1495 matches found
PT-2025-19776 · Xinguan · Xinguan
Name of the Vulnerable Software and Affected Versions: Xinguan version 0.0.1-SNAPSHOT Description: The issue is related to incorrect access control in the "/system/user/findUserList" API endpoint, which allows attackers to access sensitive information by sending a crafted payload. Recommendations...
BELL-CVE-2025-37745
Bulletin has no description...
GHSA-V2P5-Q653-9J99 obfstr Type Confusion vulnerability
In the obfstr crate before 0.4.4 for Rust, the obfstr! argument type is not restricted to string slices, leading to invalid UTF-8 conversion that produces an invalid value...
CVE-2023-53124 scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add()
In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix NULL pointer access in mpt3sastransportportadd Port is allocated by sasportallocnum and rphy is allocated by either sasenddevicealloc or sasexpanderalloc, all of which may return NULL. So we need to check the...
CVE-2025-47154
LibJS in Ladybird before f5a6704 mishandles the freeing of the vector that argumentslist references, leading to a use-after-free, and allowing remote attackers to execute arbitrary code via a crafted .js file. NOTE: the GitHub README says "Ladybird is in a pre-alpha state, and only suitable for u...
PT-2025-18574 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak issue has been identified in the Linux kernel, specifically in the prestera rxtx switch init function. This occurs when prestera sdma switch init fails, resulting in the...
Director: Dashboard not showing correct session count data
Director dashboard showing wrong data Session count in Studio and Director Dashboard is incorrect...
"Cannot Complete your request" during enumeration for DUO OAuth in 2 factor setup
Getting " Cannot complete your request" after duo push is successfully sent. In the url tab, we could see the client connection being pointed to storefront successfully...
PT-2025-18150 · Code Projects · Code-Projects Clothing Store Management System
Name of the Vulnerable Software and Affected Versions: code-projects Clothing Store Management System version 1.0 Description: A critical vulnerability was found in the code-projects Clothing Store Management System. The issue affects the add item function, where manipulation of the st.productnam...
Black area's when launching Horizon app on VDA 2402 CU1
After upgrading our VDA to 2402 cu1 we are presented with black artifacts on launch of Horizon app...
Apereo CAS has inefficient regular expression complexity
A vulnerability was found in Apereo CAS 5.2.6. It has been declared as problematic. This vulnerability affects unknown code of the file cas-5.2.6\core\cas-server-core-configuration-metadata-repository\src\main\java\org\apereo\cas\metadata\rest\CasConfigurationMetadataServerController.java. The...
PT-2025-18009 · Wowjoy 浙江湖州华卓信息科技有限公司 · Internet Doctor Workstation System
Name of the Vulnerable Software and Affected Versions: wowjoy 浙江湖州华卓信息科技有限公司 Internet Doctor Workstation System version 1.0 Description: A problematic issue has been found in the system, affecting some unknown processing of the file "/v1/prescription/details/". This leads to improper authorizatio...
Denial Of Service (DoS)
vllm is vulnerable to Denial of Service DoS. The vulnerability is due to unbounded in-memory cache growth due to allowing unique schema requests to continually populate the grammar cache, potentially exhausting system RAM...
GO-2025-3620 Mattermost Missing Authentication for Critical Function in github.com/mattermost/mattermost-server
Mattermost Missing Authentication for Critical Function in github.com/mattermost/mattermost-server...
GHSA-MFVV-MGF6-Q25R GoBGP crashes in the flowspec parser
An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context...
CVE-2025-43972
An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context...
BELL-CVE-2025-22087
Bulletin has no description...
PT-2025-17310 · Unknown · Namelessmc
Name of the Vulnerable Software and Affected Versions: NamelessMC versions 2.1.4 and prior Description: The issue arises when a malicious user leaves spam comments on many topics. If an administrator deletes the malicious user's account, all their posts along with the associated topics by unrelat...
PT-2025-17100 · Unknown · Maximevalette Ical Feeds
Name of the Vulnerable Software and Affected Versions: maximevalette iCal Feeds versions 1.5.3 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers...
Daas II Cloud II Unable to launch One Drive automatically within VDI using SSO
One Drive is not auto launching within VDI using Single Sign On...