curl: curl-ipv4-percent-normalization-SSRF

Summary: six or fewer sentences describing the issue in your own human voice and optionally a short proof-of-concept script Affected version Which curl/libcurl version are you using to reproduce? On which platform? curl -V typically generates good output to include Steps To Reproduce: add details...

OpenMcdf: Uncatchable infinite loop in DirectoryTree.TryGetDirectoryEntry on crafted CFB directory cycle

Summary The BST name-lookup loop in DirectoryTree.TryGetDirectoryEntry OpenMcdf/DirectoryTree.cs:35-46 walks directory entries by repeatedly calling directories.TryGetSiblingchild, siblingType, validateColor. A crafted CFB file with cyclic Left/Right sibling links among directory entries -...

poc-archive

poc-archive A structured archive of security research proof-o...

UBUNTU-CVE-2022-50854

In the Linux kernel, the following vulnerability has been resolved: nfc: virtualncidev: Fix memory leak in virtualncisend skb should be free in virtualncisend, otherwise kmemleak will report memleak. Steps for reproduction simulated in qemu: cd tools/testing/selftests/nci make ./ncidev BUG: memor...

Security Analysis of Web Applications Based on Gruyere

With the rapid development of Internet technologies, web systems have become essential infrastructures for modern information exchange and business operations. However, alongside their expansion, numerous security vulnerabilities have emerged, making web security a critical research focus within...

UBUNTU-CVE-2025-37781

In the Linux kernel, the following vulnerability has been resolved: i2c: cros-ec-tunnel: defer probe if parent EC is not present When i2c-cros-ec-tunnel and the EC driver are built-in, the EC parent device will not be found, leading to NULL pointer dereference. That can also be reproduced by...

Vega vulnerable to Cross-site Scripting via RegExp.prototype[@@replace]

Impact Users running Vega/Vega-lite JSON definitions could run unexpected JavaScript code when drawing graphs, unless the library is used with the vega-interpreter. Workarounds - Use vega with expression interpreter - Upgrade to a newer Vega version 5.32.0 POC Summary Calling replace with a...

CVE-2022-49708 ext4: fix bug_on ext4_mb_use_inode_pa

In the Linux kernel, the following vulnerability has been resolved: ext4: fix bugon ext4mbuseinodepa Hulk Robot reported a BUGON: ================================================================== kernel BUG at fs/ext4/mballoc.c:3211! ... RIP: 0010:ext4mbmarkdiskspaceused.cold+0x85/0x136f ... Cal...

CVE-2024-53088

CVE-2024-53088 in the Linux kernel i40e driver describes a race condition where MAC/VLAN filters could be corrupted under heavy concurrent filter/memory operations. The root cause is a use-after-free like scenario where a filter freed by one thread is accessed by another during i40e_sync_vsi_filt...

Employee And Visitor Gate Pass Logging System 1.0 SQL Injection Vulnerability

Employee and Visitor Gate Pass Logging System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. Exploit Title: Employee and Visitor Gate Pass Logging System - SQLi Authentication Bypass Exploit Author: Furkan Eren Tetik Vendor Homepage:...

CVE-2022-48690

In the Linux kernel, the following vulnerability has been resolved: ice: Fix DMA mappings leak Fix leak, when user changes ring parameters. During reallocation of RX buffers, new DMA mappings are created for those buffers. New buffers with different RX ring count should substitute older ones, but...

HackerOne: Payload delivery via Social Media urls on H1 profile

The Hackerone platform allowed users to add social media profiles to their profiles, where users could provide their usernames. Due to improper sanitization, users were able to construct their own URLs, except for Twitter which was sanitized. This allowed attackers to hide malicious payloads behi...

UBUNTU-CVE-2021-47089

In the Linux kernel, the following vulnerability has been resolved: kfence: fix memory leak when cat kfence objects Hulk robot reported a kmemleak problem: unreferenced object 0xffff93d1d8cc02e8 size 248: comm "cat", pid 23327, jiffies 4624670141 age 495992.217s hex dump first 32 bytes: 00 40 85 ...

Nextcloud: HTML injection in search UI when selecting a circle with HTML in the display name

An HTML injection vulnerability was discovered in the search user interface of a cloud application. When selecting a circle with HTML in the display name, this could allow redirection to malicious websites or other adverse impacts such as data theft, phishing, or malware distribution...

GHSA-G9W4-PRF3-M25G Obfuscated email addresses should not be sorted

Impact The mail obfuscation configuration was not fully taken into account and is was still possible by obfuscated emails. See https://jira.xwiki.org/browse/XWIKI-20601 for the reproduction steps. Patches This has been patched in XWiki 14.10.9, and XWiki 15.3-rc-1. Workarounds The workaround is t...

Event Booking Calendar 1.8 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Ticket Booking Script 1.8 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

GHSA-36FM-J33W-C25F Privilege escalation (PR)/RCE from account through class sheet

Impact It's possible for a user to execute anything with the right of the author of the XWiki.ClassSheet document. Steps to Reproduce: 1. Edit your user profile with the object editor and add an object of type DocumentSheetBinding with value Default Class Sheet 1. Edit your user profile with the...

GHSA-HG5X-3W3X-7G96 xwiki-platform-web-templates vulnerable to Eval Injection

Impact Any user with edit rights on a page e.g., it's own user page, can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the information loaded from attachments in imported.vm, importinline.vm, and...

xwiki-platform-web-templates vulnerable to Eval Injection

Impact Any user with edit rights on a page e.g., it's own user page, can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the information loaded from attachments in imported.vm, importinline.vm, and...