EUVD-2026-29514

Improper Input Validation vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 10.0.0-M1 through 10.0.27. Older, end of support versions may also be affected. Users are recommended to...

Astra Linux – Vulnerability in Tomcat9

The “Allocation of Resources Without Limits or Throttling” vulnerability in Apache Tomcat exists. This issue affects Apache Tomcat versions from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, and from 9.0.13 through 9.0.89. The following versions were already reached their...

Mura 安全漏洞

Mura is a content management system developed by Mura Corporation. Versions of Mura 10.1.10 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the lack of CSRF token verification when clearing the trash bin, which could lead to permanent data loss...

MiracleLinux 4 : rh-mariadb101-mariadb-10.1.19-6.AXS4 (AXSA:2017-1288:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-1288:01 advisory. MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation...

CVE-2024-41741

IBM TXSeries for Multiplatforms 10.1 could allow an attacker to determine valid usernames due to an observable timing discrepancy which could be used in further attacks against the system...

📄 Zimbra Collaboration 10.0 / 10.1 Local File Inclusion

This is a proof of concept exploiting a local file inclusion vulnerability existing in the Webmail Classic UI of Zimbra Collaboration ZCS versions 10.0 and 10.1. The issue is due to improper handling of user-supplied request parameters in the RestFilter servlet. zimbramail-CVE-2025-68645-poc A...

Integer Overflow or Wraparound

Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

openssh: OpenSSH: Null character in ssh:// URI can lead to code execution via ProxyCommand

A flaw was found in OpenSSH where the SSH client accepted \0 null characters in ssh:// URIs. When a ProxyCommand is configured, these characters could alter how the command is parsed, potentially leading to code execution depending on how the proxy is set up...

EUVD-2025-27456

Malicious code in bioql PyPI...

CVE-2025-59547

DNN (DotNetNuke) before version 10.1.0 has a vulnerability in the CKEditor file upload endpoint where filename sanitization allows Unicode-based path traversal that could expose internal network resources. Affected component: CKEditor file upload handler (/api/v1/upload as per PT security doc). I...

CVE-2025-59821 DNN vulnerable to Reflected Cross-Site Scripting (XSS) using url to profile

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, DNN’s URL/path handling and template rendering can allow specially crafted input to be reflected into a user profile that is returned to the browser. In these cases,...

CVE-2025-59546

CVE-2025-59546 affects DNN (DotNetNuke) prior to version 10.1.0. The vulnerability allows stored XSS via HTML/script in module titles by users with module-editing privileges and with the HTML-in-titles setting enabled. The issue has been patched in version 10.1.0. Affected components are the DNN ...

CVE-2025-49430

Server-Side Request Forgery SSRF vulnerability in FWDesign Ultimate Video Player fwduvp allows Server Side Request Forgery.This issue affects Ultimate Video Player: from n/a through = 10.1...

CVE-2025-49432

Missing Authorization vulnerability in FWDesign Ultimate Video Player fwduvp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Video Player: from n/a through = 10.1...

CVE-2025-49432

CVE-2025-49432 affects FWDesign Ultimate Video Player (WordPress plugin) up to version 10.1. Description documents a Missing Authorization vulnerability caused by incorrectly configured access control security levels, enabling unauthorized access actions. Public sources (PT-Security) indicate the...

Zimbra Collaboration 安全漏洞

Zimbra Collaboration is an open source enterprise-class email and collaboration platform from Zimbra, Inc. that supports email, calendaring, document management, and team collaboration features. A security vulnerability exists in Zimbra Collaboration 10.1 and prior versions, which stems from...

HYPR Passwordless 安全漏洞

HYPR Passwordless is an identity security solution from HYPR. A security vulnerability exists in HYPR Passwordless versions prior to 10.1, which stems from improper link resolution prior to file access and could lead to elevation of privilege...

Zulip server 安全漏洞

Zulip server is an open source team chat application from Zulip USA. A security vulnerability exists in versions of Zulip server prior to 10.1, which stems from insufficient permission checking in the Delete Organization Export API, which could result in an administrator deleting exports from oth...

CVE-2025-25967

Acora CMS version 10.1.1 is vulnerable to Cross-Site Request Forgery CSRF. This flaw enables attackers to trick authenticated users into performing unauthorized actions, such as account deletion or user creation, by embedding malicious requests in external content. The lack of CSRF protections...

CVE-2025-25967

CVE-2025-25967 affects Acora CMS 10.1.1, where a Cross-Site Request Forgery (CSRF) vulnerability allows an attacker to trick authenticated users into performing unauthorized actions by embedding malicious requests in external content. The lack of CSRF protections is the root cause. According to t...