EUVD-2025-202664

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service DoS via an integer overflow in GLib's GIO GLib Input/Output escapebytestring function when processing malicious file or remote filesystem attribute values...

Coder sensitive objects logged unsanitized vulnerability (CVE-2025-66411)

The Coder versions prior to 2.26.5, 2.27.7, and 2.28.4 are therefore vulnerable to a sensitive information disclosure via plaintext logging. Workspace Agent manifests containing sensitive values were logged in plaintext unsanitized. An attacker with limited local access to the Coder Workspace VM,...

CVE-2025-67636

A missing permission check in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers with View/Read permission to view encrypted password values in views...

CVE-2025-42904

Due to an Information Disclosure vulnerability in Application Server ABAP, an authenticated attacker could read unmasked values displayed in ABAP Lists. Successful exploitation could lead to unauthorized disclosure of data, resulting in a high impact on confidentiality without affecting integrity...

CVE-2025-42904

Due to an Information Disclosure vulnerability in Application Server ABAP, an authenticated attacker could read unmasked values displayed in ABAP Lists. Successful exploitation could lead to unauthorized disclosure of data, resulting in a high impact on confidentiality without affecting integrity...

CVE-2025-14229

A security vulnerability has been detected in SourceCodester Inventory Management System 1.0. The affected element is an unknown function of the component SVC Report Export. Such manipulation leads to csv injection. It is possible to launch the attack remotely. The exploit has been disclosed...

CSV Formula Injection

bagisto/bagisto is vulnerable to CSV Formula Injection. The vulnerability is due to accepting user-supplied product data beginning with spreadsheet formula characters, which allows an attacker to inject malicious formulas that execute when the CSV is opened, enabling data exfiltration or remote...

CVE-2025-42904

The CVE-2025-42904 entry describes an Information Disclosure vulnerability in SAP Application Server ABAP: an authenticated attacker could read unmasked values displayed in ABAP Lists, leading to high confidentiality impact with no listed impact on integrity or availability. Practically, this con...

CVE-2025-42904 Information Disclosure vulnerability in Application Server ABAP

Due to an Information Disclosure vulnerability in Application Server ABAP, an authenticated attacker could read unmasked values displayed in ABAP Lists. Successful exploitation could lead to unauthorized disclosure of data, resulting in a high impact on confidentiality without affecting integrity...

EUVD-2025-201827

matrix-sdk-base is the base component to build a Matrix client library. Versions 0.14.1 and prior are unable to handle responses that include custom m.room.joinrules values due to a serialization bug. This can be exploited to cause a denial-of-service condition, if a user is invited to a room wit...

EUVD-2025-201791

Fiber Utils is a collection of common functions created for Fiber. In versions 2.0.0-rc.3 and below, when the system's cryptographic random number generator crypto/rand fails, both functions silently fall back to returning predictable UUID values, including the zero UUID...

CVE-2025-66565

Fiber Utils (github.com/gofiber/utils) has a vulnerability in UUIDv4() and UUID() where crypto/rand.Read() failures trigger silent fallbacks to predictable UUID values, including the zero UUID 00000000-0000-0000-0000-000000000000. This root cause affects versions up to 2.0.0-rc.3; the issue is fi...

CVE-2023-53843 net: openvswitch: reject negative ifindex

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: reject negative ifindex Recent changes in net-next commit 759ab1edb56c "net: store netdevs in an xarray" refactored the handling of pre-assigned ifindexes and let syzbot surface a latent problem in ovs. ovs does...

Amazon Linux 2023 : amd-ucode-firmware, iwl100-firmware, iwl105-firmware (ALAS2023-2025-1307)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1307 advisory. Improper isolation of shared resources on a system on a chip by a malicious local attacker with high privileges could potentially lead to a partial loss of integrity. CVE-2025-54514 Improper...

GHSA-JJ6P-3M75-G2P3 matrix-sdk-base denial of service via custom m.room.join_rules event values

The matrix-sdk-base crate is unable to handle responses that include custom m.room.joinrules values due to a serialization bug. This can be exploited to cause a denial-of-service condition, if a user is invited to a room with non-standard join rules, the crate's sync process will stall, preventin...

CVE-2025-14229 SourceCodester Inventory Management System SVC Report Export csv injection

A security vulnerability has been detected in SourceCodester Inventory Management System 1.0. The affected element is an unknown function of the component SVC Report Export. Such manipulation leads to csv injection. It is possible to launch the attack remotely. The exploit has been disclosed...

CVE-2025-14229

CVE-2025-14229 affects SourceCodester Inventory Management System 1.0, targeting the SVC Report Export component. The vulnerability arises from a manipulation that enables CSV injection , with remote feasibility and a publicly disclosed exploit. Public sources consistently describe the issue but ...

CVE-2025-14186 Grandstream GXP1625 Network Status api.values.post cross site scripting

A security flaw has been discovered in Grandstream GXP1625 1.0.7.4. The impacted element is an unknown function of the file /cgi-bin/api.values.post of the component Network Status Page. Performing manipulation of the argument vpnip results in basic cross site scripting. Remote exploitation of th...

CVE-2025-14186 Grandstream GXP1625 Network Status api.values.post cross site scripting

A security flaw has been discovered in Grandstream GXP1625 1.0.7.4. The impacted element is an unknown function of the file /cgi-bin/api.values.post of the component Network Status Page. Performing manipulation of the argument vpnip results in basic cross site scripting. Remote exploitation of th...

PT-2025-49397

A security flaw has been discovered in Grandstream GXP1625 1.0.7.4. The impacted element is an unknown function of the file /cgi-bin/api.values.post of the component Network Status Page. Performing manipulation of the argument vpn ip results in basic cross site scripting. Remote exploitation of t...