259 matches found
CVE-2025-32973 org.xwiki.platform:xwiki-platform-component-wiki provides no warning when granting XWiki.ComponentClass programming right
XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, when a user with programming rights edits a document in XWiki that was last edited by a user without programming rights and...
CVE-2025-4036
creationtimestamp| type| source ---|---|--- 2025-04-28 20:11:11+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/13726 2025-04-28 23:45:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lnvx5vaqci2h 2025-04-29 00:06:28+00:00| seen|...
CVE-2024-12706
creationtimestamp| type| source ---|---|--- 2025-04-28 18:11:00+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/13719 2025-04-28 21:45:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lnvqh4moq42v 2025-04-28 22:25:59+00:00| seen| https://t.me/cvedetector/23940...
CVE-2025-2903
An attacker with knowledge of creating user accounts during VM deployment on Google Cloud Platform GCP using the OS Login feature, can login via SSH gaining command-line control of the operating system. This allows an attacker to gain access to sensitive data stored on the VM, install malicious...
CVE-2025-3698
creationtimestamp| type| source ---|---|--- 2025-04-16 02:55:43+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/11982 2025-04-16 06:48:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmvyq76czu2a 2025-04-16 07:40:00+00:00| seen| https://t.me/cvedetector/23044...
CVE-2025-31580
creationtimestamp| type| source ---|---|--- 2025-04-01 22:57:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3llrxuf5ojr2s 2025-04-01 23:56:03+00:00| seen| https://t.me/cvedetector/21809...
The vulnerability of the org.xwiki.platform:xwiki-platform-security-authorization-api component of the XWiki Platform, a platform for creating collaborative web applications. This vulnerability allows an attacker to gain unauthorized access to protected information.
The vulnerability of the org.xwiki.platform:xwiki-platform-security-authorization-api component of the XWiki Platform lies in the insecure management of privileges. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
CVE-2025-29925
XWiki Platform REST API vulnerability CVE-2025-29925: the /rest/wikis/[wikiName]/pages endpoint could disclose information about protected/private pages to unauthenticated users before fixes. The issue occurs because the endpoint listed pages even when the user had no view rights, notably when th...
CVE-2025-26707
creationtimestamp| type| source ---|---|--- 2025-03-11 07:35:35+00:00| seen| https://t.me/cvedetector/20032 2025-03-11 08:00:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lk3lxtq7qd2l...
GHSA-63CR-XG3F-8JVR Leantime allows Stored Cross-Site Scripting (XSS)
Summary Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application. Details A Stored Cross-Site Scripting XSS vulnerability was found that could potentially compromise user data and pose a...
CVE-2025-1127
creationtimestamp| type| source ---|---|--- 2025-02-13 18:52:33+00:00| seen| https://infosec.exchange/users/cve/statuses/113998086368947353 2025-02-13 19:16:11+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3li3flzjmfv2a 2025-02-13 20:34:57+00:00| seen|...
CVE-2022-31166
XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Starting in versions 11.3.7, 11.0.3, and 12.0RC1, it is possible to exploit a bug in XWikiRights resolution of groups to obtain privilege escalation. More specifically, editing a right with the object editor...
CVE-2025-23681
creationtimestamp| type| source ---|---|--- 2025-01-22 15:19:59+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgdo5h3jiw2f...
CVE-2024-56604
creationtimestamp| type| source ---|---|--- 2024-12-27 15:18:02+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lecbvshtvv2f 2025-12-03 14:14:49+00:00| seen| https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8 2026-03-19 00:00:00+00:00| seen|...
USN-7159-4: Linux kernel (IoT) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - S390 architecture; - x86 architecture; - Power management core; - GPU...
The vulnerability of the loader for AMD Platform Security Processor processors allows a hacker to execute arbitrary code.
The vulnerability of the loader for AMD Platform Security Processor processors involves incorrect checking of the range in the object header. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
CVE-2024-55663 XWiki Platform has an SQL injection in getdocuments.vm with sort parameter
XWiki Platform is a generic wiki platform. Starting in version 6.3-milestone-2 and prior to versions 13.10.5 and 14.3-rc-1, in getdocument.vm; the ordering of the returned documents is defined from an unsanitized request parameter request.sort and can allow any user to inject HQL. Depending on th...
Linaro Trusted Firmware-M 安全漏洞
Linaro Trusted Firmware-M Tf-M is a reference implementation of the Platform Security Architecture Psa IoT security framework from Linaro, UK. A security vulnerability exists in Linaro Trusted Firmware-M version 2.1.0, which stems from not validating user-supplied pointers to invec and outvec...
CVE-2024-46083
Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting XSS. An authenticated user can craft malicious payloads using the messages feature, which allows the injection of malicious code into any user's account on the platform. It is important to note that regular users can trigger...
RHSA-2022:8850 Red Hat Security Advisory: Red Hat OpenStack Platform 16.2.4 (python-ujson) security update
Bulletin has no description...