CVE-2025-6454 Server-Side Request Forgery (SSRF) in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to make unintended internal requests through proxy environments by injecting crafted sequences...

php: Single byte overread with convert.quoted-printable-decode filter

A memory-related vulnerability was found in PHP’s filter handling system, particularly when processing input with convert.quoted-printable-decode filters. This issue can lead to a segmentation fault. This vulnerability is triggered through specific sequences of input data, causing PHP to crash...

SUSE-SU-2025:20696-1 Security update for vim

This update for vim fixes the following issues: - CVE-2025-53906: Fixed malicious zip archive causing path traversal bsc1246602 - CVE-2025-53905: Fixed malicious tar archive causing path traversal bsc1246604 - CVE-2025-55157: Fixed use-after-free in internal tuple reference management bsc1247938 ...

Security update for vim

This update for vim fixes the following issues: CVE-2025-53906: Fixed malicious zip archive causing path traversal bsc1246602 CVE-2025-53905: Fixed malicious tar archive causing path traversal bsc1246604 CVE-2025-55157: Fixed use-after-free in internal tuple reference management bsc1247938...

CVE-2025-9918

A Path Traversal vulnerability in the archive extraction component in Google SecOps SOAR Server versions 6.3.54.0, 6.3.53.2, and all prior versions allows an authenticated attacker with permissions to import Use Cases to achieve Remote Code Execution RCE via uploading a malicious ZIP archive...

CVE-2025-9918 Zip Slip in Google SecOps SOAR allows for Remote Code Execution

A Path Traversal vulnerability in the archive extraction component in Google SecOps SOAR Server versions 6.3.54.0, 6.3.53.2, and all prior versions allows an authenticated attacker with permissions to import Use Cases to achieve Remote Code Execution RCE via uploading a malicious ZIP archive...

CVE-2025-9918 Zip Slip in Google SecOps SOAR allows for Remote Code Execution

A Path Traversal vulnerability in the archive extraction component in Google SecOps SOAR Server versions 6.3.54.0, 6.3.53.2, and all prior versions allows an authenticated attacker with permissions to import Use Cases to achieve Remote Code Execution RCE via uploading a malicious ZIP archive...

CVE-2025-9918

CVE-2025-9918 describes a Path Traversal vulnerability in the archive extraction component of Google SecOps SOAR Server, affecting version 6.3.54.0, 6.3.53.2 and earlier. An authenticated attacker with import-use-case permissions can achieve Remote Code Execution by uploading a malicious ZIP arch...

PT-2025-37160

Name of the Vulnerable Software and Affected Versions: Google SecOps SOAR Server versions prior to 6.3.54.0 Description: A path traversal flaw exists in the archive extraction component of Google SecOps SOAR Server. This allows an authenticated attacker with Use Case import permissions to achieve...

Directory Traversal

Overview xml2rfc is a Xml2rfc generates RFCs and IETF drafts from document source in XML according to the IETF xml2rfc v2 and v3 vocabularies. Affected versions of this package are vulnerable to Directory Traversal via the processing of link elements with rel="attachment" in prepped RFCXML files...

CVE-2025-41714

The upload endpoint insufficiently validates the 'Upload-Key' request header. By supplying path traversal sequences, an authenticated attacker can cause the server to create upload-related artifacts outside the intended storage location. In certain configurations this enables arbitrary file write...

CVE-2025-41714 Path Traversal via 'Upload-Key' in SmartEMS Upload Handling

The upload endpoint insufficiently validates the 'Upload-Key' request header. By supplying path traversal sequences, an authenticated attacker can cause the server to create upload-related artifacts outside the intended storage location. In certain configurations this enables arbitrary file write...

CVE-2025-41714 Path Traversal via 'Upload-Key' in SmartEMS Upload Handling

The upload endpoint insufficiently validates the 'Upload-Key' request header. By supplying path traversal sequences, an authenticated attacker can cause the server to create upload-related artifacts outside the intended storage location. In certain configurations this enables arbitrary file write...

CVE-2025-41714

CVE-2025-41714 affects the Welotec SmartEMS Web Application (SmartEMS Upload Handling). The issue is in the upload endpoint where the Upload-Key header is not adequately validated, allowing path traversal sequences to cause upload-related artifacts to be created outside the intended storage locat...

CVE-2025-52288

Assertion failure in function ngapbuilddownlinknastransport in file src/amf/ngap-build.c, the Access and Mobility Management Function AMF component, in Open5GS thru 2.7.5 allowing attackers to cause a denial of service or other unspecified impacts via repeated UE connect and disconnect message...

PT-2025-37013

Name of the Vulnerable Software and Affected Versions: versions prior to 2025-41714 Description: The upload endpoint does not adequately validate the Upload-Key request header. An authenticated attacker can use path traversal sequences within the header to create files outside the intended storag...

Linux Distros Unpatched Vulnerability : CVE-2017-16875

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Teluu pjproject pjlib and pjlib-util in PJSIP before 2.7.1. The ioqueue component may issue a double key unregistration after an...

PT-2025-37106

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 16.11 through 18.3.2 Description An issue has been discovered in GitLab CE/EE that allows authenticated users to make unintended internal requests through proxy environments by injecting crafted sequences. The vulnerabili...

Linux Distros Unpatched Vulnerability : CVE-2014-4465

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style...

Linux Distros Unpatched Vulnerability : CVE-2011-0161

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the...