CVE-2025-8194 Tarfile infinite loop during parsing with negative member offset

There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives...

CVE-2025-7868 Portabilis i-Educar Calendar educar_calendario_dia_motivo_cad.php cross site scripting

A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /intranet/educarcalendariodiamotivocad.php of the component Calendar Module. The manipulation of the argument Motivo/descricao results in cross site scripting. It is possible to...

CVE-2025-7866 Portabilis i-Educar Disabilities Module educar_deficiencia_lst.php cross site scripting

A vulnerability was found in Portabilis i-Educar 2.9.0. It has been rated as problematic. This issue affects some unknown processing of the file /intranet/educardeficiencialst.php of the component Disabilities Module. The manipulation of the argument Deficiência ou Transtorno leads to cross site...

CVE-2025-7672

The improper default setting in JiranSoft CrossEditor4 on Windows, Linux, Unix API modules potentaily allows Stored XSS. This issue affects CrossEditor4: from 4.0.0.01 before 4.6.0.23...

Huawei EulerOS: Security Advisory for libcap (EulerOS-SA-2025-1779)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-7113 Portabilis i-Educar Curricular Components Module edit cross site scripting

A vulnerability was found in Portabilis i-Educar 2.9.0. It has been classified as problematic. Affected is an unknown function of the file /module/ComponenteCurricular/edit?id=ID of the component Curricular Components Module. The manipulation of the argument Nome leads to cross site scripting. It...

CVE-2025-7112 Portabilis i-Educar Function Management Module educar_funcao_det.php cross site scripting

A vulnerability was found in Portabilis i-Educar 2.9.0 and classified as problematic. This issue affects some unknown processing of the file /intranet/educarfuncaodet.php?codfuncao=COD&refcodinstituicao=COD of the component Function Management Module. The manipulation of the argument Função leads...

ROS-20250619-01

A vulnerability in the Rack module interface of the Ruby programming language interpreter is related to sending requests with an extremely large number of parameters. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A vulnerability in the Rack...

CVE-2024-55567

Improper input validation was discovered in UsbCoreDxe in Insyde InsydeH2O kernel 5.4 before 05.47.01, 5.5 before 05.55.01, 5.6 before 05.62.01, and 5.7 before 05.71.01. The SMM module has an SMM call out vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary...

CVE-2025-48905

Wasm exception capture vulnerability in the arkweb v8 module Impact: Successful exploitation of this vulnerability may cause the failure to capture specific Wasm exception types...

CVE-2024-47292

Path traversal vulnerability in the Bluetooth module Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2024-24304

In the module "Mailjet" mailjet from Mailjet for PrestaShop before versions 3.5.1, a guest can download technical information without restriction...

CVE-2024-51520

Vulnerability of input parameters not being verified in the HDC module Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2024-51524

Permission control vulnerability in the Wi-Fi module Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2024-51529

Data verification vulnerability in the battery module Impact: Successful exploitation of this vulnerability may affect function stability...

CVE-2024-51514

Vulnerability of pop-up windows belonging to no app in the VPN module Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2024-48953

An issue was discovered in Logpoint before 7.5.0. Endpoints for creating, editing, or deleting third-party authentication modules lacked proper authorization checks. This allowed unauthenticated users to register their own authentication plugins in Logpoint, resulting in unauthorized access...

CVE-2024-56449

Privilege escalation vulnerability in the Account module Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2023-52371

Vulnerability of null references in the motor module.Successful exploitation of this vulnerability may affect availability...

CVE-2023-52376

Information management vulnerability in the Gallery module.Successful exploitation of this vulnerability may affect service confidentiality...