CVE-2025-27601

Umbraco is a free and open source .NET content management system. An improper API access control issue has been identified Umbraco's API management package prior to versions 15.2.3 and 14.3.3, allowing low-privilege, authenticated users to create and update data type information that should be...

CVE-2025-29773

Froxlor

Unspecified Vulnerability in Multiple Mozilla Products (CNVD-2025-05231)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A security vulnerability exists in several Mozilla products that stems...

CVE-2025-27617

Pimcore is affected by a SQL injection in the getRelationFilterCondition path prior to version 11.5.4. Authenticated users can craft a filter string that leads to SQL injection, potentially exposing or modifying data. The issue is addressed by upgrading Pimcore to version 11.5.4 or newer. Documen...

[SECURITY] Fedora 41 Update: chromium-134.0.6998.35-1.fc41

Chromium is an open-source web browser, powered by WebKit Blink...

CVE-2025-27418

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Stored Cross-Site Scripting XSS vulnerability was identified in the adicionartipoatendido.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into t...

CVE-2025-27094

Tuleap is an open-source suite designed to improve software development management and collaboration. A malicious user with access to a tracker could force-reset certain field configurations, leading to potential information loss. The display time attribute for the date field, the size attribute...

CVE-2025-27419

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Denial of Service DoS vulnerability exists in WeGIA. This vulnerability allows any unauthenticated user to cause the server to become unresponsive by performing aggressive spidering. The vulnerabilit...

CVE-2025-22443 Arkcompiler Ets Runtime has an out-of-bounds read vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read...

CVE-2025-27419

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Denial of Service DoS vulnerability exists in WeGIA. This vulnerability allows any unauthenticated user to cause the server to become unresponsive by performing aggressive spidering. The vulnerabilit...

CVE-2025-27419 Denial of Service (DoS) in WeGIA due to Recursive Crawling of Dynamic URLs

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Denial of Service DoS vulnerability exists in WeGIA. This vulnerability allows any unauthenticated user to cause the server to become unresponsive by performing aggressive spidering. The vulnerabilit...

CVE-2025-27420 WeGIA contains a Stored Cross-Site Scripting (XSS) in 'atendido_parentesco_adicionar.php' via the 'descricao' parameter

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Stored Cross-Site Scripting XSS vulnerability was identified in the atendidoparentescoadicionar.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts...

MAL-2025-1665 Malicious code in ocular-monorepo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 948b2048674d1a1a44146f84c535c4078ce37a6108876e974d3db58b06f183f2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Security Bulletin: IBM Cognos Analytics Mobile (Android) is affected by multiple vulnerabilities

Summary There are vulnerabilities in Open Source Software OSS libraries consumed by IBM Cognos Analytics Mobile. These issues have been addressed by upgrading or removing the vulnerable libraries. Additionally, a debug protection vulnerability has been addressed. Please refer to the table in the...

Security Bulletin: IBM Cognos Analytics Mobile (iOS) is affected by multiple vulnerabilities

Summary There are vulnerabilities in Open Source Software OSS libraries consumed by IBM Cognos Analytics Mobile. These issues have been addressed by upgrading or removing the vulnerable libraries. Additionally, a vulnerability related to Source Code Obfuscation has been addressed. Please refer to...

[SECURITY] Fedora 41 Update: chromium-133.0.6943.141-1.fc41

Chromium is an open-source web browser, powered by WebKit Blink...

[SECURITY] Fedora 41 Update: rizin-0.7.4-5.fc41

Rizin is a free and open-source Reverse Engineering framework, providing a complete binary analysis experience with features like Disassembler, Hexadecimal editor, Emulation, Binary inspection, Debugger, and more. Rizin is a fork of radare2 with a focus on usability, working features and co de...

GLPI Input Validation Error Vulnerability

GLPI is an open source IT and asset management software from GLPI Open Source. The software provides a full-featured IT resource management interface , you can use it to create a database to fully manage IT computers , monitors , servers , printers , network devices , telephones , and even toner...

CVE-2025-27135

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. Versions 0.15.1 and prior are vulnerable to SQL injection. The ExeSQL component extracts the SQL statement from the input and sends it directly to the database query. As of time of publication, no patched version is available...

Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data has addressed security vulnerabilities

Summary There are vulnerabilities in Open-Source Software OSS components consumed by IBM Cognos Dashboards on Cloud Pak for Data. Please refer to the Related Information section below for vulnerability impact. This Security Bulletin relates only to the direct usage of third-party components by IB...