Zyxel VMG3625-T50B 操作系统命令注入漏洞

The Zyxel VMG3625-T50B is a WiFi device produced by the Zyxel company. The firmware version 5.50ABPM.9.7C0 and earlier contain a vulnerability related to operating system command injection. This vulnerability stems from the CGI program used for downloading the TR-369 certificate, which allows for...

Dell PowerScale OneFS 9.4.0.0 <= 9.10.1.0 / 9.7 < 9.7.1.8 DoS

The version of Dell PowerScale OneFS running on the remote host is affected by contains an out-of-bounds write flaw. A local low privileged attacker could potentially exploit this, leading to denial of service. Note that Nessus has not tested for this issue but has instead relied only on the...

Security Bulletin: IBM Rational® Application Developer for WebSphere® Software is vulnerable to a remote attack to take over Java SE

Summary IBM® SDK, Java™ Technology Edition, is used by IBM Rational® Application Developer for WebSphere® Software as the runtime and development kit. CVE-2025-50106 Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM...

EUVD-2019-11354

Malware in sbrugna...

EUVD-2022-30426

Malicious code in bioql PyPI...

EUVD-2022-30419

Malicious code in bioql PyPI...

EUVD-2022-30425

Malicious code in bioql PyPI...

EUVD-2022-30422

Malicious code in bioql PyPI...

Apache Solr 6.6.x < 9.8.0 Relative Path Traversal

Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the 'configset upload' API. Commonly known as a 'zipslip', maliciously constructed ZIP files can use relative filepaths t...

CVE-2025-9636

pgAdmin = 9.7 is affected by a Cross-Origin Opener Policy COOP vulnerability. This vulnerability allows an attacker to manipulate the OAuth flow, potentially leading to unauthorised account access, account takeover, data breaches, and privilege escalation...

weldr-client security update

35.12-4 - Bump release for y-stream AND z-stream building using centpkg build --rhel-target=zstream Related: RHEL-89344 35.12-3 - tests: OSTree does not support the qcow2 image type - Add test repositories for RHEL 9.6 and 9.7 - Rebuild for CVE-2025-22871 Resolves: RHEL-89344...

CVE-2019-20818

An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows memory consumption because data is created for each page of an application level...

CVE-2024-1969

Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in Secomea GateManager webserver modules allows crash of GateManager.This issue affects GateManager: from 9.7 before 11.2.624095033...

PT-2024-17506 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.7.x through 9.7.5 Mattermost versions 9.8.x through 9.8.2 Mattermost versions 9.9.x through 9.9.2 Description: The issue arises from the failure to properly propagate permission scheme updates across cluster nodes. This...

PT-2024-34193 · Unknown · Wpsoul Greenshift

Name of the Vulnerable Software and Affected Versions: Wpsoul Greenshift – animation and page builder blocks versions 9.7 and earlier Description: The issue is related to Incorrect Authorization, allowing exploitation due to incorrectly configured access control security levels. Recommendations:...

BIT-MATTERMOST-2024-41144

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5, 9.8.x = 9.8.1 fail to properly validate synced posts, when shared channels are enabled, which allows a malicious remote to create/update/delete arbitrary posts in arbitrary channels...

Apple Security Update: iOS 16.7.10 and iPadOS 16.7.10

Apple recommends to install security update iOS 16.7.10 and iPadOS 16.7.10 on devices iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation...

Apple Security Update: iOS 16.7.10 and iPadOS 16.7.10

Apple recommends to install security update iOS 16.7.10 and iPadOS 16.7.10 on devices iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation...

GHSA-JR9X-3X7M-4J75 Mattermost allows a remote actor to make an arbitrary local channel read-only

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5 and 9.8.x = 9.8.1 fail to disallow the modification of local channels by a remote, when shared channels are enabled, which allows a malicious remote to make an arbitrary local channel read-only...

Mattermost allows a user on a remote to set their remote username prop to an arbitrary string

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5, 9.8.x = 9.8.1 fail to disallow users to set their own remote username, when shared channels were enabled, which allows a user on a remote to set their remote username prop to an arbitrary string, which would be then synced to the...