PT-2025-31094

Name of the Vulnerable Software and Affected Versions Ncvav Virtual PBX Software versions prior to 09.07.2025 Description Ncvav Virtual PBX Software is susceptible to a SQL Injection issue due to improper neutralization of special elements used in an SQL command. This allows for potential SQL...

PT-2025-31057 · Optimizely · Episerver Cms +2

Name of the Vulnerable Software and Affected Versions: Episerver CMS by Optimizely versions prior to 11.21.4 and prior to 11.37.5 Episerver CMS by Optimizely versions prior to 12.22.1 and prior to 11.37.3 Description: The Episerver Content Management System CMS by Optimizely was affected by...

ALSA-2025:11861 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: media: uvcvideo: Fix double free in error path CVE-2024-57980 kernel: wifi: iwlwifi: limit printed string from FW file CVE-2025-21905 kernel: RDMA/mlx5: Fix pagesize variable overflow...

PT-2025-31138 · WordPress · No Boss Testimonials

Name of the Vulnerable Software and Affected Versions: No Boss Testimonials versions 1.0.0 through 3.0.0 No Boss Testimonials versions 4.0.0 through 4.0.2 Description: A stored Cross-Site Scripting XSS issue exists in the No Boss Testimonials component. This allows an attacker to inject malicious...

DLA-4253-1 thunderbird - security update

Bulletin has no description...

PT-2025-30954 · WordPress · Wpematico Rss Feed Fetcher

Name of the Vulnerable Software and Affected Versions: WPeMatico RSS Feed Fetcher plugin for WordPress versions prior to 2.8.8 Description: The plugin is susceptible to a Cross-Site Request Forgery issue because of missing nonce validation in the handle feedback submission function. This allows...

CVE-2025-43489

A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could deserialize untrusted data without validation. HP has addressed the issue in the latest software update...

PT-2025-30909 · Unknown · Codeigniter4

Name of the Vulnerable Software and Affected Versions: CodeIgniter4 version 4.6.0 Description: A stored cross-site scripting XSS vulnerability exists in CodeIgniter4. Attackers can execute arbitrary web scripts or HTML by injecting a crafted payload into the debugbar time parameter...

PT-2025-30913 · Unknown · Abnormal Security

Name of the Vulnerable Software and Affected Versions: Abnormal Security versions prior to 2025-02-19 Description: The software contains an issue that allows downgrading the privileges of other user accounts. The issue is related to the /v1.0/rbac/users v2/USER ID/ API endpoint, where USER ID is ...

PT-2025-30849 · Unitree · Unitree Go 1

Name of the Vulnerable Software and Affected Versions: Unitree Go1 versions Go1 2022 05 11 and earlier Description: The firmware update functionality via Wi-Fi/Ethernet implements an insecure verification mechanism that relies solely on MD5 checksums for firmware integrity validation...

PT-2025-30899 · Unknown · Simplehelp

Name of the Vulnerable Software and Affected Versions: Simplehelp versions prior to 5.5.11 Description: The software contains a Cross-Site Request Forgery CSRF flaw. Recommendations: Update Simplehelp to version 5.5.11 or later...

PT-2025-30924 · Tableau · Tableau Server

Name of the Vulnerable Software and Affected Versions: Tableau Server versions prior to 2025.1.3 Tableau Server versions prior to 2024.2.12 Tableau Server versions prior to 2023.3.19 Description: Tableau Server contains a flaw in the Extensible Protocol Service modules that allows unrestricted fi...

PT-2025-30797 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.16.0-rc3+ 23 Description: The Linux kernel contains a flaw in the NVME over TCP implementation related to suspicious RCU Read-Copy-Update usage within the nvme mpath add sysfs link function. This issue manifes...

PT-2025-31027 · Totolink · Totolink X15

Name of the Vulnerable Software and Affected Versions: TOTOLINK X15 version 1.0.0-B20230714.1105 Description: A critical vulnerability exists in the TOTOLINK X15 device. The issue is a buffer overflow within an unknown function of the HTTP POST Request Handler component, specifically in the file...

CVE-2025-43487

A potential privilege escalation through Sudo vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The firmware flaw does not properly implement access controls. HP has addressed the issue in the latest software update...

CVE-2025-43022

A potential SQL injection vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could allow a privileged user to execute SQL commands. HP has addressed the issue in the latest software update...

CVE-2025-43485

A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The vulnerability could potentially allow a privileged user to retrieve credentials from the log files. HP has addressed the issue in the latest software update...

CVE-2025-43483

A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could allow the retrieval of hardcoded cryptographic keys. HP has addressed the issue in the latest software update...

CVE-2025-43488

A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The vulnerability could allow a bypass of the application's XSS filter by submitting untrusted characters. HP has addressed the issue in the latest software update...

CVE-2025-43020

A potential command injection vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The vulnerability could allow a privileged user to submit arbitrary input. HP has addressed the issue in the latest software update...