H3C多款产品 安全漏洞

H3C Magic NX30 Pro and others are products of China's Xinhua San H3C.H3C Magic NX30 Pro is a home router that supports WiFi6 3000M rate.H3C Magic NX15 is a router.H3C Magic NX400 is a router. A security vulnerability exists in several H3C products that stems from a command injection in the...

CVE-2025-2749

An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to upload arbitrary data to path relative locations. This results in path traversal and arbitrary file upload, including content that can be executed server side leading to remote code...

CVE-2025-2746

An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server password handling of empty SHA1 usernames in digest authentication. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through...

CVE-2025-2747

An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.1...

CVE-2025-2747

An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.1...

Directory Traversal

Overview Kentico.Xperience.Libraries is a package for libraries and applications that use Kentico Xperience API. Affected versions of this package are vulnerable to Directory Traversal via the Staging Sync Server, which does not sufficiently protect librarySubFolderPath against traversal sequence...

Authentication Bypass by Primary Weakness

Overview Kentico.Xperience.Libraries is a package for libraries and applications that use Kentico Xperience API. Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness when the Staging Sync Server is enabled which it is not by default. An attacker can gain...

Missing Critical Step in Authentication

Overview Kentico.Xperience.Libraries is a package for libraries and applications that use Kentico Xperience API. Affected versions of this package are vulnerable to Missing Critical Step in Authentication due to improper handling of empty SHA1 usernames in digest authentication, when the Staging...

CVE-2025-2747 Kentico Xperience <= 13.0.178 Staging Sync Server None Password Type Authentication Bypass

An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.1...

CVE-2025-2747 Kentico Xperience <= 13.0.178 Staging Sync Server None Password Type Authentication Bypass

An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.1...

CVE-2025-2747

Kentico Xperience 13 CMS is affected by an authentication bypass in the Staging Sync Server component, due to password handling for the server-defined None type. This allows bypass of authentication and potential control of administrative objects, with impact stated up to version 13.0.178. A reme...

CVE-2025-2746 Kentico Xperience <= 13.0.172 Staging Sync Server Digest Password Authentication Bypass

An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server password handling of empty SHA1 usernames in digest authentication. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through...

CVE-2025-2746 Kentico Xperience <= 13.0.172 Staging Sync Server Digest Password Authentication Bypass

An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server password handling of empty SHA1 usernames in digest authentication. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through...

PT-2025-12669 · Kentico · Kentico Xperience

Name of the Vulnerable Software and Affected Versions: Kentico Xperience versions through 13.0.178 Description: An authentication bypass issue in Kentico Xperience allows attackers to bypass authentication via the Staging Sync Server component's password handling for the server-defined None type...

The vulnerability of the ufshcd_rpm_get_sync() function in the UFS driver of the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the ufshcdrpmgetsync function in the UFS driver of the Linux operating system is related to insufficient resource locking. Exploiting this vulnerability can allow an attacker to cause a service failure...

PT-2025-12671

Name of the Vulnerable Software and Affected Versions Kentico Xperience versions prior to 13.0.179 Description An authenticated remote code execution issue allows authenticated users of the Staging Sync Server to upload arbitrary data to path relative locations. This leads to path traversal and...

CVE-2025-30204 vulnerabilities

Vulnerabilities for packages: step-fips, eks-distro-fips, falcoctl-fips, trivy-fips, velero-plugin-for-microsoft-azure, opentelemetry-operator-fips, kyverno-fips, eksctl, grafana-mimir-fips, thanos-fips, filebrowser, terraform-provider-azapi, falcosidekick-fips, kubernetes-dashboard-auth-fips,...

Improper Check for Unusual or Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions due interaction between unexpected parameter values set for ClusterDeployment.hive.openshift.io/v1 and ClusterSync.hiveinternal.openshift.io/v1alpha1 objects in the Reconcile method i...

The vulnerability of the msft_add_address_filter_sync() function in the net/bluetooth/msft.c module of the Linux kernel’s Bluetooth subsystem allows a malicious actor to cause a service failure.

The vulnerability of the msftaddaddressfiltersync function in the net/bluetooth/msft.c module of the Linux kernel’s Bluetooth subsystem is related to improper memory release before deleting the last reference „memory leak“. Exploiting this vulnerability could allow a attacker to cause a service...

xorg: xwayland: Use-after-free in SyncInitTrigger()

A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger is called. If one of the changes triggers an error, the function will return...