CVE-2025-5506

A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been classified as problematic. Affected is an unknown function of the component NAT Mapping Page. The manipulation of the argument Comment leads to cross site scripting. It is possible to launch the attack remotely. The...

Newly published App-V applications are not visible to end users

After most recent upgrade of Web Studio users are not able to see newly published App-V packages/applications. This issue affects only newly published App-V applications...

CVE-2025-5508

A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been rated as problematic. Affected by this issue is some unknown functionality of the component IP Port Filtering Page. The manipulation of the argument Comment leads to cross site scripting. The attack may be launched...

Tarallo: Evading Behavioral Malware Detectors in the Problem Space

Machine learning algorithms can effectively classify malware through dynamic behavior but are susceptible to adversarial attacks. Existing attacks, however, often fail to find an effective solution in both the feature and problem spaces. This issue arises from not addressing the intrinsic...

CVE-2025-1235 WAGO: Switches affected by year 2k38 problem

A low privileged attacker can set the date of the devices to the 19th of January 2038 an therefore exceed the 32-Bit time limit. This causes the date of the switch to be set back to January 1st, 1970...

CVE-2025-37999 fs/erofs/fileio: call erofs_onlinefolio_split() after bio_add_folio()

In the Linux kernel, the following vulnerability has been resolved: fs/erofs/fileio: call erofsonlinefoliosplit after bioaddfolio If bioaddfolio fails because it is full, erofsfileioscanfolio needs to submit the I/O request via erofsfileiorqsubmit and allocate a new I/O request with an empty stru...

FIDO2 Authentication Does Not Work With Webpages Opened Using Microsoft Edge

Users are not able to Authenticate to a website that requires FIDO2 Authentication using a Yubikey when using Edge on VDA Devices. The users are constantly prompted to select a Smartcard device. The same users are able to Authenticate onto the same website using Chrome or Firefox inside the same...

Cloud Netscaler console security advisory scan stuck on In Progress

Trying to run the security advisory scan from cloud.com but the scan and it looks like the previous three scans are not completing, It is stuck on "In Progress."...

PT-2025-23043 · Arista · Arista Eos

Name of the Vulnerable Software and Affected Versions: Arista EOS affected versions not specified Description: On affected platforms running Arista EOS, ACL policies may not be enforced. This issue affects IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more...

[NetScaler] Disabled Interface Tx Laser Remains On After Reboot on MPX

You may observe that when an interface on a NetScaler MPX is disabled, and a user subsequently performs a reboot, the transmit Tx laser for that interface might not power off as intended. This can lead to the peer switch detecting the NetScaler's disabled interface as still being UP...

NetScaler Console -14.1 43.50: Scheduled 2 stage upgrade fails for NetScaler in HA.

Upgrade Jobs fails for NetScaler when we configure scheduled 2 stage upgrade process from NetScaler Console. The jobs seem to create several subtasks that are failing. It completes upgrade on 1 NetScaler but does not upgrade the second one. This happens after upgrading the NetScaler Console to...

MGASA-2025-0159 Updated chromium-browser-stable packages fix security vulnerabilities

Heap buffer overflow in HTML. CVE-2025-4096 Out of bounds memory access in DevTools. CVE-2025-4050 Insufficient data validation in DevTools. CVE-2025-4051 Inappropriate implementation in DevTools. CVE-2025-4052 Use after free in WebAudio. CVE-2025-4372 Insufficient policy enforcement in Loader...

CVE-2024-3613

A vulnerability was found in SourceCodester Warehouse Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file supplier.php. The manipulation of the argument namasupplier/alamatsupplier/notelpsupplier leads to cross site scripting...

CVE-2024-6329

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which causes the web interface to fail to render the diff correctly when the path is encoded...

CVE-2024-6183

A vulnerability classified as problematic has been found in EZ-Suite EZ-Partner 5. Affected is an unknown function of the component Forgot Password Handler. The manipulation leads to basic cross site scripting. It is possible to launch the attack remotely. VDB-269154 is the identifier assigned to...

CVE-2024-6520

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom error message in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes ...

CVE-2023-31854

std::badalloc is mishandled in Precomp 0.4.8. NOTE: this is disputed because it should be categorized as a usability problem...

CVE-2023-50448

In ActiveAdmin aka Active Admin before 2.12.0, a concurrency issue allows a malicious actor to access potentially private data that belongs to another user by making CSV export requests at certain specific times...

CVE-2023-45083

An Improper Privilege Management vulnerability exists in HyperCloud that will impact the ability for a user to authenticate against the management plane. An authenticated admin-level user may be able to delete the "admin" or "serveradmin" users, which prevents authentication from subsequently...

CVE-2023-46051

TeX Live 944e257 allows a NULL pointer dereference in texk/web2c/pdftexdir/tounicode.c. NOTE: this is disputed because it should be categorized as a usability problem...