FoxCMS SQL Injection Vulnerability

FoxCMS is a PHP-based content management system that provides web content management and publishing functions. A SQL injection vulnerability exists in FoxCMS 1.24 and earlier versions, which originates from the batchCope function in the /app/admin/controller/Images.php file that does not securely...

Linux Distros Unpatched Vulnerability : CVE-2016-3753

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mediaserver in Android 4.x before 4.4.4 allows remote attackers to obtain sensitive information via unspecified vectors, aka internal bug 27210135. CVE-2016-375...

Advisory ROSA-SA-2025-2957

Software: perl-CPAN 2.18 OS: ROSA Virtualization 2.1 unaffected versions = perl-CPAN-2.18-397.0.1.rv3 affected versions perl-CPAN-2.18-397.0.1.rv3 CVE-ID: CVE-2023-31484 BDU-ID: 2023-03871 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the CPAN.pm component of the Perl programming language is relat...

rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy

...

Linux Distros Unpatched Vulnerability : CVE-2016-7153

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote...

CVE-2025-7974

rocket.chat Incorrect Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of rocket.chat. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web...

CVE-2025-45968

An issue in System PDV v1.0 allows a remote attacker to obtain sensitive information via the hash parameter in a URL. The application contains an Insecure Direct Object Reference IDOR vulnerability, which occurs due to a lack of proper authorization checks when accessing objects referenced by thi...

Security Bulletin: Java SE Hotspot Vulnerability Enables Remote Data Access and Modification via Multiple Protocols, which affects IBM watsonx.data

Summary Vulnerability in Java SE component: Hotspot. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to accessib...

CVE-2025-0093

In handleBondStateChanged of AdapterService.java, there is a possible unapproved data access due to a missing permission check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2025-0093

In handleBondStateChanged of AdapterService.java, there is a possible unapproved data access due to a missing permission check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2025-0093

In handleBondStateChanged of AdapterService.java, there is a possible unapproved data access due to a missing permission check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...

MAL-2025-191765 Malicious code in import-license-checker (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c41ca4c8119fa20f7f5915b34de59f879b77fedf237cbbf5a69e46ddbeded428 Package exfiltrates content of .env files to a remote target --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

CVE-2025-55575

Summary: CVE-2025-55575 is a SQL Injection vulnerability in SMM Panel 3.1 that allows remote attackers to disclose sensitive information via a crafted HTTP request with the parameter action=service_detail. The CVSS v3.1 base score is 9.8 (CRITICAL) with network access, low attack complexity, no p...

CVE-2025-45968

An issue in System PDV v1.0 allows a remote attacker to obtain sensitive information via the hash parameter in a URL. The application contains an Insecure Direct Object Reference IDOR vulnerability, which occurs due to a lack of proper authorization checks when accessing objects referenced by thi...

PT-2025-34599 · Google · Google Cloud Dataform

Name of the Vulnerable Software and Affected Versions: Google Cloud Dataform affected versions not specified Description: A path traversal vulnerability exists in the NPM package installation process of Google Cloud Dataform. A remote attacker can read and write files in other customers'...

Linux Distros Unpatched Vulnerability : CVE-2014-8242

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, which makes it easier for remote attackers to modify transmitted data via a birthday attack...

ROS-20250822-08

Vulnerability of parse.ParseUnverified function of golang-jwt web token library of Go programming language is related to uncontrolled resource consumption. Go programming language is related to uncontrolled resource consumption. Exploitation of the vulnerability allows an attacker acting remotely...

ROS-20250821-04

Vulnerability in libsoup library is related to disclosure of system data to unauthorized parties. Exploitation exploitation of the vulnerability could allow a remote attacker to disclose protected information. GNOME GUI libsoup library vulnerability is related to asymmetric resource consumption...

Linux Distros Unpatched Vulnerability : CVE-2023-22025

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, product of Oracle Java SE component: Hotspot. Supported versions...

Linux Distros Unpatched Vulnerability : CVE-2017-10274

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Java SE component of Oracle Java SE subcomponent: Smart Card IO. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and ...