VulnCheck KEV: CVE-2025-55190

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0-rc1 through 3.1.1, API tokens with project-level permissions are able to retrieve sensitive repository credentials usernames, passwor...

WordPress Project Honey Pot Spam Trap plugin <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin Project Honey Pot Spam Trap versions = 1.0.1...

GO-2025-4118 File Browser has risk of HTTP Request/Response smuggling through vulnerable dependency in github.com/filebrowser/filebrowser

File Browser has risk of HTTP Request/Response smuggling through vulnerable dependency in github.com/filebrowser/filebrowser...

CVE-2025-9317

The vulnerability, if exploited, could allow a miscreant with read access to Edge Project files or Edge Offline Cache files to reverse engineer Edge users' app-native or Active Directory passwords through computational brute-forcing of weak hashes...

CVE-2025-7736

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to bypass access control restrictions and view GitLab Pages content intended only for project members by...

ROS-20251117-04

A vulnerability in the LXD container and lightweight virtual machine management system is related to redundant API data output. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to potentially sensitive information The vulnerability in the LXD container and...

itsourcecode Inventory Management System SQL注入漏洞

Inventory Management System is an inventory management system. Inventory Management System suffers from a SQL injection vulnerability that stems from improper handling of the ID parameter in the /admin/products/index.php?view=edit file. No details of the vulnerability are available at this time...

CVE-2025-7736

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to bypass access control restrictions and view GitLab Pages content intended only for project members by...

UBUNTU-CVE-2025-7000

An issue has been discovered in GitLab CE/EE affecting all versions from 17.6 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that, under specific conditions, could have allowed unauthorized users to view confidential branch names by accessing project issues with related merge requests...

CVE-2025-7736 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to bypass access control restrictions and view GitLab Pages content intended only for project members by...

CVE-2025-7736 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to bypass access control restrictions and view GitLab Pages content intended only for project members by...

CVE-2025-7736

Technical details about CVE-2025-7736 are not publicly available in the provided connected documents. The initial record includes remediation notes but no explicit affected versions, root cause, exploit details, or patch specifics beyond the GitLab patch release. Monitor for updates.

CVE-2025-7736 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to bypass access control restrictions and view GitLab Pages content intended only for project members by...

CVE-2025-8994 WP Project Manager <= 2.6.26 - Authenticated (Subscriber+) SQL Injection via 'completed_at_operator'

The Project Management, Team Collaboration, Kanban Board, Gantt Charts, Task Manager and More – WP Project Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘completedatoperator’ parameter in all versions up to, and including, 2.6.26 due to insufficient escaping on th...

CVE-2025-8994 WP Project Manager <= 2.6.26 - Authenticated (Subscriber+) SQL Injection via 'completed_at_operator'

The Project Management, Team Collaboration, Kanban Board, Gantt Charts, Task Manager and More – WP Project Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘completedatoperator’ parameter in all versions up to, and including, 2.6.26 due to insufficient escaping on th...

CVE-2025-8994

CVE-2025-8994 : WP Project Manager (WordPress) is vulnerable to a time-based SQL Injection via the completed_at_operator parameter in all versions up to 2.6.26. Exploitation requires authenticated access at Subscriber level or higher and can be used to extract sensitive data from the database. Pu...

[SECURITY] Fedora 42 Update: rust-reqsign-command-execute-tokio-2.0.1-1.fc42

Tokio-based command execution implementation for reqsign...

CVE-2025-9317

The vulnerability, if exploited, could allow a miscreant with read access to Edge Project files or Edge Offline Cache files to reverse engineer Edge users' app-native or Active Directory passwords through computational brute-forcing of weak hashes...

PT-2025-47042

Name of the Vulnerable Software and Affected Versions WP Project Manager plugin for WordPress versions prior to 2.6.27 Description The WP Project Manager plugin for WordPress is susceptible to a time-based SQL Injection issue. This is due to inadequate escaping of user-supplied input and...

WordPress plugin WP Project Manager SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL...