PT-2025-20667 · Unknown · Ctcms Content Management System

Name of the Vulnerable Software and Affected Versions: CTCMS Content Management System version 2.1.2 Description: A critical issue was found in the function del of the file ctcmsappscontrollersadminTpl.php of the component File Handler. The manipulation of the argument File leads to path traversa...

Huawei HarmonyOS Out-of-Bounds Read/Write Vulnerability

Huawei HarmonyOS is an operating system from the Chinese company Huawei. Huawei HarmonyOS suffers from an out-of-bounds read/write vulnerability. The vulnerability stems from the kernel module failing to properly check array boundaries when processing certain data. An attacker can exploit this...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to bypass signature validation in XML data [CVE-2025-29774] [CVE-2025-29775]

Summary Node.js module xml-crypto is used by IBM App Connect Enterprise Certified Container for handling XML data. IBM App Connect Enterprise Certified Container operands are vulnerable to signature validation bypass. This bulletin provides patch information to address the reported vulnerability ...

CVE-2025-47729

The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL aka Archive Signal app users, which is different functionality than described in the TeleMessage "End-to-End encryption from the mobile phone through to the corporate archive" documentation, as...

Moodle Authorization Issues Vulnerability

Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from an authorization issue vulnerability that stems from an insufficient capability check, which can be...

CVE-2025-4096

Heap buffer overflow in HTML in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

PT-2025-24451

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: A flaw exists in the LockTaskController.java component within the Android operating system. A logic error in the startLockTaskMode function may allow a bypass of the lock screen, potentiall...

CVE-2025-3976

The CVE-2025-3976 entry affects PHPGurukul COVID19 Testing Management System v1.0, specifically the /new-user-testing.php endpoint. The vulnerability is an SQL injection caused by manipulation of the mobilenumber parameter, exploitable remotely. Multiple connected sources corroborate the affected...

Exploit for CVE-2025-29927

CVE-2025-29927 ★ CVE-2025-29927 Next.js middleware bypass PoC...

PT-2025-17503 · Unknown · Rbaer List Last Changes

Name of the Vulnerable Software and Affected Versions: rbaer List Last Changes versions n/a through 1.2.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can...

Huawei HarmonyOS Privilege Bypass Vulnerability

Huawei HarmonyOS is an operating system from the Chinese company Huawei. Huawei HarmonyOS suffers from a privilege bypass vulnerability that originates from a kernel futex module memory write privilege bypass, which can be exploited by an attacker to affect service confidentiality...

Unspecified vulnerability in Huawei HarmonyOS (CNVD-2025-15528)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from a security issue in the SVG parsing module, and can be exploited by an attacker to affe...

Exploit for Out-of-bounds Write in Gibbonedu Gibbon

Gibbon LMS Arbitrary File Write / RCE Vulnerability Informa...

CVE-2025-31360

Unauthenticated attackers can trigger device actions associated with specific "scenes" of arbitrary users...

Security Bulletin: Vulnerabilities in Flatpak affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary Potential vulnerabilities in Flatpak has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-32462 DESCRIPTION: Flatpak could allow a local...

PT-2025-16553 · Totolink · Totolink A3700R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3700R version 9.1.2u.5822 B20200513 Description: A critical vulnerability was found in the TOTOLINK A3700R, affecting the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access...

CVE-2025-29150

BlueCMS 1.6 suffers from Arbitrary File Deletion via the id parameter in an /publish.php?act=del request...

CVE-2025-27189

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by a Cross-Site Request Forgery CSRF vulnerability that could be exploited to cause a denial-of-service condition. An attacker could trick a logged-in user into submitting a forged request to th...

CVE-2025-3378

PCMan FTP Server 2.0.7 is affected by a buffer overflow in the EPRT Command Handler. The vulnerability allows remote exploitation and is publicly disclosed. Some sources advise disabling the EPRT Command Handler until a fix is available; no patched version information is provided in the supplied ...

📄 DataEase 2.4.0 Information Disclosure

DataEase version 2.4.0 suffers from a database configuration information disclosure vulnerability. - Exploit Title: DataEase Database Creds Extractor - Shodan Dork: http.html:"dataease" - FOFA Dork: body="dataease" && title=="DataEase" - Exploit Author: ByteHunter - Email: [email protected] ...