24h | 7d | 30d

Overview

  • Apache Software Foundation
  • Apache SkyWalking

27 Nov 2025
Published
28 Nov 2025
Updated

CVSS
Pending
EPSS
0.03%

KEV

Description

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache SkyWalking. This issue affects Apache SkyWalking: <= 10.2.0. Users are recommended to upgrade to version 10.3.0, which fixes the issue.

Statistics

  • 1 Post

Last activity: 14 hours ago

Bluesky

Profile picture
Security Alert: Apache SkyWalking Stored XSS Vulnerability (CVE-2025-54057)
  • 0
  • 0
  • 0
  • 14h ago

Overview

  • Pending

04 Jul 2024
Published
29 Nov 2025
Updated

CVSS v3.1
HIGH (8.6)
EPSS
0.20%

KEV

Description

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..

Statistics

  • 1 Post

Last activity: 20 hours ago

Bluesky

Profile picture
Just published: Deep dive on CVE-2024-39936 patching for #Debian 11 systems. This Qt HTTP/2 race condition requires immediate attention. Step-by-step remediation guide for sysadmins. Read more: ๐Ÿ‘‰ tinyurl.com/yx24jvp5 #Securanรงa
  • 0
  • 0
  • 0
  • 20h ago

Overview

  • orionsec
  • orion-ops

01 Dec 2025
Published
01 Dec 2025
Updated

CVSS v4.0
MEDIUM (5.3)
EPSS
Pending

KEV

Description

A vulnerability has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this issue is some unknown functionality of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineInfoController.java of the component SSH Connection Handler. Such manipulation of the argument host/sshPort/username/password/authType leads to server-side request forgery. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. A patch should be applied to remediate this issue. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post

Last activity: 4 hours ago

Fediverse

Profile picture

๐Ÿ›ก๏ธ MEDIUM SSRF in orionsec orion-ops (SSH Connection Handler, up to 5925824997a3109651bbde07460958a7be249ed1). Remote exploit possibleโ€”no patch from vendor. Restrict access, monitor traffic, validate inputs. CVE-2025-13809. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 4h ago

Overview

  • PostgreSQL

13 Nov 2025
Published
13 Nov 2025
Updated

CVSS v3.1
MEDIUM (5.9)
EPSS
0.05%

KEV

Description

Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 14 hours ago

Bluesky

Profile picture
๐Ÿšจ Security Advisory for #openSUSE Tumbleweed ๐Ÿšจ A new patch is available for PostgreSQL 17, addressing two vulnerabilities (CVE-2025-12817, CVE-2025-12818). Read more: ๐Ÿ‘‰ tinyurl.com/3yy57nz3 #Security
  • 0
  • 2
  • 0
  • 14h ago

Overview

  • PostgreSQL

13 Nov 2025
Published
13 Nov 2025
Updated

CVSS v3.1
LOW (3.1)
EPSS
0.04%

KEV

Description

Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 14 hours ago

Bluesky

Profile picture
๐Ÿšจ Security Advisory for #openSUSE Tumbleweed ๐Ÿšจ A new patch is available for PostgreSQL 17, addressing two vulnerabilities (CVE-2025-12817, CVE-2025-12818). Read more: ๐Ÿ‘‰ tinyurl.com/3yy57nz3 #Security
  • 0
  • 2
  • 0
  • 14h ago

Overview

  • Pending

24 Nov 2025
Published
24 Nov 2025
Updated

CVSS
Pending
EPSS
0.13%

KEV

Description

Null pointer dereference in coap_dtls_info_callback() in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a DTLS handshake where SSL_get_app_data() returns NULL.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 16 hours ago

Bluesky

Profile picture
Important security news for the #openSUSE Tumbleweed community. The libcoap library has received a significant security update, addressing nine documented vulnerabilities (CVE-2025-65493 to CVE-2025-65501). Read more: ๐Ÿ‘‰ tinyurl.com/32r6hmnd #Security
  • 0
  • 1
  • 0
  • 16h ago

Overview

  • Pending

24 Nov 2025
Published
24 Nov 2025
Updated

CVSS
Pending
EPSS
0.14%

KEV

Description

NULL pointer dereference in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS/TLS connection that triggers BIO_get_data() to return NULL.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 16 hours ago

