PT-2025-37106

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 16.11 through 18.3.2 Description An issue has been discovered in GitLab CE/EE that allows authenticated users to make unintended internal requests through proxy environments by injecting crafted sequences. The vulnerabili...

Linux Distros Unpatched Vulnerability : CVE-2014-4465

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style...

Linux Distros Unpatched Vulnerability : CVE-2011-0161

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the...

Zip Slip

Overview monai is an AI Toolkit for Healthcare Imaging Affected versions of this package are vulnerable to Zip Slip via the use of zipfile.extractalloutputdir. An attacker can overwrite arbitrary files on the system by supplying a crafted zip archive containing files with path traversal sequences...

Security Bulletin: HTTP Request/Response Splitting via Improper CRLF Neutralization in Payara Server and Micro (Grizzly, REST Modules), affects watsonx.data

Summary Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in Payara Platform Payara Server Grizzly, REST Management Interface modules, Payara Platform Payara Micro Grizzly modules allows Manipulating State, Identity Spoofing.This issue affec...

Directory Traversal

Overview sirv is a The optimized & lightweight middleware for serving requests to static assets Affected versions of this package are vulnerable to Directory Traversal via the viaLocal function, which uses a dirname prefix. An attacker can access files outside the intended public directory by...

CVE-2025-52288

Assertion failure in function ngapbuilddownlinknastransport in file src/amf/ngap-build.c, the Access and Mobility Management Function AMF component, in Open5GS thru 2.7.5 allowing attackers to cause a denial of service or other unspecified impacts via repeated UE connect and disconnect message...

CVE-2025-52288

Assertion failure in function ngapbuilddownlinknastransport in file src/amf/ngap-build.c, the Access and Mobility Management Function AMF component, in Open5GS thru 2.7.5 allowing attackers to cause a denial of service or other unspecified impacts via repeated UE connect and disconnect message...

Reachable Assertion

Overview Affected versions of this package are vulnerable to Reachable Assertion via the ngapbuilddownlinknastransport function in the Access and Mobility Management Function AMF component. An attacker can cause the process to terminate unexpectedly by repeatedly sending UE connect and disconnect...

CVE-2025-58438

internetarchive is a Python and Command-Line Interface to Archive.org In versions 5.5.0 and below, there is a directory traversal path traversal vulnerability in the File.download method of the internetarchive library. The file.download method does not properly sanitize user-supplied filenames or...

aide: improper output neutralization enables bypassing

A flaw was found in AIDE. This flaw allows an attacker to craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and tamper with the log output. A local user may exploit this to bypass AIDE's detection of malicious files...

Fixed in Apache Tomcat 10.1.45

Low: Console manipulation via escape sequences in log messages CVE-2025-55754 Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a...

PT-2025-36506

Name of the Vulnerable Software and Affected Versions: Open5GS versions through 2.7.5 Description: An assertion failure in the ngap build downlink nas transport function within the src/amf/ngap-build.c file, part of the Access and Mobility Management Function AMF component, can lead to a denial o...

CVE-2025-52288

Assertion failure in function ngapbuilddownlinknastransport in file src/amf/ngap-build.c, the Access and Mobility Management Function AMF component, in Open5GS thru 2.7.5 allowing attackers to cause a denial of service or other unspecified impacts via repeated UE connect and disconnect message...

CVE-2025-52288

Assertion failure in function ngapbuilddownlinknastransport in file src/amf/ngap-build.c, the Access and Mobility Management Function AMF component, in Open5GS thru 2.7.5 allowing attackers to cause a denial of service or other unspecified impacts via repeated UE connect and disconnect message...

CVE-2025-52288

Summary (CVE-2025-52288): Open5GS up to version 2.7.5 has an assertion failure in the AMF ngap-build function (ngap_build_downlink_nas_transport) that can cause a denial of service via repeated UE connect/disconnect sequences. The issue is exploitable through the AMF component and is tracked with...

openSUSE Security Advisory (SUSE-SU-2025:03082-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2025-43997

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 8.5.60 through 8.5.100 Apache Tomcat versions 9.0.40 through 9.0.108 Apache Tomcat versions 10.1.0-M1 through 10.1.44 Apache Tomcat versions 11.0.0-M1 through 11.0.10 Description Tomcat did not properly handle ANSI escap...

Linux Distros Unpatched Vulnerability : CVE-2025-58438

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - internetarchive is a Python and Command-Line Interface to Archive.org In versions 5.5.0 and below, there is a directory traversal path traversal vulnerability i...

Directory Traversal

Overview internetarchive is an A Python interface to archive.org. Affected versions of this package are vulnerable to Directory Traversal via the download function in the file.py file, which does not properly sanitize user-supplied filenames or validate the final download path. An attacker can...