CVE-2025-37949 xenbus: Use kref to track req lifetime

In the Linux kernel, the following vulnerability has been resolved: xenbus: Use kref to track req lifetime Marek reported seeing a NULL pointer fault in the xenbusthread callstack: BUG: kernel NULL pointer dereference, address: 0000000000000000 RIP: e030:wakeupcommon+0x4c/0x180 Call Trace:...

The vulnerability of Intradesk’s request tracking system arises from the lack of measures taken to protect its web page structure, allowing attackers to carry out cross-site scripting attacks.

The vulnerability of Intradesk’s request tracking system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out a cross-site scripting attack remotely...

Cross-Site Request Forgery (CSRF) in snipe/snipe-it

Description CSRF to disrupt request tracking Proof of Concept Open the HTML file as a logged-in user Impact Unauthenticated attackers situated outside of the organization can disrupt request tracking by sending the malicious HTML to a user which will cause them to request an asset...