CVE CyberSecurity Database News (Page 217)

Feb 25, 2025 API OAuth Google

CVE-2024-12368 - How Odoo’s auth_oauth Module Exposed User OAuth Tokens (With Exploit Details)

CVE-2024-12368 is a critical vulnerability affecting Odoo Community 15. and Odoo Enterprise 15.. At the core of this vulnerability is improper access control in the

Feb 25, 2025 Microsoft PHP

CVE-2025-23046 - How a Vulnerability in GLPI’s OauthIMAP Plugin Can Let Attackers Sneak Into Your IT Management System

GLPI is a popular open-source IT asset and service management tool that’s especially favored by sysadmins in businesses and schools. Security is key for

Feb 25, 2025 RCE API

CVE-2025-26600 - Unpacking the Use-After-Free Flaw in X.Org & Xwayland

In early 2025, a critical security vulnerability, now known as CVE-2025-26600, was discovered in X.Org Server and its derivative, Xwayland. This vulnerability is a

Feb 25, 2025 RCE

CVE-2025-26599 - Exploiting an Uninitialized Pointer in X.Org and Xwayland’s compCheckRedirect()

A newly published vulnerability, CVE-2025-26599, was discovered in X.Org and Xwayland, affecting their handling of window redirection. This flaw revolves around improper management of

Feb 25, 2025

CVE-2025-26601 - Use-After-Free in X.Org/XWayland Alarm Handling (**Exclusive Write-up**)

A deep dive into the newly disclosed CVE-2025-26601 use-after-free vulnerability affecting X.Org and Xwayland. Read on to understand the bug, discover original links, see