PT-2025-35887

Name of the Vulnerable Software and Affected Versions: Android WLAN versions prior to 2025-09-05 on Google Pixel devices Description: A privilege escalation issue exists in the WLAN component of Android running on Google Pixel devices. This allows for unauthorized elevation of privileges...

ToolShell Unleashed: Decoding the SharePoint Attack Chain

ToolShell Unleashed: Decoding the SharePoint Attack Chain By Akhil Reddy, Aniket Choukde, Aparna Aripirala, Satyajit Daulaguphu and Yadunadh · September 4, 2025 Introduction A wave of active exploitation is targeting recently disclosed vulnerabilities in Microsoft SharePoint Server CVE-2025-49704...

Linux Distros Unpatched Vulnerability : CVE-2014-0085

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local...

HDF5 H5Fint.c H5F_addr_decode_len heap-based overflow

...

GNU objdump 2.43 is vulnerable to Buffer Overflow in the BFD (Binary File Descriptor) library's handling of tekhex format files.

...

HDF5 H5Omessage.c H5O_msg_flush heap-based overflow

...

CVE-2025-9927 projectworlds Travel Management System viewpackage.php sql injection

A vulnerability was identified in projectworlds Travel Management System 1.0. The affected element is an unknown function of the file /viewpackage.php. Such manipulation of the argument t1 leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might...

CVE-2025-46394 vulnerabilities

Vulnerabilities for packages: busybox...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a denial of service due to Apache Commons FileUpload (CVE-2025-48976)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a denial of service due to Apache Commons FileUpload with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0 or servlet-6.0 feature enabled. Vulnerability Details Refer to th...

Exploit for Out-of-bounds Write in Apple Ipados

iOS 18.6.1 0-click RCE POC The vulnerability seems to be in t...

Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Software Vulnerabilities

Multiple vulnerabilities in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 with Cisco Session Initiation Protocol SIP Software could allow an unauthenticated, remote attacker to conduct arbitrary file write and informatio...

Why you should upgrade to Windows 11 now, and how to do it

I know many of us loved Windows XP and Windows 7 almost as much as we dislike Windows 10 and 11, but if you want to stay secure on Windows, the time to bite the bullet is closing in fast. Support for Windows 10 will end on October 14, 2025, which means the only Windows version that will continue ...

Exploit for Deserialization of Untrusted Data in Apache Tomcat

CVE-2025-24813 – Proof of Concept !Statushttps://img.shiel...

CVE-2025-9378

creationtimestamp| type| source ---|---|--- 2025-09-03 11:01:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lxwi5zqlmm2n...

CVE-2025-8663

creationtimestamp| type| source ---|---|--- 2025-09-03 07:32:15+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3lxw4hardlc2w 2025-09-03 10:45:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lxwhbeqvhl2r...

Improper Authentication

github.com/mattermost/mattermost-plugin-confluence is vulnerable to Improper Authentication. The vulnerability is due to missing enforcement of user authentication in the Mattermost instance, which allows an attacker to access subscription details through an unauthenticated API call to the GET...

PT-2025-35753

Name of the Vulnerable Software and Affected Versions: PDF for WPForms versions through 6.2.1 Description: The software contains a cross-site scripting XSS vulnerability due to improper neutralization of input during web page generation. This allows for stored XSS attacks. Recommendations: Update...

Release Information for Veeam ONE 13 and Updates

Veeam ONE 13 Releases 13.0.2.6723 2026-05-27 What's New New Features and Improvements Suspicious Incremental Backup Size Alarm -- Extended Platform Support The Suspicious Incremental Backup Size alarm now covers all platforms supported in Veeam ONE v13, including Proxmox VE, oVirt KVM Oracle Linu...

Linux Distros Unpatched Vulnerability : CVE-2025-26619

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In vega 5.30.0 and lower and in...

openSUSE Security Advisory (SUSE-SU-2025:03053-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...