102 matches found
CVE-2025-32969
Summary: CVE-2025-32969 affects XWiki Platform REST server and related components, enabling unauthenticated remote SQL injection by escaping the HQL execution context in the REST API query endpoint. Affected versions are 1.8 through before 15.10.16, and before 16.4.6 and 16.10.1. Successful explo...
PT-2025-17303 · Unknown · Electrolink 500W
Name of the Vulnerable Software and Affected Versions: Electrolink 500W, 1kW, 2kW Medium DAB Transmitter Web versions v01.07 through v01.09 Electrolink 500W, 1kW, 2kW Medium DAB Transmitter Display versions v1.2 through v1.4 Description: A credential exposure issue allows unauthorized attackers t...
PT-2025-16417
Name of the Vulnerable Software and Affected Versions MySQL Server versions 8.0.0 through 8.0.41 MySQL Server versions 8.4.0 through 8.4.4 MySQL Server versions 9.0.0 through 9.2.0 Description The issue allows a high-privileged attacker with network access via multiple protocols to compromise MyS...
PT-2025-16313 · WordPress · Advance Wp Query Search Filter
Name of the Vulnerable Software and Affected Versions: Advance WP Query Search Filter versions 1.0.10 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS in the Advance WP Query...
Advisory ROSA-SA-2025-2844
Software: gtk3 3.22.30 OS: ROSA Virtualization 2.1 packageevrstring: gtk3-3.22.30-12.rv3 CVE-ID: CVE-2024-6655 BDU-ID: 2024-06447 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the GTK graphical user interface creation library GIMP Toolkit is related to mismanagement of code generation...
PT-2025-15864 · Juniper Networks · Junos
Name of the Vulnerable Software and Affected Versions: Junos OS versions prior to 21.2R3-S9 Junos OS versions 21.4 prior to 21.4R3-S10 Junos OS versions 22.2 prior to 22.2R3-S6 Junos OS versions 22.4 prior to 22.4R3 Junos OS versions 23.2 prior to 23.2R1-S2, 23.2R2 Description: An issue in the...
PT-2025-15862 · Juniper Networks · Junos Evolved +1
Name of the Vulnerable Software and Affected Versions: Junos OS versions prior to 21.2R3-S9 Junos OS versions from 21.4 before 21.4R3-S8 Junos OS versions from 22.2 before 22.2R3-S6 Junos OS versions from 22.4 before 22.4R3-S2 Junos OS versions from 23.2 before 23.2R2-S3 Junos OS versions from 23...
PT-2025-15130 · Unknown · Openharmony
Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 5.0.2 Description: The issue allows a local attacker to cause a denial of service DOS through an out-of-bounds read. Recommendations: For versions prior to 5.0.2, update to a version newer than 5.0.2 to resolve t...
CVE-2025-30164 Icinga Web 2 has open redirect on login page
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 vulnerability allows an attacker to craft a URL that, once visited by an authenticated user or one that is able to authenticate, allows to...
PT-2025-12741 · WordPress · Wp-Advanced-Search
Name of the Vulnerable Software and Affected Versions: WP-Advanced-Search versions prior to 3.3.9.3 Description: The issue concerns the WordPress WP-Advanced-Search plugin, where some settings are not properly sanitized and escaped. This could allow high-privilege users, such as admins, to perfor...
PT-2025-9903 · Samsung · Samsung Notes
Name of the Vulnerable Software and Affected Versions: Samsung Notes versions prior to 4.4.26.71 Description: The issue is related to an out-of-bounds read in the parsing of RLE Run-Length Encoding of BMP images. This allows local attackers to read out-of-bounds memory, potentially leading to...
Advisory ROSA-SA-2025-2750
Software: libtiff 4.0.9 OS: ROSA Virtualization 2.1 packageevrstring: libtiff-4.0.9-33.rv3 CVE-ID: CVE-2018-15209 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in LibTIFF allows remote attackers to cause a denial of service or execute arbitrary code via a specially crafted TIFF file...
Advisory ROSA-SA-2025-2724
Software: gnutls 3.6.16 OS: ROSA Virtualization 3.0 packageevrstring: gnutls-3.6.16-8.0.1.rv30.1 CVE-ID: CVE-2021-4209 BDU-ID: 2022-01898 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the implementation of the wrapnettlehashfast function of the GnuTLS cryptographic library is related to pointer...
Advisory ROSA-SA-2025-2683
Software: grub2 2.02 OS: ROSA Virtualization 3.0 packageevrstring: grub2-2.02-148.0.3 CVE-ID: CVE-2022-2601 BDU-ID: 2022-06819 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the grubfontconstructglyph function of the Grub2 operating systems boot loader is related to an operation exceeding buffer...
CVE-2021-37626
Contao is an open source CMS that allows you to create websites and scalable web applications. In affected versions it is possible to load PHP files by entering insert tags in the Contao back end. Installations are only affected if they have untrusted back end users who have the rights to modify...
CVE-2022-36051
ZITADEL combines the ease of Auth0 and the versatility of Keycloak.Actions, introduced in ZITADEL 1.42.0 on the API and 1.56.0 for Console, is a feature, where users with role.ORGOWNER are able to create Javascript Code, which is invoked by the system at certain points during the login. Actions,...
PT-2025-2609 · Ibm · Ibm Cics Tx Advanced +1
Name of the Vulnerable Software and Affected Versions: IBM CICS TX Advanced versions 10.1 through 11.1 IBM CICS TX Standard version 11.1 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials...
PT-2024-36160 · Unknown · Wp-Nerd Toolkit
Name of the Vulnerable Software and Affected Versions: WP-NERD Toolkit versions n/a through 1.1 Description: The issue is related to the exposure of sensitive system information to an unauthorized control sphere. This problem affects the WP-NERD Toolkit, allowing unauthorized access to confidenti...
PT-2024-35866 · Unknown · Aftab Husain Vertical Carousel
Name of the Vulnerable Software and Affected Versions: Aftab Husain Vertical Carousel versions 1.0.2 and earlier Description: The issue affects Aftab Husain Vertical Carousel, allowing Stored XSS due to improper neutralization of input during web page generation. This is a Cross-site Scripting...
PYSEC-2024-202
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browser session to retrieve/recreate/delete the user...