CVE-2025-6281 OpenBMB XAgent community path traversal

A vulnerability has been found in OpenBMB XAgent up to 1.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /conv/community. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used...

CVE-2025-6173

A vulnerability classified as critical was found in Webkul QloApps 1.6.1. Affected by this vulnerability is an unknown functionality of the file /admin/ajaxproductslist.php. The manipulation of the argument packItself leads to sql injection. The attack can be launched remotely. The exploit has be...

CVE-2022-50072

In the Linux kernel, the following vulnerability has been resolved: NFSv4/pnfs: Fix a use-after-free bug in open If someone cancels the open RPC call, then we must not try to free either the open slot or the layoutget operation arguments, since they are likely still in use by the hung RPC call...

CVE-2025-34508 ZendTo < 6.15-8 Path Traversal

A path traversal vulnerability exists in the file dropoff functionality of ZendTo versions 6.15-7 and prior. This could allow a remote, authenticated attacker to retrieve the files of other ZendTo users, retrieve files on the host system, or cause a denial of service...

CVE-2025-6126

A vulnerability was found in PHPGurukul Rail Pass Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /contact.php. The manipulation of the argument Name leads to cross site scripting. The attack can be launched...

Salt's on demand pillar functionality vulnerable to arbitrary command injections

An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process...

GHSA-J6G5-P62X-58HW vantage6 lacks brute-force protection on change password functionality

Impact If attacker gets access to an authenticated session, they can try to brute-force the user password by using the change password functionality: they can call that route infinitely which will return the message that password is wrong until it is correct Patches This issue has been patched in...

CVE-2025-43863

vantage6 contains a brute-force vulnerability in the change password flow when an attacker has an authenticated session. The issue arises from unlimited password-change attempts via the route, enabling password-guessing and account compromise. Multiple sources (CVEs, advisories, and vendor notes)...

Drupal Commerce Eurobank (Redirect) Incorrect Authorization vulnerability

Incorrect Authorization vulnerability in Drupal Commerce Eurobank Redirect allows Functionality Misuse. This issue affects Commerce Eurobank Redirect: from 0.0.0 before 2.1.1...

Drupal Commerce Alphabank Redirect Incorrect Authorization vulnerability

Incorrect Authorization vulnerability in Drupal Commerce Alphabank Redirect allows Functionality Misuse. This issue affects Commerce Alphabank Redirect: from 0.0.0 before 1.0.3...

GHSA-48WX-8736-JGX2 Drupal Commerce Alphabank Redirect Incorrect Authorization vulnerability

Incorrect Authorization vulnerability in Drupal Commerce Alphabank Redirect allows Functionality Misuse. This issue affects Commerce Alphabank Redirect: from 0.0.0 before 1.0.3...

GHSA-Q9H3-R6WR-P3J3 Drupal Commerce Eurobank (Redirect) Incorrect Authorization vulnerability

Incorrect Authorization vulnerability in Drupal Commerce Eurobank Redirect allows Functionality Misuse. This issue affects Commerce Eurobank Redirect: from 0.0.0 before 2.1.1...

CVE-2025-48446

Incorrect Authorization vulnerability in Drupal Commerce Alphabank Redirect allows Functionality Misuse.This issue affects Commerce Alphabank Redirect: from 0.0.0 before 1.0.3...

CVE-2025-48445

Incorrect Authorization vulnerability in Drupal Commerce Eurobank Redirect allows Functionality Misuse.This issue affects Commerce Eurobank Redirect: from 0.0.0 before 2.1.1...

CVE-2025-48446

Incorrect Authorization vulnerability in Drupal Commerce Alphabank Redirect allows Functionality Misuse.This issue affects Commerce Alphabank Redirect: from 0.0.0 before 1.0.3...

CVE-2025-48445

Incorrect Authorization vulnerability in Drupal Commerce Eurobank Redirect allows Functionality Misuse.This issue affects Commerce Eurobank Redirect: from 0.0.0 before 2.1.1...

CVE-2025-48446 Commerce Alphabank Redirect - Moderately critical - Access bypass - SA-CONTRIB-2025-067

Incorrect Authorization vulnerability in Drupal Commerce Alphabank Redirect allows Functionality Misuse.This issue affects Commerce Alphabank Redirect: from 0.0.0 before 1.0.3...

CVE-2025-48446 Commerce Alphabank Redirect - Moderately critical - Access bypass - SA-CONTRIB-2025-067

Incorrect Authorization vulnerability in Drupal Commerce Alphabank Redirect allows Functionality Misuse.This issue affects Commerce Alphabank Redirect: from 0.0.0 before 1.0.3...

CVE-2025-48446

CVE-2025-48446: Drupal Commerce Alphabank Redirect has an Incorrect Authorization vulnerability enabling functionality misuse. Affected versions are 0.0.0 through 1.0.2; the issue is mitigated by upgrading to 1.0.3. CVSS v3.1 base score 8.8 (High) with NETWORK attack vector, no privileges require...

CVE-2025-48445 Commerce Eurobank (Redirect) - Moderately critical - Access bypass - SA-CONTRIB-2025-066

Incorrect Authorization vulnerability in Drupal Commerce Eurobank Redirect allows Functionality Misuse.This issue affects Commerce Eurobank Redirect: from 0.0.0 before 2.1.1...