Sakai 安全漏洞

Sakai is a freely available, feature-rich technology solution for learning, teaching, research, and collaboration from Apereo Sakai Open Source. A security vulnerability exists in Sakai versions prior to 23.5 and prior to 25.0 that stems from the use of a non-cryptographic pseudo-random number...

CVE-2025-59761

Summary: CVE-2025-59761 concerns AndSoft e-TMS v25.03, where a reflected cross-site scripting (XSS) vulnerability exists due to insufficient filtering/escaping of untrusted data. The attack vector involves crafted URLs to the endpoint /clt/LOGINFRM_DLG.ASP and targets the parameters l, demo, demo...

7-Zip 安全漏洞

7-Zip is a compression software from the 7-Zip open source. A security vulnerability exists in versions prior to 7-Zip 25.0.0 that originates from writing a zero value out of the heap buffer in the RAR5 handler, which could result in memory corruption and a denial of service...

SUSE: Security Advisory (SUSE-SU-2025:0554-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-0121

A null pointer dereference vulnerability in the Palo Alto Networks Cortex® XDR agent on Windows devices allows a low-privileged local Windows user to crash the agent. Additionally, malware can use this vulnerability to perform malicious activity without Cortex XDR being able to detect it...

CVE-2025-0126 PAN-OS: Session Fixation Vulnerability in GlobalProtect SAML Login

When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user. This requires the legitimate user to first click on a malicious link provided by the attacker. T...

GHSA-FM93-G6XP-35XQ Aim Excessive Data Query Operations in a Large Data Table vulnerability

In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of Text objects and then querying them simultaneously through the web API, the Aim web server becomes unresponsive to other requests for an extended period while processing and returning these...

CVE-2025-0114 PAN-OS: Denial of Service (DoS) in GlobalProtect

A Denial of Service DoS vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software enables an unauthenticated attacker to render the service unavailable by sending a large number of specially crafted packets over a period of time. This issue affects both the GlobalProtect...

CVE-2025-0994

Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services I...

Adobe Media Encoder 缓冲区错误漏洞

Adobe Media Encoder is an audio and video encoding application from the American company Audobee Adobe. An out-of-bounds write vulnerability exists in Adobe Media Encoder versions 25.0 and earlier and 24.6.3 and earlier, which can be exploited by an attacker to execute arbitrary code in the curre...