CVE-2025-62367

Taiga is an open source project management platform. In versions 6.8.3 and earlier, Taiga API is vulnerable to time-based blind SQL injection allowing sensitive data disclosure via response timing. This issue is fixed in version 6.9.0...

CVE-2025-62368 Taiga Authenticated Remote Code Execution

Taiga is an open source project management platform. In versions 6.8.3 and earlier, a remote code execution vulnerability exists in the Taiga API due to unsafe deserialization of untrusted data. This issue is fixed in version 6.9.0...

CVE-2025-62367

Taiga (open source project management platform) – CVE-2025-62367 affects Taiga API in versions 6.8.3 and earlier, where a time-based blind SQL injection can disclose sensitive data via response timing. Root cause: improper handling of API input enabling blind SQL injection. Impact: potential expo...

PT-2025-44207

Name of the Vulnerable Software and Affected Versions Taiga versions prior to 6.9.0 Description Taiga, an open source project management platform, has an issue in its API. Versions 6.8.3 and earlier are susceptible to time-based blind SQL injection, potentially leading to the disclosure of...

CVE-2025-6338

There is an incomplete cleanup vulnerability in Qt Network's Schannel support on Windows which can lead to a Denial of Service over a long period.This issue affects Qt from 5.15.0 through 6.8.3, from 6.9.0 before 6.9.2...

EUVD-2025-34743

There is an incomplete cleanup vulnerability in Qt Network's Schannel support on Windows which can lead to a Denial of Service over a long period.This issue affects Qt from 5.15.0 through 6.8.3, from 6.9.0 before 6.9.2...

EUVD-2021-23264

Malware in sbrugna...

EUVD-2024-35500

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-6782

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper access control in Calibre 6.9.0 7.14.0 allow unauthenticated attackers to achieve remote code execution. CVE-2024-6782 Note that Nessus relies on the...

Qt 安全漏洞

Qt is a cross-platform application development framework from the Qt open source. A security vulnerability exists in Qt versions 6.6.0 through 6.8.3 and 6.9.0 through 6.9.1, which stems from the fact that passing a value out of the expected range could result in a denial of service...

Security advisory: Recently discovered Use After Free issue in QHttp2ProtocolHandler impacts Qt

There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This has been assigned the CVE id CVE-2025-5991. Affected versions: Qt version 6.9.0. This is fixed in 6.9.1. Impact: This only affects HTTP/2 handling, HTTP handling is not affected by this at all...

CVE-2025-5991

There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how QHttp2Stream uploads the body of a POST request and the simultaneous...

CVE-2025-5991 Use after free in QHttp2ProtocolHandler

There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how QHttp2Stream uploads the body of a POST request and the simultaneous...

CVE-2025-5991 Use after free in QHttp2ProtocolHandler

There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how QHttp2Stream uploads the body of a POST request and the simultaneous...

CVE-2025-5683

When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash. This issue affects Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. This is fixed in 6.5.10, 6.8.5 and 6.9.1...

UBUNTU-CVE-2025-5683

When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash. This issue affects Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. This is fixed in 6.5.10, 6.8.5 and 6.9.1...

Fedora 41 : php-tcpdf (2025-85549e07c8)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-85549e07c8 advisory. Version 6.9.1 2025-04-03 - Fixed Path Traversal security vulnerability reported by Positive Technologies. ---- Version 6.9.0 2025-03-30 - Added PHP 8.4...

CVE-2024-12118 The Events Calendar <= 6.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Event Calendar Link Widget through the htmltag attribute in all versions up to, and including, 6.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

PT-2024-16491 · Woocommerce · Booking & Appointment Plugin For Woocommerce

Name of the Vulnerable Software and Affected Versions: Booking & Appointment Plugin for WooCommerce version 6.9.0 and earlier Description: The issue is related to a missing capability check in the save google calendar data function, allowing authenticated attackers with subscriber-level permissio...

WordPress Booking & Appointment Plugin for WooCommerce Plugin <= 6.9.0 is vulnerable to Broken Access Control

Software Booking & Appointment Plugin for WooCommerce Type Plugin Vulnerable versions = 6.9.0 Fixed in 6.10.0 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Access Control CVE CVE-2024-10729 Patch priority High CVSS severity High 8.8 Developer Claim ownership PS...