CVE-2025-15156

CVE-2025-15156 affects omec-project UPF up to 2.1.3-dev. The PFCP Session Establishment Request Handler’s handleSessionEstablishmentRequest permits a null pointer dereference; the issue can be triggered remotely. Exploit is published; multiple sources note a lack of a fixed version for the patche...

CVE-2025-15130

A vulnerability has been found in shanyu SyCms up to a242ef2d194e8bb249dc175e7c49f2c1673ec921. This issue affects the function addPost of the file Application/Admin/Controller/FileManageController.class.php of the component Administrative Panel. The manipulation leads to code injection. The attac...

CVE-2025-15095

A security vulnerability has been detected in postmanlabs httpbin up to 0.6.1. This affects an unknown function of the file httpbin-master/httpbin/core.py. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used...

CVE-2025-68938

A flaw was found in Gitea. An incorrect authorization allows an authenticated user with minimal privileges to delete project releases, causing a loss of availability of project assets and distribution history. Mitigation Mitigation for this issue is either not available or the currently available...

WordPress WP Project Manager plugin <= 3.0.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by MD ISMAIL in WordPress Plugin WP Project Manager versions = 3.0.1...

Exposure of Sensitive Information Due to Incompatible Policies

Overview Affected versions of this package are vulnerable to Exposure of Sensitive Information Due to Incompatible Policies due to insufficient access validation to private user projects. An attacker can gain unauthorized access to sensitive project information by directly accessing private proje...

Exposure of Sensitive Information Due to Incompatible Policies

Overview Affected versions of this package are vulnerable to Exposure of Sensitive Information Due to Incompatible Policies due to insufficient access validation to private user projects. An attacker can gain unauthorized access to sensitive project information by directly accessing private proje...

GHSA-7XQ4-MWCP-Q8FX Gitea: anonymous user can visit private user's project

In Gitea before 1.21.2, an anonymous user can visit a private user's project...

CVE-2025-68945

In Gitea before 1.21.2, an anonymous user can visit a private user's project...

CVE-2025-68945

In Gitea before 1.21.2, an anonymous user can visit a private user's project...

EUVD-2025-205424

In Gitea before 1.21.2, an anonymous user can visit a private user's project...

CVE-2025-68945

In Gitea before 1.21.2, an anonymous user can visit a private user's project...

CVE-2025-68945

The CVE-2025-68945 issue affects Gitea prior to 1.21.2, where an anonymous user could visit a private user’s project, potentially exposing project details. Connected advisories (OSV entries and vendor/go-sources) confirm the vulnerability in Gitea’s routing layers (e.g., routers/api/v1 and router...

CVE-2025-68945

In Gitea before 1.21.2, an anonymous user can visit a private user's project...

EUVD-2025-205405

A weakness has been identified in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The impacted element is the function userLogin of the file src/main/java/com/flycms/web/front/UserController.java of the component User Login. Executing manipulation of the argument redirectUrl can...

PT-2025-53447

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.21.2 Description An anonymous user can access a private user's project. Recommendations Update to version 1.21.2 or later...

CVE-2025-68645

creationtimestamp| type| source ---|---|--- 2025-12-25 21:00:05+00:00| published-proof-of-concept| Telegram/6v0tgXr67OHpT1VYYnEl9dNKXH-8Vq-uMwR5rJ3hS7Xe9zI 2025-12-30 23:50:40+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-68645.yaml...

MAL-2025-192937 Malicious code in bettermode-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ade97c888752f20137524d28c5b49359ed4187da5edcecb60ead623f40aba3c The package bettermode-common was found to contain malicious code. Source: ghsa-malware...

PT-2025-53431

@F5 re: https://t.co/AvZmrhQb92 You use CVE-2021-201667, but that is likely 2021-20167...

CVE-2021-47720

Orangescrum 1.8.0 contains an authenticated SQL injection vulnerability that allows authorized users to manipulate database queries through multiple vulnerable parameters. Attackers can inject malicious SQL code into parameters like oldprojectid, projectid, uuid, and uniqid to potentially extract...