CVE-2025-64516

GLPI is a free asset and IT management software package. Prior to 10.0.21 and 11.0.3, an unauthorized user can access GLPI documents attached to any item ticket, asset, .... If the public FAQ is enabled, this unauthorized access can be performed by an anonymous user. This vulnerability is fixed i...

Security Bulletin: Vulnerability in Apache Tomcat affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Apache Tomcat has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

Astro 代码问题漏洞

Astro is an Astro open source web framework for content-driven websites. A code issue vulnerability exists in Astro versions 11.0.3 through 12.6.5 that stems from the presence of SSRF in the Cloudflare adapter, which could allow bypassing third-party domain restrictions...

CVE-2025-58179

Astro exposes an SSRF flaw in versions 11.0.3–12.6.5 when using the Cloudflare adapter with output: 'server' and the default imageService: 'compile'. The image optimization endpoint does not validate received URLs, enabling content from unauthorized third-party domains to be served. Root cause: a...

SUSE CVE-2017-0891

Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vulnerabilities in multiple components...

OpenJDK: Incorrect handling of certificate status messages during TLS handshake (JSSE, 8222678)

Vulnerability in the Java SE component of Oracle Java SE subcomponent: JSSE. Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE. Successful attacks require human...

OpenJDK: Non-constant time comparison in ChaCha20Cipher (Security, 8221344)

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Utilities. Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

Kentico SQL Injection Vulnerability

Kentico is the United States Kentico Software Corporation of a set of ASP.NET-based content management system CMS. The system consists of two main tools : Kentico CMS Desk is used to edit the content of the page ; Kentico CMS Controls is used to edit and control various elements of the page . An...