PT-2025-43637

Name of the Vulnerable Software and Affected Versions Nous W3 Smart WiFi Camera version 1.33.50.82 Description A flaw exists in the firmware update process of the Nous W3 Smart WiFi Camera. An attacker in close physical proximity, without needing to authenticate, can gain root access by providing...

EUVD-2020-24086

Malware in sbrugna...

EUVD-2022-28581

Malicious code in bioql PyPI...

EUVD-2024-0373

Malicious code in bioql PyPI...

RLSA-2025:14178 Important: tomcat9 security update

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

PT-2025-118: UNION-based SQL injection in MentionsPlugin for FosWiki

The vulnerability was identified in MentionsPlugin for FosWiki 2.1.9. The vulnerability can be exploited due to insufficient validation of user input. This allows an attacker to inject arbitrary SQL statements and thereby modify the logic of database queries. Vulnerability status: Confirmed by...

GHSA-G5CG-6C7V-MMPW HackMD MCP Server has Server-Side Request Forgery (SSRF) vulnerability

Impact A Server-Side Request Forgery SSRF vulnerability that affects all users running the HackMD MCP server in HTTP mode. Attackers could exploit this vulnerability by passing arbitrary hackmdApiUrl values through HTTP headers Hackmd-Api-Url or base64-encoded JSON query parameters. This allows...

CVE-2025-59141

simple-swizzle swizzles function arguments. On 8 September 2025, the npm publishing account for simple-swizzle was taken over after a phishing attack. Version 0.2.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect...

CVE-2025-59331

CVE-2025-59331 concerns the npm package is-arrayish. Version 0.3.3 was published after an attacker gained control of a publishing account and inserted a malware payload intended to redirect cryptocurrency transactions in browser environments. Local/server/CLI contexts are not affected. The issue ...

WordPress UpStore Theme <= 1.7.0 is vulnerable to Cross Site Scripting (XSS)

Software UpStore Type Theme Vulnerable versions = 1.7.0 Fixed in 1.7.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-48296 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 78b49b9e10bc Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber...

Security Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple security vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.299 Vulnerability Details CVEID:CVE-2025-47436 DESCRIPTION: Heap-based Buffer Overflow vulnerability in Apache ORC. A vulnerability has been identified in the ORC C++ LZO decompression logic, where...

PT-2025-26090 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.19.0-rc3+ Description: A vulnerability in the Linux kernel has been resolved, related to the wifi component, specifically in the iwlwifi mvm module. The issue occurs when station queues are disabled, and the...

PT-2025-25459

Name of the Vulnerable Software and Affected Versions Grafana affected versions not specified Description A medium-severity flaw in Grafana Alerting exposes sensitive DingDing contact point URLs to viewers. This issue may lead to data exposure. Recommendations Update to a patched version to resol...

CVE-2025-46823 OpenMRS has Vulnerability in FHIR2 Module Privileges

openmrs-module-fhir2 provides the FHIR REST API and related services for OpenMRS, an open medical records system. In versions of the FHIR2 module prior to 2.5.0, privileges were not always correctly checked, which means that unauthorized users may have been able to add or edit data they were not...

CVE-2024-25130

Tuleap is an open source suite to improve management of software developments and collaboration. Prior to version 15.5.99.76 of Tuleap Community Edition and prior to versions 15.5-4 and 15.4-7 of Tuleap Enterprise Edition, users with a read access to a tracker where the mass update feature is use...

PT-2025-17593 · Xrpl.Js · Xrpl.Js

Name of the Vulnerable Software and Affected Versions: xrpl.js versions 2.14.2, 4.2.1, 4.2.2, 4.2.3, 4.2.4 xrpl.js versions prior to 4.2.5 and 2.14.3 Description: xrpl.js is a JavaScript/TypeScript API for interacting with the XRP Ledger in Node.js and the browser. The affected versions of xrpl.j...

PT-2025-16864 · Unknown · Telecontrol Server Basic

Name of the Vulnerable Software and Affected Versions: TeleControl Server Basic versions prior to 3.1.2.2 Description: A SQL injection vulnerability has been identified in the affected application through the internally used UnlockTraceLevelSettings method. This could allow an authenticated remot...

CVE-2025-26671

creationtimestamp| type| source ---|---|--- 2025-04-08 16:14:25+00:00| seen| https://www.thezdi.com/blog/2025/4/8/the-april-2025-security-update-review 2025-04-08 19:48:36+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114304071467930594 2025-04-08 20:07:38+00:00| seen|...

Low: python3

Issue Overview: During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header bein...

OESA-2025-1351 vim security update

Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems. Securi...