by \Symfony\Component\Security\Core\Exception\AuthenticationServiceException and propagated through the system to UI. Therefore, some internal system information may leak and be visible...

CVE-2018-25049

A vulnerability was found in email-existence. It has been rated as problematic. Affected by this issue is some unknown functionality of the file index.js. The manipulation leads to inefficient regular expression complexity. The name of the patch is 0029ba71b6ad0d8ec0baa2ecc6256d038bdd9b56. It is...

CVE-2015-10097

A vulnerability was found in grinnellplans-php up to 3.0. It has been declared as critical. Affected by this vulnerability is the function interfacedisppage/interfacedisppage of the file read.php. The manipulation leads to sql injection. The attack can be launched remotely. The identifier of the...

CVE-2013-10018

A vulnerability was found in fanzila WebFinance 0.5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file htdocs/prospection/savecontact.php. The manipulation of the argument nom/prenom/email/tel/mobile/client/fonction/note leads to sql injectio...

CVE-2025-48063 XWiki Platform Security Authorization Bridge allows users with just edit right can enforce required rights with programming right

XWiki is a generic wiki platform. In XWiki 16.10.0, required rights were introduced as a way to limit which rights a document can have. Part of the security model of required rights is that a user who doesn't have a right also cannot define that right as required right. That way, users who are...

Security update for the Linux Kernel RT (Live Patch 4 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506001014 fixes several issues. The following security issues were fixed: CVE-2024-53042: ipv4: iptunnel: Fix suspicious RCU usage warning in iptunnelinitflow bsc1233678. CVE-2024-53156: wifi: ath9k: add range check for connrspepid in htcconnectservice...

CVE-2025-47934

OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. Startinf in version 5.0.1 and prior to versions 5.11.3 and 6.1.1, a maliciously modified message can be passed to either openpgp.verify or openpgp.decrypt, causing these functions to return a valid signature verification result...

CVE-2025-47782 motionEye vulnerable to RCE in add_camera Function Due to unsafe command execution

motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed camera device path with the add/addcamera motionEye web API allows an attacker with motionEye admin user credentials to execute...

Alibaba Cloud Linux 3 : 0171: java-1.8.0-openjdk (ALINUX3-SA-2022:0171)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0171 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-21619: Vulnerability in the Oracl...

CVE-2025-47271 OZI-Project/ozi-publish Code Injection vulnerability

The OZI action is a GitHub Action that publishes releases to PyPI and mirror releases, signature bundles, and provenance in a tagged release. In versions 1.13.2 through 1.13.5, potentially untrusted data flows into PR creation logic. A malicious actor could construct a branch name that injects...

PT-2025-20803 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver affected versions not specified Description: A critical issue in SAP NetWeaver is being actively exploited by Chinese state-sponsored hackers. Organizations are urged to patch immediately to mitigate the risk. Recommendations: A...

CVE-2023-53122

No description is available for this CVE...

CVE-2023-53122

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2023-53122

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2023-53122

...

CVE-2025-46554

XWiki is a generic wiki platform. In versions starting from 1.8.1 to before 14.10.22, from 15.0-rc-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.7.0, anyone can access the metadata of any attachment in the wiki using the wiki attachment REST endpoint...