6715 matches found
WordPress plugin Social Reviews Recommendations 跨站脚本漏洞
...
Security Bulletin: Apache Tomcat Improper Resource Shutdown Enables Made You Reset Attack, affects watsonx.data
Summary Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: tomcat (UTSA-2025-991028)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991028 advisory. Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses cxf-core-3.6.5.jar which is vulnerable to CVE-2025-48795.
Summary IBM Maximo Application Suite - Monitor Component uses cxf-core-3.6.5.jar which is vulnerable to CVE-2025-48795. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-48795 DESCRIPTION: Apache CXF stores large stream based...
TencentOS Server 3: tomcat (TSSA-2025:0225)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0225 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
EUVD-2025-48942
AWS Advanced Python Wrapper: Privilege Escalation in Aurora PostgreSQL instance...
File Inclusion tar-fs Dependency in Confluence Data Center and Server
This High severity File Inclusion vulnerability known as CVE-2024-12905 was introduced in 7.19 of Confluence Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N allows an unauthenticated attacker to expose assets in...
An In-Depth Systematic Analysis of the Security, Usability, and Automation Capabilities of Password Update Processes on Top-Ranked Websites
Password updates are a critical account security measure and an essential part of the password lifecycle. Service providers and common security recommendations advise users to update their passwords in response to incidents or as a critical cyber hygiene measure. However, password update processe...
PT-2025-46649
Name of the Vulnerable Software and Affected Versions TYPO3 Extension "Modules" versions prior to 4.3.11 TYPO3 Extension "Modules" versions 5.0.0 through 5.7.3 TYPO3 Extension "Modules" versions 6.0.0 through 6.4.1 TYPO3 Extension "Modules" versions 7.0.0 through 7.5.4 Description An improper...
PT-2025-46231
Name of the Vulnerable Software and Affected Versions SQL Anywhere Monitor Non-GUI version 17.0 versions prior to SAP Note 3666261 Description The SQL Anywhere Monitor Non-GUI contains hard-coded credentials within its code. This allows unintended users access to resources and functionality,...
PT-2025-46209
Name of the Vulnerable Software and Affected Versions Langfuse versions 2.70.0 through 2.95.10 Langfuse versions 3.0.0 through 3.124.0 Description Langfuse is a large language model engineering platform. In certain project membership APIs, the server improperly trusted a user-controlled orgId and...
Amazon Linux 2 : tomcat, --advisory ALAS2TOMCAT9-2025-023 (ALASTOMCAT9-2025-023)
The version of tomcat installed on the remote host is prior to 9.0.110-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT9-2025-023 advisory. Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the...
RAG-Targeted Adversarial Attack on LLM-Based Threat Detection and Mitigation Framework
The rapid expansion of the Internet of Things IoT is reshaping communication and operational practices across industries, but it also broadens the attack surface and increases susceptibility to security breaches. Artificial Intelligence has become a valuable solution in securing IoT networks, wit...
PT-2025-44561
Name of the Vulnerable Software and Affected Versions UniFi Talk Touch versions 1.21.16 and earlier UniFi Talk Touch Max versions 2.21.22 and earlier UniFi Talk G3 Phones versions 3.21.26 and earlier Description An issue was identified in certain UniFi Talk devices where internal debugging...
Exploit for CVE-2025-46183
Vulnerability Disclosures Public reports of identified vulner...
JLSEC-2025-184 libgit2 is a cross-platform, linkable library implementation of Git
libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...
CVE-2025-61672
Synapse is an open source Matrix homeserver implementation. Lack of validation for device keys in Synapse before 1.138.3 and in Synapse 1.139.0 allow an attacker registered on the victim homeserver to degrade federation functionality, unpredictably breaking outbound federation to other homeserver...
Security Bulletin: The following vulnerabilities that can affect IBM Storage Scale and the Management GUI are now included (CVE-2025-48976)
Summary The following vulnerabilities, which can affect IBM Storage Scale and the Management GUI and could provide weaker-than-expected security, are now fixed in Storage Scale 5.1.9.12 and 5.2.3.3 or higher CVE-2025-48976. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of...
Improper Validation of Specified Type of Input
Overview matrix-synapse is an ecosystem for open federated Instant Messaging and VoIP. Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input due to insufficient validation of device keys. An attacker can disrupt federation functionality and unpredictab...
CVE-2025-61672
CVE-2025-61672 affects the Synapse Matrix homeserver. The issue is caused by lack of validation for device keys in Synapse before 1.138.3 and in 1.139.0, enabling an attacker registered on the victim homeserver to degrade federation functionality and unpredictably break outbound federation to oth...