CVE-2025-43486

A potential stored cross-site scripting vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The website allows user input to be stored and rendered without proper sanitization. HP has addressed the issue in the latest software update...

CVE-2025-43021

A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could allow the use and retrieval of the default password. HP has addressed the issue in the latest software update...

CVE-2025-43484

A potential reflected cross-site scripting vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The website does not validate or sanitize the user input before rendering it in the response. HP has addressed the issue in the latest software update...

RHSA-2025:11352 Red Hat Security Advisory: OpenShift Container Platform 4.15.55 packages and security update

Bulletin has no description...

PT-2025-30655 · WordPress · Dataverse Integration

Name of the Vulnerable Software and Affected Versions: Dataverse Integration versions 2.77 through 2.81 Description: The plugin is susceptible to privilege escalation due to missing authorization checks within the reset password link REST endpoint. The endpoint’s handler unconditionally calls get...

PT-2025-30670 · Tenda · Tenda Ac8V4

Name of the Vulnerable Software and Affected Versions: Tenda AC8V4 version V16.03.34.06 Description: The Tenda AC8V4 device contains a stack overflow issue at the /goform/SetSysTimeCfg API endpoint. Manipulation of the timeZone and timeType parameters leads to a stack-based buffer overflow...

PT-2025-30707 · Lf Edge · Ekuiper

Name of the Vulnerable Software and Affected Versions: LF Edge eKuiper versions prior to 2.2.1 Description: A critical SQL Injection vulnerability exists in the getLast API functionality of the eKuiper project. This flaw allows unauthenticated remote attackers to execute arbitrary SQL statements ...

DLA-4250-1 firefox-esr - security update

Bulletin has no description...

CVE-2025-54122

Manager-io/Manager is accounting software. A critical unauthenticated full read Server-Side Request Forgery SSRF vulnerability has been identified in the proxy handler component of both manager Desktop and Server edition versions up to and including 25.7.18.2519. This vulnerability allows an...

CVE-2025-53537 LibHTP's memory leak with lzma can lead to resource starvation

LibHTP is a security-aware parser for the HTTP protocol and its related bits and pieces. In versions 0.5.50 and below, there is a traffic-induced memory leak that can starve the process of memory, leading to loss of visibility. To workaround this issue, set suricata.yaml...

SonicWall SMA100 SSL-VPN Affected By Multiple Vulnerabilities

1 CVE-2025-40596 - Pre-Authentication Stack-Based Buffer Overflow VulnerabilityA Stack-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service DoS or potentially results in code execution. CVSS Score: 7.3 CVSS Vecto...

RHSA-2025:11580 Red Hat Security Advisory: libxml2 security update

Bulletin has no description...

RHSA-2025:11537 Red Hat Security Advisory: sudo security update

Bulletin has no description...

RHSA-2025:11545 Red Hat Security Advisory: perl security update

Bulletin has no description...

Real-time Bus Tracking System vulnerable to improper validation of specified quantity in input

Overview Real-time Bus Tracking System provided by SYNCK GRAPHICA contains the following vulnerability. Improper validation of specified quantity in input CWE-1284 - CVE-2025-43881 n3ddih reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

CVE-2025-43487

A potential privilege escalation through Sudo vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The firmware flaw does not properly implement access controls. HP has addressed the issue in the latest software update...

CVE-2025-43488

A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The vulnerability could allow a bypass of the application's XSS filter by submitting untrusted characters. HP has addressed the issue in the latest software update...

CVE-2025-43486

A potential stored cross-site scripting vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The website allows user input to be stored and rendered without proper sanitization. HP has addressed the issue in the latest software update...

CVE-2025-43489

A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could deserialize untrusted data without validation. HP has addressed the issue in the latest software update...

CVE-2025-43488

A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The vulnerability could allow a bypass of the application's XSS filter by submitting untrusted characters. HP has addressed the issue in the latest software update...