OESA-2025-2819 kubernetes security update

Container cluster management. Security Fixes: A vulnerability was found in Kubernetes kube-controller-manager up to versions 1.30.14, 1.31.14, 1.32.9, 1.33.5 and 1.34.1. It has been classified as CWE-918 Server-Side Request Forgery. The web server receives a URL or similar request from an upstrea...

OESA-2025-2818 kubernetes security update

Container cluster management. Security Fixes: A vulnerability was found in Kubernetes kube-controller-manager up to versions 1.30.14, 1.31.14, 1.32.9, 1.33.5 and 1.34.1. It has been classified as CWE-918 Server-Side Request Forgery. The web server receives a URL or similar request from an upstrea...

OESA-2025-2817 kubernetes security update

Container cluster management. Security Fixes: A vulnerability was found in Kubernetes kube-controller-manager up to versions 1.30.14, 1.31.14, 1.32.9, 1.33.5 and 1.34.1. It has been classified as CWE-918 Server-Side Request Forgery. The web server receives a URL or similar request from an upstrea...

OESA-2025-2816 kubernetes security update

Container cluster management. Security Fixes: A vulnerability was found in Kubernetes kube-controller-manager up to versions 1.30.14, 1.31.14, 1.32.9, 1.33.5 and 1.34.1. It has been classified as CWE-918 Server-Side Request Forgery. The web server receives a URL or similar request from an upstrea...

OESA-2025-2815 kubernetes security update

Container cluster management. Security Fixes: A vulnerability was found in Kubernetes kube-controller-manager up to versions 1.30.14, 1.31.14, 1.32.9, 1.33.5 and 1.34.1. It has been classified as CWE-918 Server-Side Request Forgery. The web server receives a URL or similar request from an upstrea...

BIT-JENKINS-2025-67637

Jenkins 2.540 and earlier, LTS 2.528.2 and earlier stores build authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2025-56107

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the submitwifi in file /usr/lib/lua/luci/controller/admin/commonquickconfig.lua...

WordPress Plugin Geo Controller Information Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information...

EUVD-2025-202723

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the networksetwanconf in file /usr/lib/lua/luci/controller/admin/netport.lua...

EUVD-2025-202728

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the submitwifi in file /usr/lib/lua/luci/controller/admin/commonquickconfig.lua...

CVE-2025-56127

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the getwanobj in file /usr/lib/lua/luci/controller/admin/common.lua...

CVE-2025-56111

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the networksetwanconf in file /usr/lib/lua/luci/controller/admin/netport.lua...

CVE-2025-56096

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the restartmodules in file /usr/lib/lua/luci/controller/admin/common.lua...

CVE-2025-56082

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the checkchanges in file /usr/lib/lua/luci/controller/admin/common.lua...

CVE-2025-56087

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the runtcpdump in file /usr/lib/lua/luci/controller/admin/commontcpdump.lua...

CVE-2025-67648

Shopware is an open commerce platform. Versions 6.4.6.0 through 6.6.10.9 and 6.7.0.0 through 6.7.5.0 have a Reflected XSS vulnerability in AuthController.php. A request parameter from the login page URL is directly rendered within the Twig template of the Storefront login page without further...

PT-2025-50689

Name of the Vulnerable Software and Affected Versions Ruijie RG-BCR RG-BCR600W affected versions not specified Description An issue exists that allows attackers to execute arbitrary commands. This can be triggered by sending a specially crafted POST request to the get wanobj function within the...

Ruijie RG-BCR 安全漏洞

Ruijie RG-BCR is a series of cloud routers from China Ruijie Ruijie. A security vulnerability exists in the Ruijie RG-BCR RG-BCR860 version, which stems from improper handling of a specially crafted POST request for networksetwanconf in the file /usr/lib/lua/luci/controller/admin/netport.lua, whi...

Ruijie RG-BCR 安全漏洞

Ruijie RG-BCR is a series of cloud routers from China Ruijie Ruijie. A security vulnerability exists in the Ruijie RG-BCR RG-BCR600W version, which originates from unvalidated input to the restartmodules function in the file /usr/lib/lua/luci/controller/admin/common.lua, which could lead to an OS...

CVE-2025-56082

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the checkchanges in file /usr/lib/lua/luci/controller/admin/common.lua...