CVE-2025-47342 Use After Free in BT Controller

Transient DOS may occur when multi-profile concurrency arises with QHS enabled...

PT-2025-41456

Name of the Vulnerable Software and Affected Versions Portabilis i-Educar versions up to 2.9.10 Description A security issue exists in Portabilis i-Educar. The problem relates to insecure inherited permissions within the User Type Handler component, specifically in the file...

CVE-2025-59303

HAProxy Kubernetes Ingress Controller before 3.1.13, when the config-snippets feature flag is used, accepts config snippets from users with create/update permissions. This can result in obtaining an ingress token secret as a response. The fixed versions of HAProxy Enterprise Kubernetes Ingress...

Information Disclosure

sigs.k8s.io/secrets-store-sync-controller is vulnerable to Information Disclosure. The vulnerability is due to improper error handling and service account tokens being logged during parameter marshaling errors, and attackers with log access can use these tokens to retrieve secrets from cloud vaul...

Cross-site Scripting (XSS)

Overview webreinvent/vaahcms is a laravel based open-source web application development platform shipped with headless content management system. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the upload function in the MediaController.php file. An attacker can...

CVE-2025-11433 itsourcecode Leave Management System Query Parameter controller.php redirect cross site scripting

A security flaw has been discovered in itsourcecode Leave Management System 1.0. This impacts the function redirect of the file /module/employee/controller.php?action=reset of the component Query Parameter Handler. Performing a manipulation of the argument ID results in cross site scripting. It i...

CVE-2025-11433 itsourcecode Leave Management System Query Parameter controller.php redirect cross site scripting

A security flaw has been discovered in itsourcecode Leave Management System 1.0. This impacts the function redirect of the file /module/employee/controller.php?action=reset of the component Query Parameter Handler. Performing a manipulation of the argument ID results in cross site scripting. It i...

Linux Distros Unpatched Vulnerability : CVE-2023-53603

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scsi: qla2xxx: Avoid fcport pointer dereference Klocwork reported warning of NULL pointer may be dereferenced. The routine exits when sactl is NULL and fcport i...

CVE-2025-59303

HAProxy Kubernetes Ingress Controller (before 3.1.13) is vulnerable when the config-snippets feature flag is enabled: it can accept user-provided config snippets from users with create/update permissions, potentially leaking an ingress token secret. Fixed versions are HAProxy Kubernetes Ingress C...

CVE-2025-59303

HAProxy Kubernetes Ingress Controller before 3.1.13, when the config-snippets feature flag is used, accepts config snippets from users with create/update permissions. This can result in obtaining an ingress token secret as a response. The fixed versions of HAProxy Enterprise Kubernetes Ingress...

PT-2025-41301

Name of the Vulnerable Software and Affected Versions Curo UC300 version 5.42.1.7.1.63R1 Description A flaw exists within the Admin panel that permits local attackers to inject arbitrary OS Commands. The injection occurs through the IP Addr parameter. Recommendations At the moment, there is no...

PT-2025-41287

Name of the Vulnerable Software and Affected Versions HAProxy Kubernetes Ingress Controller versions prior to 3.1.13 HAProxy Enterprise Kubernetes Ingress Controller versions prior to 3.0.16-ee1 HAProxy Enterprise Kubernetes Ingress Controller versions prior to 1.11.13-ee1 HAProxy Enterprise...

CVE-2025-59303

HAProxy Kubernetes Ingress Controller before 3.1.13, when the config-snippets feature flag is used, accepts config snippets from users with create/update permissions. This can result in obtaining an ingress token secret as a response. The fixed versions of HAProxy Enterprise Kubernetes Ingress...

EUVD-2025-33296

HAProxy Kubernetes Ingress Controller before 3.1.13, when the config-snippets feature flag is used, accepts config snippets from users with create/update permissions. This can result in obtaining an ingress token secret as a response. The fixed versions of HAProxy Enterprise Kubernetes Ingress...

Incomplete Filtering of Special Elements

Overview Affected versions of this package are vulnerable to Incomplete Filtering of Special Elements in the config-snippets feature flag. An attacker can access sensitive environment variables, including the Kubernetes service account token secret, by injecting arbitrary HAProxy directives. Note...

SUSE CVE-2022-50544

In the Linux kernel, the following vulnerability has been resolved: usb: host: xhci: Fix potential memory leak in xhciallocstreaminfo xhciallocstreaminfo allocates stream context array for streaminfo -streamctxarray with xhciallocstreamctx. When some error occurs, streaminfo-streamctxarray is not...

CVE-2025-11406

CVE-2025-11406 affects kaifangqian-base; the flaw is in SysUserController.getAllUsers (kaifangqian-parent/kaifangqian-system/src/main/java/com/kaifangqian/modules/system/controller/SysUserController.java). It enables information disclosure via remote manipulation; exploits have been released publ...

CVE-2025-11406 kaifangqian kaifangqian-base SysUserController.java getAllUsers information disclosure

A security flaw has been discovered in kaifangqian kaifangqian-base up to 7b3faecda13848b3ced6c17c7423b76c5b47b8ab. This issue affects the function getAllUsers of the file kaifangqian-parent/kaifangqian-system/src/main/java/com/kaifangqian/modules/system/controller/SysUserController.java. The...

CVE-2025-11406 kaifangqian kaifangqian-base SysUserController.java getAllUsers information disclosure

A security flaw has been discovered in kaifangqian kaifangqian-base up to 7b3faecda13848b3ced6c17c7423b76c5b47b8ab. This issue affects the function getAllUsers of the file kaifangqian-parent/kaifangqian-system/src/main/java/com/kaifangqian/modules/system/controller/SysUserController.java. The...

EUVD-2025-32889

A security flaw has been discovered in kaifangqian kaifangqian-base up to 7b3faecda13848b3ced6c17c7423b76c5b47b8ab. This issue affects the function getAllUsers of the file kaifangqian-parent/kaifangqian-system/src/main/java/com/kaifangqian/modules/system/controller/SysUserController.java. The...