CLSA-2025-1763418591 Fix CVE(s): CVE-2019-3843, CVE-2019-3844

SECURITY UPDATE: Privilege chaining vulnerability - debian/patches/CVE-2019-3843.patch: introduce functionality for blocking chmod for suid/sgid files with new unit setting RestrictSUIDSGID= - CVE-2019-3843 SECURITY UPDATE: Privilege chaining vulnerability - debian/patches/CVE-2019-3844.patch:...

PT-2025-47151

Name of the Vulnerable Software and Affected Versions OpenRapid RapidCMS version 1.3.1 Description OpenRapid RapidCMS version 1.3.1 is susceptible to Cross Site Scripting XSS attacks. The issue is located in the /system/update-run.php API endpoint. This allows for the injection of malicious...

PT-2025-47082

Name of the Vulnerable Software and Affected Versions PHPGurukul Tourism Management System version 1.0 Description A security flaw exists in PHPGurukul Tourism Management System 1.0. The issue is related to SQL injection within an unknown function of the file /admin/user-bookings.php. Manipulatio...

PT-2025-46990

Name of the Vulnerable Software and Affected Versions CodeAstro Gym Management System version 1.0 Description A security flaw exists in CodeAstro Gym Management System version 1.0. The issue involves a SQL injection impacting an unknown function within the /admin/view-member-report.php file...

PT-2025-46996

Name of the Vulnerable Software and Affected Versions rachelos WeRSS we-mp-rss versions up to 1.4.7 Description A flaw exists in the Webhook Module of rachelos WeRSS we-mp-rss. The do job function within the /rachelos/we-mp-rss/blob/main/jobs/mps.py file is susceptible to server-side request...

CVE-2025-64507

CVE-2025-64507 affects Incus/LXD: in versions prior to 6.0.6 and 6.19.0 an unprivileged user who can access a container and a host with a custom storage volume that has security.shifted=true may create a setuid binary inside the container and execute it on the host to gain root. The issue require...

PT-2025-45476

Name of the Vulnerable Software and Affected Versions Campcodes School File Management version 1.0 Description A security flaw exists in Campcodes School File Management 1.0. The issue is related to SQL injection, which can be triggered by manipulating the user id argument in the /admin/update...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the getIssuerCertificate function. An attacker can gain unauthorized access to Secrets in other namespaces by bypassing RBAC restrictions. This is only exploitable if the attacker has permission to create...

PT-2025-44453

Name of the Vulnerable Software and Affected Versions Each Italy Wireless Mini Router WIRELESS-N 300M version v28K.MiniRouter.20190211 Description A flaw exists in the web management interface of the affected router that allows unauthorized modification of the administrator username and password...

PT-2025-45348

Name of the Vulnerable Software and Affected Versions containerd versions 0.1.0 through 1.7.28 containerd versions 2.0.0-beta.0 through 2.0.6 containerd versions 2.1.0-beta.0 through 2.1.4 containerd versions 2.2.0-beta.0 through 2.2.0-rc.1 Description containerd is an open-source container runti...

PT-2025-43872

Name of the Vulnerable Software and Affected Versions Tenda O3 version 1.0.0.102478 Description A weakness exists in the Tenda O3 version 1.0.0.102478. This issue affects the SetValue/GetValue function within the /goform/setNetworkService file. Manipulation of the upnpEn argument can lead to a...

PT-2025-43981

Name of the Vulnerable Software and Affected Versions SourceCodester Point of Sales version 1.0 Description A security flaw exists in SourceCodester Point of Sales version 1.0. The issue involves a SQL injection affecting an unknown function within the /delete category.php file. Manipulation of t...

PT-2025-43958

Name of the Vulnerable Software and Affected Versions StarCharge Artemis AC Charger versions 1.0.4 Description The StarCharge Artemis AC Charger version 1.0.4 contains a stack overflow issue. This occurs through the cgiMain function at the download.cgi endpoint. The vulnerability is triggered via...

PT-2025-44004

Name of the Vulnerable Software and Affected Versions BLU-IC2 versions through 1.19.5 BLU-IC4 versions through 1.19.5 Description The software allows for the disclosure of email passwords. The issue affects Azure Access Tech BLU-IC2 and BLU-IC4. It is recommended to restrict access and enable...

PT-2025-44064

Name of the Vulnerable Software and Affected Versions SourceCodester Student Grades Management System version 1.0 Description A flaw exists in the Student Grades Management System that impacts the delete user function within the /admin.php file. Manipulation of this function can lead to cross sit...

PT-2025-43665

Name of the Vulnerable Software and Affected Versions PerfreeBlog version 4.0.11 Description The software contains a flaw that allows for arbitrary file deletion through the unInstallTheme function. Recommendations Update to a newer version that contains a fix for this vulnerability. As a tempora...

PT-2025-43664

Name of the Vulnerable Software and Affected Versions PerfreeBlog version 4.0.11 Description PerfreeBlog version 4.0.11 contains a File Upload issue within the installPlugin function. This allows for potential unauthorized file uploads. Recommendations Update to a newer version that contains a fi...

PT-2025-43634

Name of the Vulnerable Software and Affected Versions D-Link DIR600LAx version FW116WWb01 Description The D-Link DIR600LAx firmware version FW116WWb01 contains a buffer overflow. This occurs through the curTime parameter in the formSetQoS function. Recommendations Update to a newer firmware versi...

PT-2025-43396

Name of the Vulnerable Software and Affected Versions Tenda AC6 version 15.03.06.50 Description The software contains multiple buffer overflow flaws within the openSchedWifi function. An attacker can leverage these to trigger a Denial of Service DoS condition by injecting a specially crafted...

From Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation

Fortra on Thursday revealed the results of its investigation into CVE-2025-10035, a critical security flaw in GoAnywhere Managed File Transfer MFT that's assessed to have come under active exploitation since at least September 11, 2025. The company said it began its investigation on September 11...