PT-2025-52508

Name of the Vulnerable Software and Affected Versions Quest Coexistence Manager for Notes version 3.8.2045 Description An inconsistent interpretation of HTTP requests 'HTTP Request/Response Smuggling' exists in Quest Coexistence Manager for Notes Free/Busy Connector modules. This allows HTTP...

Quest Coexistence Manager for Notes 安全漏洞

Quest Coexistence Manager for Notes is a data synchronization software from Quest USA. A security vulnerability exists in Quest Coexistence Manager for Notes, which stems from an inconsistent HTTP request/response interpretation that could lead to an HTTP request entrapment attack...

Important: Red Hat Security Advisory: RHSA 4.8.7 security and bug fix update

Updated images are now available for Red Hat Advanced Cluster Security RHACS, which typically include new features, bug fixes, and/or security patches. See the release notes link in the references section for a description of the fixes and enhancements in this particular release...

Libredesk has Improper Neutralization of HTML Tags in a Web Page

Summary LibreDesk is vulnerable to stored HTML injection in the contact notes feature. When adding notes via POST /api/v1/contacts/id/notes, the backend automatically wraps user input in tags. However, by intercepting the request and removing the tag, an attacker can inject arbitrary HTML element...

GHSA-WH6M-H6F4-RJF4 Libredesk has Improper Neutralization of HTML Tags in a Web Page

Summary LibreDesk is vulnerable to stored HTML injection in the contact notes feature. When adding notes via POST /api/v1/contacts/id/notes, the backend automatically wraps user input in tags. However, by intercepting the request and removing the tag, an attacker can inject arbitrary HTML element...

Important: Red Hat Security Advisory: RHSA 4.7.9 security and bug fix update

Updated images are now available for Red Hat Advanced Cluster Security RHACS, which typically include new features, bug fixes, and/or security patches. See the release notes link in the references section for a description of the fixes and enhancements in this particular release...

EUVD-2025-203438

Coppermine Gallery 1.6.25 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the plugin manager. Attackers can upload a zipped PHP file with system commands to the plugin directory and execute arbitrary code by accessing the...

CVE-2025-43410

The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.2. An attacker with physical access may be able to view deleted notes...

Improper Input Validation

mantisbt/mantisbt is vulnerable to improper input validation. The vulnerability is due to lack of server-side validation on note length, which allows an attacker to submit excessively long notes and corrupt the issue activity logs, thereby breaking the activity stream UI and preventing future...

CVE-2025-43410

The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.2. An attacker with physical access may be able to view deleted notes...

CVE-2025-43410

The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.2, macOS Sonoma 14.8.2. An attacker with physical access may be able to view deleted notes...

CVE-2025-43410

CVE-2025-43410 affects macOS where an attacker with physical access could view deleted notes due to improved handling of caches. The vulnerability is tied to macOS Sequoia (15.7.2), macOS Tahoe (26.2), and macOS Sonoma (14.8.2) releases, which patch the issue. Connected disclosures confirm the ro...

CVE-2025-43410

The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.2. An attacker with physical access may be able to view deleted notes...

CVE-2025-43410

The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.2. An attacker with physical access may be able to view deleted notes...

EUVD-2025-203164

The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2. An attacker with physical access may be able to view deleted notes...

macOS 26.x < 26.2 Multiple Vulnerabilities (125886)

The remote host is running a version of macOS / Mac OS X that is 26.x prior to 26.2. It is, therefore, affected by multiple vulnerabilities: - A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing fo...

Apple macOS 安全漏洞

Apple macOS is a suite of specialized operating systems developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS Sequoia prior to 15.7.2 and Sonoma prior to 14.8.2, which stems from improper handling of cache and could allow an attacker to vie...

CVE-2025-67488 SiYuan: ZipSlip -> Arbitrary File Overwrite -> RCE

SiYuan is self-hosted, open source personal knowledge management software. Versions 0.0.0-20251202123337-6ef83b42c7ce and below contain function importZipMd which is vulnerable to ZipSlips, allowing an authenticated user to overwrite files on the system. An authenticated user with access to the...

awesome-burp-extensions

This is a curated list of Burp Extensions, a collection of user-submitted plugins for the Burp Suite web application security testing tool. The repository is maintained under a CC0 1.0 Universal license, allowing for the permanent relinquishment of copyright and related rights to the works...

CVE-2025-65959

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a Stored XSS vulnerability was discovered in Open-WebUI's Notes PDF download functionality. An attacker can import a Markdown file containing malicious SVG tags into Notes, allowing...