PT-2025-36247

Name of the Vulnerable Software and Affected Versions: Quiz And Survey Master versions through 10.2.5 Description: Deserialization of untrusted data in ExpressTech Systems Quiz And Survey Master allows for object injection. Recommendations: At the moment, there is no information about a newer...

SUSE SLES15 Security Update : ruby2.5 (SUSE-SU-2025:02814-2)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02814-2 advisory. - CVE-2024-35221: Fixed remote denial of service via YAML manifest bsc1225905 Tenable has extracted the preceding description block directl...

Security update for ruby2.5

This update for ruby2.5 fixes the following issues: CVE-2024-35221: Fixed remote denial of service via YAML manifest bsc1225905 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...

SUSE-SU-2025:02814-2 Security update for ruby2.5

This update for ruby2.5 fixes the following issues: - CVE-2024-35221: Fixed remote denial of service via YAML manifest bsc1225905...

aa-altcorp (>=0.1.2b0 <=1.1.1), aa-alumni (>=0.0.1a1 <=1.0.1) +1435 more potentially affected by CVE-2025-57833 via django (>=5.2.0 <=5.2.5)

django PYPI version =5.2.0, =0.1.2b0, =0.0.1a1, =0.1.1, =3.1.0b1, =1.0.3, =0.0.1a2, =0.1.0, =0.2.0, =1.0.0, =1.1.0b3, =0.1.0b1, =0.1.0, =1.1.0 and more Source cves: CVE-2025-57833 Source advisory: SNYK:PYTHON-DJANGO-12485156...

QNAP Systems QuRouter 安全漏洞

QNAP Systems QuRouter is a router management system from China Weilian Technology QNAP Systems. A security vulnerability exists in QNAP Systems QuRouter version 2.5.1 that originates from command injection and could lead to the execution of arbitrary commands...

Asterisk 安全漏洞

Asterisk is an Asterisk open source software for PBX systems that runs on Linux and supports IP calls using SIP, IAX, and H323 protocols. Asterisk version 20.15.2 and versions prior to 22.5.2 have a security vulnerability that stems from the getauthorizationheader function returning NULL resultin...

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

SUSE: Security Advisory (SUSE-SU-2025:02814-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ruby2.5 (SUSE-SU-2025:02814-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02814-1 advisory. - CVE-2024-35221: Fixed remote denial of service via YAML manifest bsc1225905 Tenable has extracted the...

SUSE-SU-2025:02814-1 Security update for ruby2.5

This update for ruby2.5 fixes the following issues: - CVE-2024-35221: Fixed remote denial of service via YAML manifest bsc1225905...

WordPress Stratus Theme <= 4.2.5 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme App, SaaS & Software Startup Tech Theme - Stratus versions = 4.2.5...

EUVD-2025-24462

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows an unauthenticated attacker to execute...

CVE-2025-20090

Untrusted Pointer Dereference for some IntelR QuickAssist Technology software before version 2.5.0 may allow an authenticated user to potentially enable denial of service via local access...

CVE-2025-20090

CVE-2025-20090 describes an untrusted pointer dereference in Intel(R) QuickAssist Technology software prior to version 2.5.0, which may allow an authenticated user to potentially cause a local-denial-of-service. Affected product: Intel QuickAssist Technology software before 2.5.0. Root cause: unt...

CVE-2025-8836 JasPer JPEG2000 Encoder jpc_enc.c jpc_floorlog2 assertion

A vulnerability was determined in JasPer up to 4.2.5. Affected by this issue is the function jpcfloorlog2 of the file src/libjasper/jpc/jpcenc.c of the component JPEG2000 Encoder. The manipulation leads to reachable assertion. The attack needs to be approached locally. The exploit has been...

JasPer 安全漏洞

Jasper is a flexible and powerful GitHub issue reader open-sourced by Jasper. A security vulnerability exists in JasPer 4.2.5 and earlier versions, which stems from a post-release reuse issue in the function jpcdecdump in the file src/libjasper/jpc/jpcdec.c. The vulnerability is caused by the...

Security update for ruby2.5

This update for ruby2.5 fixes the following issues: CVE-2025-6442: Fixed readheader HTTP Request Smuggling Vulnerability in WEBrick bsc1245254 CVE-2025-27221: Fixed userinfo leakage in URIjoin, URImerge and URI+ bsc1237805 Patch Instructions: To install this SUSE update use the SUSE recommended...

xsser

XSSER ========== Presentation From XSS to RCE 2.75 - Black Hat Europe Arsenal 2017 Demo Version 2.0 - 2015: https://www.youtube.com/playlist?list=PLIjb28IYMQgqqqApoGRCZO40vP-eKsgf Version 2.5 - 2016: https://www.youtube.com/playlist?list=PLRic6PgcrsWGkgacL6WFnSQKVRZIoofRj Version 2.75 - 2017: Non...

WordPress plugin Residential Address Detection 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...