CVE-2021-41243

There is a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability on the management system of baserCMS. Users with permissions to upload files may upload crafted zip files which may execute arbitrary commands on the host operating system. This is a vulnerability that needs to be...

Vulnerabilities fixed in Cisco Secure Firewall ASA and FTD

Cisco has fixed vulnerabilities in Cisco Secure Firewall ASA and FTD Software. The vulnerability with reference CVE-2025-20333, is located in how the software validates user input in HTTPS requests. An attacker with valid VPN login credentials can exploit this vulnerability by sending specially...

CVE-2025-30681

CVE-2025-30681 is a MySQL Server vulnerability in the replication component. Oracle MySQL lists affected versions as 8.0.0–8.0.41, 8.4.0–8.4.4, and 9.0.0–9.2.0. It is described as easily exploitable via network access through multiple protocols, with a high-privilege attacker capable of compromis...

PT-2025-5043 · Quote · Quote

Name of the Vulnerable Software and Affected Versions: Quote me versions 1.0 and below Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This enables attackers to inject malicious...

PT-2024-28563 · WordPress · Nextgen Gallery

Name of the Vulnerable Software and Affected Versions: NextGEN Gallery versions 3.59.3 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS, which can lead to malicious scri...

PT-2024-33723 · Transsion · Com.Transsion.Videocallenhancer

Name of the Vulnerable Software and Affected Versions: com.transsion.videocallenhancer version 1.1.9.973 Description: The mobile application interface has improper permission control, which can lead to the risk of private file leakage. This issue can result in unauthorized access to private files...

Authenticated users can exploit an enumeration vulnerability in Harbor

Impact Hidde Smit from Cyber Eagle has discovered an User Enumeration flaw in Harbor. The issue is present in the "/users" api endpoint. This endpoint is supposed to be restricted to administrators. This restriction is able to be bypassed and information can be obtained via the "search"...

Citrix SDWAN Center Security Update

Description of Problem Multiple vulnerabilities have been discovered in Citrix SD-WAN Center that, if exploited, could allow an unauthenticated attacker with network access to SD-WAN Center to perform arbitrary code execution as root. These vulnerabilities have the following identifiers: CVE|...

New Android API Lets Developers Push Updates Within their Apps

You might have read somewhere online today that Google is granting Android app developers powers to forcefully install app updates…but it is not true. Instead, the tech giant is providing a new feature that will help users to have up-to-date Android apps all the time and yes, it's optional. Along...

Microsoft Security Bulletin MS04-033 Vulnerability in Microsoft Excel Could Allow Remote Code Execution (886836)

Microsoft Security Bulletin MS04-033 Vulnerability in Microsoft Excel Could Allow Remote Code Execution 886836 Issued: October 12, 2004 Version: 1.0 Vulnerability in Microsoft Excel Could Allow Code Remote Execution Who should read this document: Customers who use Microsoft Excel 2000, Microsoft...