EUVD-2025-36519

IPFire versions prior to 2.29 Core Update 198 contain multiple stored cross-site scripting XSS vulnerabilities caused by a bug in the cleanhtml function /var/ipfire/header.pl that fails to apply HTML-entity encoding to user input. When an authenticated user submits data to affected endpoints - fo...

CVE-2025-34305

IPFire versions prior to 2.29 Core Update 198 contain multiple stored cross-site scripting XSS vulnerabilities caused by a bug in the cleanhtml function /var/ipfire/header.pl that fails to apply HTML-entity encoding to user input. When an authenticated user submits data to affected endpoints - fo...

UBUNTU-CVE-2025-40071

In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: Don't block input queue by waiting MSC Currently gsmqueue processes incoming frames and when opening a DLC channel it calls gsmdlciopen which calls gsmmodemupdate. If basic mode is used it calls gsmmodemupdviamsc and i...

Cross-site Scripting

com.liferay.account.admin.web is vulnerable to Cross-Site Scripting. The vulnerability is due to insufficient input validation and improper output encoding due to the Account "Name" text field. This allows an attacker can inject a crafted payload into that field which is stored and later rendered...

EUVD-2025-36457

In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: Don't block input queue by waiting MSC Currently gsmqueue processes incoming frames and when opening a DLC channel it calls gsmdlciopen which calls gsmmodemupdate. If basic mode is used it calls gsmmodemupdviamsc and i...

CVE-2025-40071 tty: n_gsm: Don't block input queue by waiting MSC

In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: Don't block input queue by waiting MSC Currently gsmqueue processes incoming frames and when opening a DLC channel it calls gsmdlciopen which calls gsmmodemupdate. If basic mode is used it calls gsmmodemupdviamsc and i...

Deserialization Of Untrusted Data

h2o is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to improper handling of JDBC connection parameters with insufficient input validation, which allows an attacker to bypass regular expression checks using double URL encoding and subsequently read arbitrary files or...

[SECURITY] Fedora 42 Update: pcre2-10.46-1.fc42

PCRE2 is a re-working of the original PCRE Perl-compatible regular expression library to provide an entirely new API. PCRE2 is written in C, and it has its own API. There are three sets of functions, one for the 8-bit library, which processes strings of bytes, one for the 16-bit library, which...

Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2025-1239)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1239 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL...

Amazon Linux 2 : golang, --advisory ALAS2-2025-3042 (ALAS-2025-3042)

The version of golang installed on the remote host is prior to 1.24.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3042 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses...

Linux Distros Unpatched Vulnerability : CVE-2025-40071

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tty: ngsm: Don't block input queue by waiting MSC Currently gsmqueue processes incoming frames and when opening a DLC channel it calls gsmdlciopen which calls...

PT-2025-44164

Name of the Vulnerable Software and Affected Versions IPFire versions prior to 2.29 Core Update 198 Description IPFire installations are affected by multiple stored cross-site scripting XSS issues. These occur because the cleanhtml function located at /var/ipfire/header.pl does not correctly appl...

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to multiple vulnerabilities in Python.

Summary IBM Virtualization Engine TS7700 is susceptible to two Tampering conditions and one potential Elevation of Privilege issue due to the use of Python CVE-2025-0938, CVE-2025-47273, CVE-2025-1795. TS7700 uses Python to perform operations with the Cloud and internal system configuration tasks...

Cross-site Scripting

dotnetnuke.core is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper encoding of user input in URL and template rendering, allowing attackers to inject malicious scripts that execute in victims’ browsers...

Important: gi-docgen

Issue Overview: gi-docgen does not encode search terms before inserting them into HTML, allowing XSS via a crafted URL. Description obtained from: https://gitlab.gnome.org/GNOME/gi-docgen/-/issues/228 CVE-2025-11687 Affected Packages: gi-docgen Issue Correction: Run dnf update gi-docgen...

PT-2025-43999

Name of the Vulnerable Software and Affected Versions Rubikon Banking Solution version 4.0.3 Description A reflected cross-site scripting issue exists in the "Search For Customers Information" endpoints of Rubikon Banking Solution. This allows for the injection of malicious scripts through...

Revive Adserver: Improper sanitisation of input in the settings could cause DoS

A vulnerability was found in the settings functionality of the application where attacker-controlled values in the emailfromName and emailfromCompany fields were persisted and later rendered to pages without proper output encoding. This could have led to the execution of arbitrary JavaScript in t...

CLSA-2025-1761323193 libpq: Fix of CVE-2025-1094

CVE-2025-1094: fix potential SQL injections allowed by an improper encoding validation in data quoting functions...

Exploit for HTTP Request Smuggling in Microsoft

CVE-2025-55315 Vulnerability Scanner and TLS Proxy This repos...

Improper Input Validation

Hono is vulnerable to improper input validation. The vulnerability is due to a flaw in the bodyLimit middleware that prioritized the Content-Length header over Transfer-Encoding: chunked, which allows an attacker to bypass the configured request body size limit and potentially cause a denial of...