CVE-2025-58061 OpenEBS Local PV RawFile persistent volume data is world readable

OpenEBS Local PV RawFile allows dynamic deployment of Stateful Persistent Node-Local Volumes & Filesystems for Kubernetes. Prior to version 0.10.0, persistent volume data is world readable and that would allow non-privileged users to access sensitive data such as databases of k8s workload. The...

OpenEBS Local PV RawFile 信息泄露漏洞

OpenEBS Local PV RawFile is an OpenEBS open source for creating local storage in Kubernetes. An information disclosure vulnerability exists in OpenEBS Local PV RawFile versions prior to 0.10.0 that stems from persistent volume data being globally readable, which could lead to unprivileged users...

Best Salon Management System 1.0 Cross Site Scripting

Best Salon Management System version 1.0 suffers from a persistent cross site scripting vulnerability...

PT-2025-34935 · D Link · Dcs-825L

Name of the Vulnerable Software and Affected Versions: D-Link DCS-825L firmware versions prior to 1.09.02 Description: The D-Link DCS-825L firmware contains a flaw in the watchdog script mydlink-watch-dog.sh. This script blindly respawns binaries, including dcp and signalc, without verifying thei...

Linux Distros Unpatched Vulnerability : CVE-2021-39866

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A business logic error in the project deletion process in GitLab 13.6 and later allows persistent access via project access tokens. CVE-2021-39866 Note that...

CVE-2025-5352

A critical stored Cross-Site Scripting XSS vulnerability exists in the Analytics component of lunary-ai/lunary versions up to 1.9.23, where the NEXTPUBLICCUSTOMSCRIPT environment variable is directly injected into the DOM using dangerouslySetInnerHTML without any sanitization or validation. This...

Linux Distros Unpatched Vulnerability : CVE-2016-6622

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service DoS attack by forcing persistent connections when phpMyAdm...

D-Link DCS-825L 安全漏洞

The D-Link DCS-825L is a wireless webcam from China AUO D-Link. A security vulnerability exists in the D-Link DCS-825L version 1.08.01 and earlier, which stems from the mydlink-watch-dog.sh script that does not verify binary integrity, which could lead to persistent arbitrary code execution...

CVE-2025-49810 Thread summarization allows persistent access to channel

Mattermost versions 10.5.x = 10.5.8 fail to validate access controls at time of access which allows user to read a thread via AI posts...

CVE-2025-49810 Thread summarization allows persistent access to channel

Mattermost versions 10.5.x = 10.5.8 fail to validate access controls at time of access which allows user to read a thread via AI posts...

Linux Distros Unpatched Vulnerability : CVE-2021-4091

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests,...

Linux Distros Unpatched Vulnerability : CVE-2020-15675

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. This vulnerability...

Malicious code in persistent-socket (npm)

The package persistent-socket was found to contain malicious code...

MAL-2025-29077 Malicious code in persistent-socket (npm)

The package persistent-socket was found to contain malicious code...

CVE-2025-55194 Part-DB Persistent Denial of Service via Uncaught Exception from Misleading File Extension in Avatar Upload

Part-DB is an open source inventory management system for electronic components. Prior to version 1.17.3, any authenticated user can upload a profile picture with a misleading file extension e.g., .jpg.txt, resulting in a persistent 500 Internal Server Error when attempting to view or edit that...

CVE-2025-55194 Part-DB Persistent Denial of Service via Uncaught Exception from Misleading File Extension in Avatar Upload

Part-DB is an open source inventory management system for electronic components. Prior to version 1.17.3, any authenticated user can upload a profile picture with a misleading file extension e.g., .jpg.txt, resulting in a persistent 500 Internal Server Error when attempting to view or edit that...

CVE-2011-10011

WeBid 1.0.2 contains a remote code injection vulnerability in the converter.php script, where unsanitized input in the to parameter of a POST request is written directly into includes/currencies.php. This allows unauthenticated attackers to inject arbitrary PHP code, resulting in persistent remot...

PT-2025-33080 · Webid · Webid

Name of the Vulnerable Software and Affected Versions: WeBid version 1.0.2 Description: WeBid version 1.0.2 contains a remote code injection issue in the convert.php script. Unsanitized input from the to parameter in a POST request is directly written to the includes/currencies.php file. This...

Intel Optane PMem Management Software Advisory - Lenovo Support US

No description provided...

New Ransomware Charon Uses Earth Baxia APT Techniques To Target Enterprises

We uncovered Charon, a new ransomware strainfamily that uses advanced APT-style techniques, including DLL sideloading, process injection, and anti-EDR capabilities, to target organizations with customized ransom demands...