π¨ CVE-2025-7849
A memory corruption vulnerability due to improper error handling when a VILinkObj is null exists in NI LabVIEW that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.
π@cveNotify
A memory corruption vulnerability due to improper error handling when a VILinkObj is null exists in NI LabVIEW that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.
π@cveNotify
Ni
Memory Corruption Vulnerabilities in NI LabVIEW
There are two memory corruption vulnerabilities due to improper error handling that exist in NI LabVIEW that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. These vulnerabilitiesβ¦
π¨ CVE-2025-51501
Reflected Cross-Site Scripting (XSS) in the id parameter of the live_edit.module_settings API endpoint in Microweber CMS2.0 allows execution of arbitrary JavaScript.
π@cveNotify
Reflected Cross-Site Scripting (XSS) in the id parameter of the live_edit.module_settings API endpoint in Microweber CMS2.0 allows execution of arbitrary JavaScript.
π@cveNotify
GitHub
GitHub - progprnv/CVE-Reports
Contribute to progprnv/CVE-Reports development by creating an account on GitHub.
π¨ CVE-2025-51502
Reflected Cross-Site Scripting (XSS) in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users.
π@cveNotify
Reflected Cross-Site Scripting (XSS) in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users.
π@cveNotify
GitHub
GitHub - progprnv/CVE-Reports
Contribute to progprnv/CVE-Reports development by creating an account on GitHub.
π¨ CVE-2025-51504
Microweber CMS 2.0 is vulnerable to Cross Site Scripting (XSS)in the /projects/profile, homepage endpoint via the last name field.
π@cveNotify
Microweber CMS 2.0 is vulnerable to Cross Site Scripting (XSS)in the /projects/profile, homepage endpoint via the last name field.
π@cveNotify
GitHub
GitHub - progprnv/CVE-Reports
Contribute to progprnv/CVE-Reports development by creating an account on GitHub.
π¨ CVE-2022-21661
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability.
π@cveNotify
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability.
π@cveNotify
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
π¨ CVE-2020-10650
A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jndi.CacheJndiTmFactory, and org.quartz.utils.JNDIConnectionProvider.
π@cveNotify
A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jndi.CacheJndiTmFactory, and org.quartz.utils.JNDIConnectionProvider.
π@cveNotify
GitHub
Fix #2658 Β· FasterXML/jackson-databind@a424c03
General data-binding package for Jackson (2.x): works on streaming API (core) implementation(s) - Fix #2658 Β· FasterXML/jackson-databind@a424c03
π¨ CVE-2025-21442
Memory corruption while transmitting packet mapping information with invalid header payload size.
π@cveNotify
Memory corruption while transmitting packet mapping information with invalid header payload size.
π@cveNotify
π¨ CVE-2024-49825
IBM Robotic Process Automation and Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.20 and 23.0.0 through 23.0.20 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.
π@cveNotify
IBM Robotic Process Automation and Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.20 and 23.0.0 through 23.0.20 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.
π@cveNotify
Ibm
Security Bulletin: A vulnerability exists in the IBM Robotic Process Automation Control Center where user sessions are not invalidateβ¦
A vulnerability exists in IBM Robotic Process Automation Control Center where user sessions are not invalidate after logout. This bulletin identifies the fixes or remediations available to resolve this vulnerability.
π¨ CVE-2024-22314
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.12 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
π@cveNotify
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.12 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
π@cveNotify
Ibm
Security Bulletin: A denial-of-service attack, TE.CL request smuggling, a man-in-the-middle attack, and other vulnerabilities mightβ¦
IBM Storage Defender - Resiliency Service is vulnerable denial-of-service attack, TE.CL request smuggling, a man-in-the-middle attack, and others. The vulnerabilities have been addressed.
π₯1
π¨ CVE-2023-52927
In the Linux kernel, the following vulnerability has been resolved:
netfilter: allow exp not to be removed in nf_ct_find_expectation
Currently nf_conntrack_in() calling nf_ct_find_expectation() will
remove the exp from the hash table. However, in some scenario, we
expect the exp not to be removed when the created ct will not be
confirmed, like in OVS and TC conntrack in the following patches.
This patch allows exp not to be removed by setting IPS_CONFIRMED
in the status of the tmpl.
π@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
netfilter: allow exp not to be removed in nf_ct_find_expectation
Currently nf_conntrack_in() calling nf_ct_find_expectation() will
remove the exp from the hash table. However, in some scenario, we
expect the exp not to be removed when the created ct will not be
confirmed, like in OVS and TC conntrack in the following patches.
This patch allows exp not to be removed by setting IPS_CONFIRMED
in the status of the tmpl.
π@cveNotify
π¨ CVE-2024-45556
Cryptographic issue may arise because the access control configuration permits Linux to read key registers in TCSR.
π@cveNotify
Cryptographic issue may arise because the access control configuration permits Linux to read key registers in TCSR.
π@cveNotify
π¨ CVE-2024-45557
Memory corruption can occur when TME processes addresses from TZ and MPSS requests without proper validation.
π@cveNotify
Memory corruption can occur when TME processes addresses from TZ and MPSS requests without proper validation.
π@cveNotify
π¨ CVE-2025-21423
Memory corruption occurs when handling client calls to EnableTestMode through an Escape call.
π@cveNotify
Memory corruption occurs when handling client calls to EnableTestMode through an Escape call.
π@cveNotify
π¨ CVE-2025-21425
Memory corruption may occur due top improper access control in HAB process.
π@cveNotify
Memory corruption may occur due top improper access control in HAB process.
π@cveNotify
π¨ CVE-2025-50434
A security issue has been identified in Appian Enterprise Business Process Management version 25.3. The vulnerability is related to incorrect access control, which under certain conditions could allow unauthorized access to information.
π@cveNotify
A security issue has been identified in Appian Enterprise Business Process Management version 25.3. The vulnerability is related to incorrect access control, which under certain conditions could allow unauthorized access to information.
π@cveNotify
Gist
CVE-2025-50434.md
GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2023-4458
A flaw was found within the parsing of extended attributes in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on affected installations of Linux. Only systems with ksmbd enabled are vulnerable to this CVE.
π@cveNotify
A flaw was found within the parsing of extended attributes in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on affected installations of Linux. Only systems with ksmbd enabled are vulnerable to this CVE.
π@cveNotify
π¨ CVE-2025-0149
Insufficient verification of data authenticity in some Zoom Workplace Apps may allow an unprivileged user to conduct a denial of service via network access.
π@cveNotify
Insufficient verification of data authenticity in some Zoom Workplace Apps may allow an unprivileged user to conduct a denial of service via network access.
π@cveNotify
Zoom
ZSB-25008
π¨ CVE-2025-23084
A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory.
On Windows, a path that does not start with the file separator is treated as relative to the current directory.
This vulnerability affects Windows users of `path.join` API.
π@cveNotify
A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory.
On Windows, a path that does not start with the file separator is treated as relative to the current directory.
This vulnerability affects Windows users of `path.join` API.
π@cveNotify