CVE-2024-53263 Git LFS permits exfiltration of credentials via crafted HTTP URLs

Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the git-credential1 command without checking for embedded line-ending control characters, and then sends any credentials it receives back fr...

CVE-2024-50349

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When Git asks for credentials via a terminal prompt i.e. without using any credential helper, it prints out the host name for whic...

2025-01 .NET 9.0.1 Security Update for x64 Server (KB5050526)

2025-01 .NET 9.0.1 Security Update for x64 Server KB5050526...

CVE-2025-23025

CVE-2025-23025 affects XWiki Platform due to the Realtime WYSIWYG Editor extension. A user with only edit rights can join a realtime session where other users have script or programming rights and insert script rendering macros that execute for those users, potentially enabling elevation of privi...

XWiki Realtime WYSIWYG Editor extension allows privilege escalation (PR) through realtime WYSIWYG editing

Impact NOTE: The Realtime WYSIWYG Editor extension was experimental, and thus not recommended, in the versions affected by this vulnerability. It has become enabled by default, and thus recommended, starting with XWiki 16.9.0. A user with only edit right can join a realtime editing session where...

GHSA-7835-FCV3-G256 TYPO3 Scheduler Module vulnerable to Cross-Site Request Forgery

Problem A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP...

PT-2025-4202 · Microsoft · Windows Remote Desktop Services +1

Name of the Vulnerable Software and Affected Versions: Windows Remote Desktop Services versions prior to the fixed version Description: The issue is related to a use-after-free vulnerability in Windows Remote Desktop Services, allowing remote attackers to execute arbitrary code and affect the...

PT-2025-1110

Name of the Vulnerable Software and Affected Versions Howyar UEFI Application "Reloader" 32-bit and 64-bit versions prior to January 2025 Description A vulnerability exists in the Howyar UEFI Application "Reloader" that allows for the execution of unsigned software in a hardcoded path. This flaw,...

PT-2025-2453 · Fortinet · Fortios

Name of the Vulnerable Software and Affected Versions: FortiOS SSLVPN web portal versions 6.4 through 7.0, versions 7.2.0 through 7.2.8, and versions 7.4.0 through 7.4.4 Description: The issue is related to an out-of-bounds read vulnerability that may allow an authenticated attacker to perform a...

raptor2 security update

2.0.15-32 - Bump NVR 2.0.15-31 - Resolves: CVE-2024-57823 integer underflow when normalizing a URI with the turtle parser...

Huawei EulerOS: Security Advisory for python-requests (EulerOS-SA-2025-1012)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : kernel (EulerOS-SA-2025-1057)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : KVM: nSVM: Ignore nCR34:0 when loading PDPTEs from memoryCVE-2024-50115 tcp/dccp: Don't use timerpending in reqskqueueunlink.CVE-2024-50154 bpf: F...

CVE-2025-22138

CVE-2025-22138 concerns @codidact/qpixel, an open-source Q&A platform. Affected versions allow information exposure when a category is private or has limited visibility: suggested edits in that category can be viewed by unprivileged or anonymous users via the suggested edit queue. This constitute...

CVE-2025-22142 Cross-site Scripting in NamelessMC

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In affected versions an admin can add the ability to have users fill out an additional field and users can inject javascript code into it that would be activated once a staffer visits the user's profile on staff...

CVE-2024-49571

In the Linux kernel, the following vulnerability has been resolved: net/smc: check ipareaoffset and ipv6prefixescnt when receiving proposal msg When receiving proposal msg in server, the field ipareaoffset and the field ipv6prefixescnt in proposal msg are from the remote client and can not be ful...

PT-2025-8762

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the version that includes the fix for the issue described. Description A bug in the Linux kernel's btrfs module can cause a crash when the run delalloc nocow function fails, leading to a VM BUG ON FOLIO error. Th...

EulerOS 2.0 SP10 : python-urllib3 (EulerOS-SA-2025-1030)

According to the versions of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization...

CVE-2018-25032 affecting package openjdk8 for versions less than 1.8.0.332-2

CVE-2018-25032 affecting package openjdk8 for versions less than 1.8.0.332-2. A patched version of the package is available...

PT-2025-3877 · Unknown · Liujianview Gymxmjpa

Name of the Vulnerable Software and Affected Versions: liujianview gymxmjpa version 1.0 Description: A critical vulnerability has been found in the function SubjectDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/SubjectController.java. The manipulation of the argument subname...

PT-2025-3881 · Unknown · Liujianview Gymxmjpa

Name of the Vulnerable Software and Affected Versions: liujianview gymxmjpa version 1.0 Description: A critical vulnerability has been found that affects the MenberDaoInpl function in the file src/main/java/com/liujian/gymxmjpa/controller/MenberConntroller.java. The manipulation of the hyname...