Bluesky

Profile picture
Important security news for the #openSUSE Tumbleweed community. The libcoap library has received a significant security update, addressing nine documented vulnerabilities (CVE-2025-65493 to CVE-2025-65501). Read more: ๐Ÿ‘‰ tinyurl.com/32r6hmnd #Security
  • 0
  • 1
  • 0
  • 16h ago

Overview

  • xwiki
  • xwiki-platform

03 Sep 2025
Published
03 Sep 2025
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
2.05%

KEV

Description

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-2 through 16.10.6, configuration files are accessible through jsx and sx endpoints. It's possible to access and read configuration files by using URLs such as `http://localhost:8080/bin/ssx/Main/WebHome?resource=../../WEB-INF/xwiki.cfg&minify=false`. This is fixed in version 16.10.7.

Statistics

  • 2 Posts

Last activity: 2 hours ago

Fediverse

Profile picture

๐Ÿšจ New plugin: XWikiPlugin (CVE-2025-24893, CVE-2025-32429, CVE-2025-52472, CVE-2025-55748).

XWiki multiple critical vulnerabilities detection - RCE, SQL/HQL injection, and path traversal.

Results: leakix.net/search?q=%2Bplugin%

  • 0
  • 0
  • 1
  • 2h ago

Overview

  • xwiki
  • xwiki-platform

20 Feb 2025
Published
30 Oct 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
94.18%

Description

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any guest can perform arbitrary remote code execution through a request to `SolrSearch`. This impacts the confidentiality, integrity and availability of the whole XWiki installation. To reproduce on an instance, without being logged in, go to `<host>/xwiki/bin/get/Main/SolrSearch?media=rss&text=%7D%7D%7D%7B%7Basync%20async%3Dfalse%7D%7D%7B%7Bgroovy%7D%7Dprintln%28"Hello%20from"%20%2B%20"%20search%20text%3A"%20%2B%20%2823%20%2B%2019%29%29%7B%7B%2Fgroovy%7D%7D%7B%7B%2Fasync%7D%7D%20`. If there is an output, and the title of the RSS feed contains `Hello from search text:42`, then the instance is vulnerable. This vulnerability has been patched in XWiki 15.10.11, 16.4.1 and 16.5.0RC1. Users are advised to upgrade. Users unable to upgrade may edit `Main.SolrSearchMacros` in `SolrSearchMacros.xml` on line 955 to match the `rawResponse` macro in `macros.vm#L2824` with a content type of `application/xml`, instead of simply outputting the content of the feed.

Statistics

  • 2 Posts

Last activity: 2 hours ago

Fediverse

Profile picture

๐Ÿšจ New plugin: XWikiPlugin (CVE-2025-24893, CVE-2025-32429, CVE-2025-52472, CVE-2025-55748).

XWiki multiple critical vulnerabilities detection - RCE, SQL/HQL injection, and path traversal.

Results: leakix.net/search?q=%2Bplugin%

  • 0
  • 0
  • 1
  • 2h ago

Overview

  • xwiki
  • xwiki-platform

06 Oct 2025
Published
06 Oct 2025
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
1.40%

KEV

Description

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 4.3-milestone-1 and prior to versions 16.10.9, 17.4.2, and 17.5.0, the REST search URL is vulnerable to HQL injection via the `orderField` parameter. The specified value is added twice in the query, though, once in the field list for the select and once in the order clause, so it's not that easy to exploit. The part of the query between the two fields can be enclosed in single quotes to effectively remove them, but the query still needs to remain valid with the query two times in it. This has been patched in versions 17.5.0, 17.4.2, and 16.10.9. No known workarounds are available.

Statistics

  • 2 Posts

Last activity: 2 hours ago

Fediverse

Profile picture

๐Ÿšจ New plugin: XWikiPlugin (CVE-2025-24893, CVE-2025-32429, CVE-2025-52472, CVE-2025-55748).

XWiki multiple critical vulnerabilities detection - RCE, SQL/HQL injection, and path traversal.

Results: leakix.net/search?q=%2Bplugin%

  • 0
  • 0
  • 1
  • 2h ago
Showing 11 to 20 of 21 CVEs