174 matches found
CVE-2025-5198
CVE-2025-5198 describes a Cross-site Scripting (XSS) flaw in Stackrox where the vulnerability can be triggered if script code is placed in a small subset of table cells, specifically when contained in the name of a Kubernetes “Role” object applied to a secured cluster. The exploit would require c...
CVE-2024-23485
Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation CWE-1304 in the Controller 6000 and 7000 can lead to secured door locks connected via Aperio Communication Hubs to momentarily allow free access. This issue affects: Gallagher Controller 6000 and...
CVE-2025-47277
vLLM (versions 0.6.5–0.8.4) is affected only when using the PyNcclPipe KV cache transfer integration with the V0 engine. The issue stems from the PyTorch TCPStore binding defaulting to ALL interfaces; a workaround constrained the store to a private interface, and as of version 0.8.5 vLLM now bind...
CVE-2025-46346 YesWiki Vulnerable to Stored XSS in Comments
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, a stored cross-site scripting XSS vulnerability was discovered in the application’s comments feature. This issue allows a malicious actor to inject JavaScript payloads that are stored and later executed in the browser of any user...
Linux Distros Unpatched Vulnerability : CVE-2021-47389
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: fix missing sevdecommission in sevreceivestart DECOMMISSION the current SEV contex...
IBM ApplinX 加密问题漏洞
IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. A cryptographic issue vulnerability exists in IBM ApplinX version 11.1 that stems from not properly enabling HTTP strict transport. An attacker could...
SUSE CVE-2024-47609
Tonic is a native gRPC client & server implementation with async/await support. When using tonic::transport::Server there is a remote DoS attack that can cause the server to exit cleanly on accepting a TCP/TLS stream. This can be triggered by causing the accept call to error out with errors that...
Europol warns about counterfeit goods and the criminals behind them
With the holidays around the bend, many are looking for gifts for their family and friends. And since we somehow decided we want to give more each time, we’re also looking for good deals. But European law enforcement agency Europol issued a warning about buying fake goods. Sure, they are cheaper,...
CVE-2024-49857
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: set the cipher for secured NDP ranging The cipher pointer is not set, but is derefereced trying to set its content, which leads to a NULL pointer dereference. Fix it by pointing to the cipher parameter before...
CVE-2024-49857
CVE-2024-49857 (Linux kernel) involves the wifi iwlwifi mvm path where the cipher pointer is not initialized before it is dereferenced during secured NDP ranging. The underlying bug is a NULL pointer dereference caused by dereferencing an uninitialized cipher pointer. The fixed description states...
CVE-2024-49857
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: set the cipher for secured NDP ranging The cipher pointer is not set, but is derefereced trying to set its content, which leads to a NULL pointer dereference. Fix it by pointing to the cipher parameter before...
Missing hostname validation in Kroxylicious
A flaw was found in Kroxylicious. When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perfor...
CVE-2024-8285 Kroxylicious: missing upstream kafka tls hostname verification
A flaw was found in Kroxylicious. When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perfor...
CVE-2024-6326 Rockwell Automation Unsecured Private Keys in FactoryTalk® System Services
An exposure of sensitive information vulnerability exists in the Rockwell Automation FactoryTalk® System Service. A malicious user could exploit this vulnerability by starting a back-up or restore process, which temporarily exposes private keys, passwords, pre-shared keys, and database folders wh...
CVE-2024-23485
Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation CWE-1304 in the Controller 6000 and 7000 can lead to secured door locks connected via Aperio Communication Hubs to momentarily allow free access. This issue affects: Gallagher Controller 6000 and...
CVE-2024-23485
Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation CWE-1304 in the Controller 6000 and 7000 can lead to secured door locks connected via Aperio Communication Hubs to momentarily allow free access. This issue affects: Gallagher Controller 6000 and...
CVE-2024-23485
CVE-2024-23485 affects Gallagher Controller 6000 and 7000. Root cause: improper preservation of hardware configuration state during a power save/restore operation, which can cause Aperio-connected door locks to momentarily allow free access. Affected versions span 8.60 and prior; 8.70 prior to vC...
RHEL 6 : networkmanager (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - NetworkManager: creating new WPA-secured wireless network results in insecure network being created inste...
Evil Ant The Python-Powered Ransomware
Summary: Evil Ant Ransomware, a sophisticated Python-based malware compiled with PyInstaller, operates covertly by hiding its console window and executing tasks discreetly. It aims to gain access to critical system functions and encrypt secured files. Threat Level - Amber | Attack Report For a...
Sulu Security Breach
Sulu is a Symfony framework on an extensible, PHP-based open source content management system from Sulu, Austria. A security vulnerability exists in Sulu versions 2.2.0 through prior to 2.5.13, which stems from the ability to grant access to a page regardless of the permissions of a role in a...