UBUNTU-CVE-2025-68216

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Disable trampoline for kernel module function trace The current LoongArch BPF trampoline implementation is incompatible with tracing functions in kernel modules. This causes several severe and user-visible problem...

EUVD-2023-50046

Malicious code in bioql PyPI...

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the Execute commands feature, which allows shell commands to be executed without restriction to the assigned scope. An attacker can gain unauthorized read and write access to all files managed by the serv...

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the Command Execution process. An attacker can execute arbitrary commands with the privileges of the server process by leveraging allowed shell commands that can spawn additional commands. This is only...

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the Command Execution process. An attacker can execute arbitrary commands with the privileges of the server process by leveraging allowed shell commands that can spawn additional commands. This is only...

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the Execute commands feature, which allows shell commands to be executed without restriction to the assigned scope. An attacker can gain unauthorized read and write access to all files managed by the serv...

CVE-2025-52903 File Browser Allows Execution of Shell Commands That Can Spawn Other Commands

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In version 2.32.0, the Command Execution feature of File Browser only allows the execution of shell command which have been predefined on a...

CVE-2025-52903 File Browser Allows Execution of Shell Commands That Can Spawn Other Commands

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In version 2.32.0, the Command Execution feature of File Browser only allows the execution of shell command which have been predefined on a...

CVE-2023-45757

Security vulnerability in Apache bRPC 1.6.0, download link: https://dist.apache.org/repos/dist/release/brpc/1.6.1/ 2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch: https://github.com/apache/brpc/pull/2411 3. disable rpcz feature...

CVE-2022-23643

Sourcegraph is a code search and navigation engine. Sourcegraph versions 3.35 and 3.36 reintroduced a previously fixed side-channel vulnerabilitity in the Code Monitoring feature where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects...

PT-2025-22003 · Unknown · Twh Offset Writing

Name of the Vulnerable Software and Affected Versions: twh offset writing versions n/a through 1.2 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This occurs in the twh offset writing...

PT-2025-18404

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.12.0-rc6-syzkaller-00318-ga9cda7c0ffed Description A use-after-free issue was detected in the ext4 insert dentry function due to out-of-bounds access caused by incorrect splitting in do split. This issue can le...

CVE-2025-30235

The CVE-2025-30235 entry concerns Shearwater SecurEnvoy SecurAccess Enrol prior to version 9.4.515. The vulnerability arises from improper handling of concurrent authentication attempts, allowing hundreds of failed logins before detection rather than limiting to the intended threshold of 10. This...

PT-2025-6045 · Gnu +1 · Gnu Binutils +1

Name of the Vulnerable Software and Affected Versions: GNU Binutils version 2.43 Description: A memory leak issue was found in the link order scan function of the ld component, specifically in the file ld/ldelfgen.c. This issue can be exploited remotely, but the complexity of an attack is rather...

CVE-2025-20907

Improper privilege management in Samsung Find prior to SMR Feb-2025 Release 1 allows local privileged attackers to disable Samsung Find...

PT-2025-16244 · Pegasystems · Pega Platform

Name of the Vulnerable Software and Affected Versions: Pega Platform versions 7.2.1 through Infinity 24.2.1 Description: The issue is related to an XSS problem with Mashup in Pega Platform. Recommendations: For Pega Platform versions 7.2.1 through Infinity 24.2.1, consider disabling the Mashup...

PT-2025-1511 · Kwhotel · Kwhotel

Name of the Vulnerable Software and Affected Versions: KWHotel version 0.47 Description: The issue concerns CSV Formula Injection in the invoice adding function. This allows for potential exploitation through malicious formula injection in CSV files. Recommendations: For KWHotel version 0.47,...

PT-2025-4997 · Quotemedia · Quotemedia Tools

Name of the Vulnerable Software and Affected Versions: QuoteMedia Tools versions n/a through 1.0 Description: The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based XSS. This is a type of Cross-site Scripting attack. Recommendations: For...

PT-2025-3480 · D Link · D-Link Dir-825

Name of the Vulnerable Software and Affected Versions: D-Link DIR-825 REVB version 2.03 Description: The issue concerns an OS command injection vulnerability in the CGl interface apc client pin.cgi, which allows remote attackers to execute arbitrary commands via the wps pin parameter passed to th...

PT-2024-20715 · Ibm · Ibm Cognos Analytics

Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.2.0 through 11.2.4 IBM Cognos Analytics versions 12.0.0 through 12.0.3 Description: The issue is related to a Cross Site Scripting XSS vulnerability due to improper validation of column headings in Cognos...