CVE-2025-20346

A vulnerability in Cisco Catalyst Center could allow an authenticated, remote attacker to execute operations that should require Administrator privileges. The attacker would need valid read-only user credentials. This vulnerability is due to improper role-based access control RBAC. An attacker...

CVE-2025-20346 Cisco Catalyst Center Privilege Escalation Vulnerability

A vulnerability in Cisco Catalyst Center could allow an authenticated, remote attacker to execute operations that should require Administrator privileges. The attacker would need valid read-only user credentials. This vulnerability is due to improper role-based access control RBAC. An attacker...

Cisco Catalyst Center Privilege Escalation Vulnerability

A vulnerability in Cisco Catalyst Center could allow an authenticated, remote attacker to execute operations that should require Administrator privileges. The attacker would need valid read-only user credentials. This vulnerability is due to improper role-based access control RBAC. An attacker...

CVE-2025-12536

The SureForms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.1 via the 'srfmemailnotification' post meta registration. This is due to setting the 'authcallback' parameter to 'returntrue', which allows unauthenticated access to the...

Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details

Impact The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Parse Server permits any client to execute explain queries without requiring the master key. This exposes: - Database schema...

PT-2025-46864

Name of the Vulnerable Software and Affected Versions Cisco Catalyst Center affected versions not specified Description A flaw exists in Cisco Catalyst Center that could allow a remote attacker with valid read-only user credentials to perform actions typically reserved for Administrator privilege...

MAL-2025-165622 Malicious code in saku-aimaku-umuaialakdaosoai (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e140db5d487173998a91548f6b905af4766564fb3b86837f929fb36a35cc416 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in betelgeuse-exec-update-magellan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e555950e15a7e2b4e020ff7b30c178cb7e9d44c348eb8310e6831db7125e83f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EulerOS 2.0 SP12 : mod_http2 (EulerOS-SA-2025-2335)

According to the versions of the modhttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In certain proxy configurations, a denial of service attack againstApache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by...

Huawei EulerOS: Security Advisory for mod_http2 (EulerOS-SA-2025-2395)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-12101

Cross-Site Scripting XSS in NetScaler ADC and NetScaler Gateway when the appliance is configured as a Gateway VPN virtual server, ICA Proxy, CVPN, RDP Proxy OR AAA virtual server...

KB5068403 - Description of the security update for SQL Server 2017 GDR: November 11, 2025

KB5068403 - Description of the security update for SQL Server 2017 GDR: November 11, 2025 Summary Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This security update contains...

CVE-2025-64502 Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Prior to version 8.5.0-alpha....

CVE-2025-64502 Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Prior to version 8.5.0-alpha....

MantisBT Authorization Issue Vulnerability (CNVD-2025-28527)

MantisBT is a Web-based open source defect tracking system of the MantisBT team . The system provides project management and defect tracking services in the form of Web operations. An authorization issue vulnerability exists in MantisBT 2.27.1 and earlier versions, which stems from insufficient...

Nuxt DevTools 安全漏洞

Nuxt DevTools is an open source set of visualization tools from Nuxt. A security vulnerability exists in Nuxt DevTools version 2.6.4 that stems from the possibility of extracting Nuxt authentication tokens via cross-site scripting under certain configurations...

tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve

A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use...

tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve

A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use...

PT-2025-45389

Name of the Vulnerable Software and Affected Versions affected versions not specified Description A flaw exists due to inadequate input sanitization when processing configuration files. An attacker can upload a crafted configuration file to cause a denial-of-service condition, traverse directorie...

Cursor 操作系统命令注入漏洞

Cursor is an AI code editor from Cursor open source. An operating system command injection vulnerability exists in versions prior to Cursor 2025.09.17-25b418f, which stems from an MCP server mechanism that allows the upload of malicious MCP configurations, which could lead to remote code executio...