CVE-2023-6195

CVE-2023-6195 is a GitLab SSRF issue in GitLab CE/EE affecting all versions from 15.5 before 16.9.7, 16.10 before 16.10.5, and 16.11 before 16.11.2. The root cause is a Server-Side Request Forgery triggered when an attacker supplies a malicious URL in the markdown image value during GitHub reposi...

CVE-2024-45338 affecting package node-problem-detector for versions less than 0.8.15-3

CVE-2024-45338 affecting package node-problem-detector for versions less than 0.8.15-3. A patched version of the package is available...

CVE-2021-3978

CVE-2021-3978 affects Cloudflare CFRPKI’s octorpki. The root cause is that copying files with rsync uses the “-a” flag 0, causing binaries with the SUID bit to be copied as root. The service definition defaults to root, creating a potential local privilege escalation vector if a malicious TAL fil...

CVE-2024-57965

In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute'href',href call. NOTE: some parties feel that the code change only addresses a warning message from a SAST tool and does not fix a vulnerability...

CVE-2018-9378

CVE-2018-9378 affects Android Pixel/Nexus devices via BnAudioPolicyService::onTransact in IAudioPolicyService.cpp. The issue is information disclosure caused by uninitialized data, enabling local information leakage without extra execution privileges and without user interaction. The documentatio...

CVE-2024-13509

CVE-2024-13509 affects the WS Form LITE (and WS Form Pro) WordPress plugin. It is an unauthenticated Stored Cross-Site Scripting flaw in the url parameter present in all versions up to 1.10.13. The issue arises from insufficient input sanitization and output escaping, allowing an attacker to inje...

SUSE-SU-2025:0252-1 Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005552 fixes several issues. The following security issues were fixed: - CVE-2024-41057: cachefiles: fix slab-use-after-free in cachefileswithdrawcookie bsc1229275. - CVE-2024-36971: Fixed dstnegativeadvice race bsc1226324. - CVE-2024-50264:...

CVE-2024-31906

IBM Automation Decision Services 23.0.2 contains an information-disclosure vulnerability where web pages can be stored locally and read by another user on the same system. Affected product/version: IBM Automation Decision Services 23.0.2. Root cause: storage of web content locally enabling access...

CVE-2025-0703 JoeyBling bootplus SysFileController.java path traversal

A vulnerability, which was classified as problematic, has been found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. This issue affects some unknown processing of the file src/main/java/io/github/controller/SysFileController.java. The manipulation of the argument name leads ...

CVE-2019-15690

LibVNCServer up to version 0.9.12 contains a HandleCursorShape integer/heap-based overflow in libvncclient/cursor.c triggered by oversized cursor dimensions, potentially enabling remote code execution. The CVE-2019-15690 vulnerability affects LibVNCServer 0.9.12 and earlier; multiple connected so...

CVE-2019-15690

LibVNCServer 0.9.12 release and earlier contains heap buffer overflow vulnerability within the HandleCursorShape function in libvncclient/cursor.c. An attacker sends cursor shapes with specially crafted dimensions, which can result in remote code execution...

PT-2025-8795

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A synchronization issue in the Linux kernel's md-bitmap component can cause a general protection fault, leading to a kernel crash. The problem occurs when the bitmap get stats function i...

CVE-2025-23834 WordPress Links/Problem Reporter plugin <= 2.6.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RaminMT Links/Problem Reporter report-broken-links allows Reflected XSS.This issue affects Links/Problem Reporter: from n/a through = 2.6.0...

CVE-2025-23834 WordPress Links/Problem Reporter plugin <= 2.6.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RaminMT Links/Problem Reporter report-broken-links allows Reflected XSS.This issue affects Links/Problem Reporter: from n/a through = 2.6.0...

WordPress plugin Links/Problem Reporter 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2025-5131 · Unknown · Notfound Links/Problem Reporter

Name of the Vulnerable Software and Affected Versions: NotFound Links/Problem Reporter versions prior to 2.6.0 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows Reflected XSS. This enables attackers...

SharePoint and OneDrive Items May Not Be Displayed

Article Applicability The solution provided in this article requires Veeam Backup for Microsoft 365 8.1 or higher. The issue discussed in this article only occurs under particular circumstances. Review the Cause section closely. This article is marked as related to Veeam Backup for Microsoft 365 ...

PT-2025-9007

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel's hrtimers infrastructure allows wakeups to be performed by an outgoing CPU after the CPUHP AP HRTIMERS DYING stage, potentially resulting in bandwidt...

CVE-2018-9405

CVE-2018-9405 describes a potential out-of-bounds write in BnDmAgent::onTransact (dm_agent.cpp) due to a missing bounds check, enabling local privilege escalation to System level without user interaction. Affected context shown in multiple sources (Android Pixel/Nexus bulletin references and vend...

CVE-2018-9401

CVE-2018-9401 describes a kernel memory access vulnerability in user space caused by an incorrect bounds check, enabling local privilege escalation without extra execution privileges and with no user interaction. Connected documents indicate this CVE is associated with Google Pixel/Nexus devices ...