PT-2025-135: Local File Read in mPDF

The vulnerability was identified in mPDF, version 2.8.5. The application performs improper validation of data received from the user, which allows an attacker to read files stored on the server. Vulnerability status: Confirmed during research Date of vulnerability discovery: 11.04.2025...

PT-2025-134: Local File Read in OpenPDF

The vulnerability was identified in OpenPDF, version 2.0.4. The discovered vulnerability allows an attacker to read arbitrary files on the server by inserting absolute paths or directory traversal sequences in the HTML‑tag attributes processed by OpenPDF. This enables the disclosure of confidenti...

PT-2025-133: Local File Read in OpenPDF

The vulnerability was identified in OpenPDF, version 2.0.4. The discovered vulnerability allows an attacker to read arbitrary files on the server by inserting absolute paths or directory traversal sequences in the HTML‑tag attributes processed by OpenPDF. This enables the disclosure of confidenti...

GHSA-Q82R-2J7M-9RV4 github.com/go-acme/lego/v4/acme/api does not enforce HTTPS

Summary It was discovered that the github.com/go-acme/lego/v4/acme/api package thus the lego library and the lego cli as well don't enforce HTTPS when talking to CAs as an ACME client. Details Unlike the http-01 challenge which solves an ACME challenge over unencrypted HTTP, the ACME protocol...

CVE-2025-3263

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically in the getconfigurationfile function within the transformers.configurationutils module. The affected version is 4.49.0, and the issue is resolved in version 4.51.0. The...

EulerOS Virtualization 2.12.0 : c-ares (EulerOS-SA-2024-2766)

According to the versions of the c-ares package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.con...

Default configuration

iproute2 before 5.1.0 has a use-after-free in getnetnsidfromname in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors such as C library...

CVE-2019-20795

iproute2 before 5.1.0 has a use-after-free in getnetnsidfromname in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors such as C library...