PT-2025-27449 · Unknown · Devinim Software Library

Name of the Vulnerable Software and Affected Versions: Devinim Software Library Software versions prior to 24.11.02 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS attacks...

CVE-2025-37096

A command injection remote code execution vulnerability exists in HPE StoreOnce Software...

CVE-2025-37092

A command injection remote code execution vulnerability exists in HPE StoreOnce Software...

CVE-2025-37091

A command injection remote code execution vulnerability exists in HPE StoreOnce Software...

CLSA-2025-1748638245 python3: Fix of CVE-2024-9287

CVE-2024-9287: fix path names quoting to prevent command injection in virtual environment activation scripts...

CVE-2025-31247

A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An attacker may gain access to protected parts of the file system...

org.jboss.hal:hal-standalone (>=3.5.0.Final <=3.7.10.Final) potentially affected by CVE-2025-2901 via org.jboss.hal:hal-console (>=3.5.0.Final <=3.7.10.Final)

org.jboss.hal:hal-console MAVEN version =3.5.0.Final, =3.5.0.Final, =3.7.10.Final Source cves: CVE-2025-2901 Source advisory: OSV:GHSA-F7JH-M6WP-JM7F...

BELL-CVE-2025-23152 CVE-2025-23152 does not affect BellSoft software

Bulletin has no description...

CVE-2025-25276

An unauthenticated attacker can hijack other users' devices and potentially control them...

CLSA-2025-1744723009 php: Fix of CVE-2025-1861

CVE-2025-1861: move allocation of location from heap to stack, add error checking for location length...

AZL-61789 CVE-2025-29480 affecting package gdal 3.6.3-2

Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service via the OGRSpatialReference::Release function. NOTE: the Supplier indicates that the report is invalid and could not be reproduced...

CVE-2024-58109

Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2025-26852

DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 allows SQL Injection...

aider-chat (=0.43.0), aimon-llamaindex (>=0.0.6 <=0.0.8) +685 more potentially affected by CVE-2024-12911 via llama-index-core (>=0.10.0 <=0.12.28)

llama-index-core PYPI version =0.10.0, =0.0.6, =1.1.0, =3.0.0, =1.7.0, =1.0.0, =0.0.3, =0.2.1, =0.2.1.dev0, =0.1.3, =0.1.169, =0.1.0, =0.3.0, =0.1.0, =0.4.0.dev2 and more Source cves: CVE-2024-12911 Source advisory: SNYK:PYTHON-LLAMAINDEXCORE-9510942...

MAL-2025-1725 Malicious code in amazon-utils (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2023-46401

KWHotel 0.47 is vulnerable to CSV Formula Injection in the invoice adding function...

CVE-2025-21360

Microsoft AutoUpdate MAU Elevation of Privilege Vulnerability...

CVE-2025-21289

Microsoft Message Queuing MSMQ Denial of Service Vulnerability...

USN-7192-1 xfpt vulnerability

It was discovered that xfpt did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause the application to crash or execute arbitrary code...

Unsound usages of `u8` type casting in spl-token-swap

The library provides a safe public API unpack to cast u8 array to arbitrary types, which can cause to undefined behaviors. The length check of array can only prevent out-of-bound access on the return type. However, it can't prevent misaligned pointer when casting u8 pointer to a type aligned to...