Exploit for Deserialization of Untrusted Data in Apache Parquet_Java

CVE-2025-30065 PoC Usage Build the image sh docker b...

Sensitive Information Disclosure

Directus is vulnerable to information disclosure. The vulnerability is due to improper error handling due to sensitive data being exposed in API responses when a ValidationError is triggered in flows using the "Webhook" trigger and "Data of Last Operation" response body...

OESA-2025-1378 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security Fixes: A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. This bug could only be triggered when accessibility was...

SUSE CVE-2025-21899

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix bad hist from corrupting namedtriggers list The following commands causes a crash: cd /sys/kernel/tracing/events/rcu/rcucallback echo 'hist:name=bad:keys=commonpid:onmaxbogus.savecommonpid' trigger bash: echo: write...

AZL-69527 CVE-2025-21899 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix bad hist from corrupting namedtriggers list The following commands causes a crash: cd /sys/kernel/tracing/events/rcu/rcucallback echo 'hist:name=bad:keys=commonpid:onmaxbogus.savecommonpid' trigger bash: echo: write...

DEBIAN-CVE-2025-21899

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix bad hist from corrupting namedtriggers list The following commands causes a crash: cd /sys/kernel/tracing/events/rcu/rcucallback echo 'hist:name=bad:keys=commonpid:onmaxbogus.savecommonpid' trigger bash: echo: write...

UBUNTU-CVE-2025-21899

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix bad hist from corrupting namedtriggers list The following commands causes a crash: cd /sys/kernel/tracing/events/rcu/rcucallback echo 'hist:name=bad:keys=commonpid:onmaxbogus.savecommonpid' trigger bash: echo: write...

CVE-2025-21899

CVE-2025-21899 affects the Linux kernel tracing subsystem. The issue arises in the hist_trigger handling where enabling a trigger wrongly interacts with the named_triggers list, leading to a crash when the list is traversed during unregister/cleanup. The root cause is described in the initial rep...

CVE-2025-30353

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.5.0, when a Flow with the "Webhook" trigger and the "Data of Last Operation" response body encounters a ValidationError thrown by a failed condition operation, the A...

CLSA-2025-1743071343 tigervnc: Fix of CVE-2025-26601

CVE-2025-26601: xorg-x11-server: fix use-after-free issue by adding check to ensure new sync object is added before alarm triggers...

The vulnerability of the Linux operating system’s kernel USB component, which allows a hacker to trigger a service failure

The vulnerability of the usbtmccreateurb function in the Linux kernel USB component is related to a memory leak. Exploiting this vulnerability could allow an attacker to cause a system failure...

GHSA-FM3H-P9WM-H74H Directus's webhook trigger flows can leak sensitive data

Describe the Bug In Directus, when a Flow with the "Webhook" trigger and the "Data of Last Operation" response body encounters a ValidationError thrown by a failed condition operation, the API response includes sensitive data. This includes environmental variables, sensitive API keys, user...

CVE-2025-30353

Directus vulnerability (CVE-2025-30353): In Directus, flows using the Webhook trigger with the Data of Last Operation response can disclose sensitive data when a ValidationError occurs. Affected versions are 9.12.0 up to, but not including, 11.5.0. The exposure includes environment variables, API...

PT-2025-12984 · Directus · Directus

Name of the Vulnerable Software and Affected Versions: Directus versions 9.12.0 through 11.4.0 Description: Directus is a real-time API and App dashboard for managing SQL database content. When a Flow with the "Webhook" trigger and the "Data of Last Operation" response body encounters a...

Directus 信息泄露漏洞

Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. An information disclosure vulnerability exists in Directus versions prior to 9.12.0 through 11.5.0, which stems from a Webhook trigger that could lead to the disclosure of...

Apache Airflow 安全漏洞

Apache Airflow is an open source platform for creating, managing and monitoring workflows from the Apache USA Foundation. The platform is characterized by scalability and dynamic monitoring. A security vulnerability exists in Apache Airflow versions prior to 6.2.0, which stems from a table...

xorg: xwayland: Use-after-free in SyncInitTrigger()

A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger is called. If one of the changes triggers an error, the function will return...

The vulnerability of the iio_simple_dummy_trigger_h() function in the drivers/iio/dummy/iio_simple_dummy_buffer.c file allows a hacker to gain unauthorized access to protected information within the Linux operating system’s I/O driver support.

The vulnerability of the iiosimpledummytriggerh function in the drivers/iio/dummy/iiosimpledummybuffer.c file, which is part of the Linux operating system’s I/O driver support, stems from the use of an uninitialized resource. Exploiting this vulnerability could allow an attacker to gain...

CVE-2024-10942

The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.89 via deserialization of untrusted input in the 'replaceserializedvalues' function. This makes it possible for unauthenticated attackers to inject a PHP Objec...

MAL-2025-2427 Malicious code in tsl-select-trigger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 072755e39bd14b6660b02fdc071fceedf4d4cf76f4f27561b12b19a8fa70f135 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...