CVE-2025-52639 HCL Connections is vulnerable to sensitive information disclosure

HCL Connections is vulnerable to a sensitive information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper rendering of application data...

CVE-2025-52639

CVE-2025-52639 affects HCL Connections, where a vulnerability allows sensitive information disclosure due to improper rendering of application data. The description across sources consistently references a confidentiality impact but does not provide specific affected versions or a published remed...

HCL Connections 安全漏洞

HCL Connections is a suite of enterprise collaboration platforms from HCL India. A security vulnerability exists in HCL Connections version 8.0, which stems from improper rendering of application data and could lead to disclosure of sensitive information...

PT-2025-47392

Name of the Vulnerable Software and Affected Versions HCL Connections affected versions not specified Description HCL Connections is susceptible to a sensitive information disclosure issue. This flaw potentially allows a user to access information they are not authorized to view, stemming from...

Mozilla Firefox < 60.0.2

The version of Firefox installed on the remote Windows host is prior to 60.0.2. It is, therefore, affected by a vulnerability as referenced in the mfsa2018-14 advisory. - A heap buffer overflow can occur in the Skia library when rasterizing paths using a maliciously crafted SVG file with...

CVE-2025-63680

Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw CWE-22 that, in combination with Windows ShellExecuteW fallback extension resolution, leads to arbitrary code execution when a user clicks a crafted entry. By creating a trailing-dot folder and placing a...

CVE-2025-64744

OpenObserve is a cloud-native observability platform. In versions up to and including 0.16.1, when creating or renaming an organization with HTML in the name, the markup is rendered inside the invitation email. This indicates that user-controlled input is inserted into the email template without...

GHSA-HR2Q-HP5Q-X767 Astro vulnerable to URL manipulation via headers, leading to middleware and CVE-2025-61925 bypass

Summary In impacted versions of Astro using on-demand rendering, request headers x-forwarded-proto and x-forwarded-port are insecurely used, without sanitization, to build the URL. This has several consequences the most important of which are: - Middleware-based protected route bypass only via...

Astro vulnerable to URL manipulation via headers, leading to middleware and CVE-2025-61925 bypass

Summary In impacted versions of Astro using on-demand rendering, request headers x-forwarded-proto and x-forwarded-port are insecurely used, without sanitization, to build the URL. This has several consequences the most important of which are: - Middleware-based protected route bypass only via...

CVE-2025-64525

Astro is a web framework. In Astro versions 2.16.0 up to but excluding 5.15.5 which utilizeon-demand rendering, request headers x-forwarded-proto and x-forwarded-port are insecurely used, without sanitization, to build the URL. This has several consequences, the most important of which are:...

CVE-2025-40166

In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Check GuC running state before deregistering exec queue In normal operation, a registered exec queue is disabled and deregistered through the GuC, and freed only after the GuC confirms completion. However, if the driv...

drm/vmwgfx: Fix Use-after-free in validation

...

drm/vmwgfx: Fix a null-ptr access in the cursor snooper

...

[SECURITY] Fedora 42 Update: webkitgtk-2.50.1-1.fc42

WebKitGTK is the port of the WebKit web rendering engine to the GTK platform...

CVE-2025-63645

A stored cross-site scripting XSS vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1 in the application's message system. Unsanitized message content submitted by one user is persisted by the server and later rendered in another user's Inbox view without appropriate context-aware...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990840)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990840 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: ensure the fwinfo is not null before using it This resolves the dereference null retu...

Qualcomm FastConnect 7800 Multiple Vulnerabilities (June 2025)

The version of Qualcomm FastConnect 7800 running on the remote host may be missing a vendor supplied patch. It is possible, therefore, that it is affected by multiple vulnerabilities, as follows: Memory corruption due to unauthorized command execution in GPU micronode while executing specific...

Fedora 41 : webkitgtk (2025-04c193ecfe)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-04c193ecfe advisory. Update to WebKitGTK 2.50.1: Improve text rendering performance. Fix audio playback broken on instagram. Fix rendering of layers with fractional transforms. F...

CVE-2025-47932

Combodo iTop (web-based IT service management) is affected. Affected versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when rendering dashboards via AJAX. Root cause: insufficient sanitization of the variable used during the dashboard render. The issue is addressed in vers...

CVE-2025-47773 Combodo iTop has XSS vulnerability in /pages/ajax.render.php

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a dashboard is edited via an AJAX call. Versions 2.7.13 and 3.2.2 protect rendered HTML content...