4643 matches found
Directory Traversal
Overview Kentico.Xperience.Libraries is a package for libraries and applications that use Kentico Xperience API. Affected versions of this package are vulnerable to Directory Traversal via the Staging Sync Server, which does not sufficiently protect librarySubFolderPath against traversal sequence...
Authentication Bypass by Primary Weakness
Overview Kentico.Xperience.Libraries is a package for libraries and applications that use Kentico Xperience API. Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness when the Staging Sync Server is enabled which it is not by default. An attacker can gain...
Missing Critical Step in Authentication
Overview Kentico.Xperience.Libraries is a package for libraries and applications that use Kentico Xperience API. Affected versions of this package are vulnerable to Missing Critical Step in Authentication due to improper handling of empty SHA1 usernames in digest authentication, when the Staging...
CVE-2025-2747 Kentico Xperience <= 13.0.178 Staging Sync Server None Password Type Authentication Bypass
An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.1...
CVE-2025-2747 Kentico Xperience <= 13.0.178 Staging Sync Server None Password Type Authentication Bypass
An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.1...
CVE-2025-2747
Kentico Xperience 13 CMS is affected by an authentication bypass in the Staging Sync Server component, due to password handling for the server-defined None type. This allows bypass of authentication and potential control of administrative objects, with impact stated up to version 13.0.178. A reme...
CVE-2025-2746 Kentico Xperience <= 13.0.172 Staging Sync Server Digest Password Authentication Bypass
An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server password handling of empty SHA1 usernames in digest authentication. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through...
CVE-2025-2746 Kentico Xperience <= 13.0.172 Staging Sync Server Digest Password Authentication Bypass
An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server password handling of empty SHA1 usernames in digest authentication. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through...
The vulnerability of the ufshcd_rpm_get_sync() function in the UFS driver of the Linux operating system allows a hacker to cause a service failure.
The vulnerability of the ufshcdrpmgetsync function in the UFS driver of the Linux operating system is related to insufficient resource locking. Exploiting this vulnerability can allow an attacker to cause a service failure...
PT-2025-12669 · Kentico · Kentico Xperience
Name of the Vulnerable Software and Affected Versions: Kentico Xperience versions through 13.0.178 Description: An authentication bypass issue in Kentico Xperience allows attackers to bypass authentication via the Staging Sync Server component's password handling for the server-defined None type...
PT-2025-12671
Name of the Vulnerable Software and Affected Versions Kentico Xperience versions prior to 13.0.179 Description An authenticated remote code execution issue allows authenticated users of the Staging Sync Server to upload arbitrary data to path relative locations. This leads to path traversal and...
CVE-2025-30204 vulnerabilities
Vulnerabilities for packages: flux, vault-fips, kube-logging-logging-operator, flux-source-controller-fips, velero-fips, kyverno-fips, beats-fips, restic, mongo-tools, kube-metrics-adapter, harbor, spire-server-fips, velero-plugin-for-microsoft-azure, falcosidekick-fips, terraform-provider-azapi,...
Improper Check for Unusual or Exceptional Conditions
Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions due interaction between unexpected parameter values set for ClusterDeployment.hive.openshift.io/v1 and ClusterSync.hiveinternal.openshift.io/v1alpha1 objects in the Reconcile method i...
The vulnerability of the msft_add_address_filter_sync() function in the net/bluetooth/msft.c module of the Linux kernel’s Bluetooth subsystem allows a malicious actor to cause a service failure.
The vulnerability of the msftaddaddressfiltersync function in the net/bluetooth/msft.c module of the Linux kernel’s Bluetooth subsystem is related to improper memory release before deleting the last reference „memory leak“. Exploiting this vulnerability could allow a attacker to cause a service...
xorg: xwayland: Use-after-free in SyncInitTrigger()
A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger is called. If one of the changes triggers an error, the function will return...
xorg: xwayland: Use-after-free in SyncInitTrigger()
A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger is called. If one of the changes triggers an error, the function will return...
xorg: xwayland: Use-after-free in SyncInitTrigger()
A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger is called. If one of the changes triggers an error, the function will return...
xorg: xwayland: Use-after-free in SyncInitTrigger()
A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger is called. If one of the changes triggers an error, the function will return...
CVE-2025-28892
Cross-Site Request Forgery CSRF vulnerability in a2rocklobster FTP Sync ftp-sync allows Stored XSS.This issue affects FTP Sync: from n/a through = 1.1.6...
QNAP Systems HBS 3 Hybrid Backup Sync Buffer Overflow Vulnerability
QNAP Systems HBS 3 Hybrid Backup Sync is a data management tool that integrates backup, restore and synchronization functions on Weilian's NAS devices, supporting local, remote and cloud storage backups and providing an efficient data protection solution. A buffer overflow vulnerability exists in...