UBUNTU-CVE-2025-58147

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Some Viridian hypercalls can specify a mask of vCPU IDs as an input, in one of three formats. Xen has boundary checking bugs with all three formats, which can cause...

CVE-2025-58147 x86: Incorrect input sanitisation in Viridian hypercalls

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Some Viridian hypercalls can specify a mask of vCPU IDs as an input, in one of three formats. Xen has boundary checking bugs with all three formats, which can cause...

CVE-2025-58147 x86: Incorrect input sanitisation in Viridian hypercalls

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Some Viridian hypercalls can specify a mask of vCPU IDs as an input, in one of three formats. Xen has boundary checking bugs with all three formats, which can cause...

CVE-2025-58148

Xen hypervisor vulnerability CVE-2025-58148 arises from Viridian hypercalls accepting vCPU ID masks in any input format. The flaw can cause send_ipi() to read d->vcpu[] out-of-bounds and operate on a wild vCPU pointer, enabling out-of-bounds reads/writes. Connected advisories confirm impact on...

CVE-2025-58148

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Some Viridian hypercalls can specify a mask of vCPU IDs as an input, in one of three formats. Xen has boundary checking bugs with all three formats, which can cause...

EUVD-2021-34704

Nagios XI versions prior to 5.8.7 are vulnerable to cross-site scripting XSS via the Audit Log page’s Send to NLS form. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

CVE-2021-47699

Nagios XI versions prior to 5.8.7 are vulnerable to cross-site scripting XSS via the Audit Log page’s Send to NLS form. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

PT-2025-44479

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.8.7 Description Nagios XI versions prior to 5.8.7 are susceptible to cross-site scripting XSS through the Audit Log page’s Send to NLS form. The issue stems from inadequate validation or escaping of user-supplied...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 5.8.7, which stems from insufficient...

CVE-2025-40071

In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: Don't block input queue by waiting MSC Currently gsmqueue processes incoming frames and when opening a DLC channel it calls gsmdlciopen which calls gsmmodemupdate. If basic mode is used it calls gsmmodemupdviamsc and i...

Google Messages 安全漏洞

Google Messages is an instant messaging application from Google, Inc USA. A security vulnerability exists in Google Messages that stems from improper handling of the ACTIONSENDTO intent, which could lead to unauthorized message sending...

Siemens SIMATIC Devices Use After Free (CVE-2025-21760)

ndisc: extend RCU protection in ndiscsendskb This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503636; scriptversion"1.2";...

SUSE CVE-2025-61595

MANTRA is a purpose-built RWA Layer 1 Blockchain, capable of adherence to real world regulatory requirements. Versions 4.0.1 and below do not enforce the tx gas limit in its send hooks. Send hooks can spend more gas than what remains in tx, combined with recursive calls in the wasm contract,...

GO-2025-3997 github.com/MANTRA-Chain/mantrachain/x/tokenfactory tx gas limit is not enforced in send hooks in github.com/MANTRA-Chain/mantrachain

github.com/MANTRA-Chain/mantrachain/x/tokenfactory tx gas limit is not enforced in send hooks in github.com/MANTRA-Chain/mantrachain...

EUVD-2022-55667

In the Linux kernel, the following vulnerability has been resolved: iio: fix memory leak in iiodeviceregistereventset When iiodeviceregistersysfsgroup returns failed, iiodeviceregistereventset needs to free attrs array. Otherwise, kmemleak would scan & report memory leak as below: unreferenced...

CVE-2025-11952

Stored Cross-site Scripting XSS in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user...

EUVD-2025-35339

Stored Cross-site Scripting XSS in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user...

CVE-2025-11952 Stored Cross-Site Scripting (XSS) in Oct8ne Chatbot

Stored Cross-site Scripting XSS in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user...

WordPress plugin ShopMagic 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

Oct8ne Chatbot 跨站脚本漏洞

Oct8ne Chatbot is a chatbot from Oct8ne, Inc. A cross-site scripting vulnerability exists in Oct8ne Chatbot version 2.3, which stems from failure to validate input when creating a mail record via /Records/SendSummaryMail, which could lead to a stored cross-site scripting attack...