CVE-2025-68953

Frappe is a full-stack web application framework. Versions 14.99.5 and below and 15.0.0 through 15.80.1 include requests that are vulnerable to path traversal attacks. Arbitrary files from the server could be retrieved due to a lack of proper sanitization on some requests. This issue is fixed in...

CVE-2025-25364

A command injection vulnerability in the me.connectify.SMJobBlessHelper XPC service of Speedify VPN up to v15.0.0 allows attackers to execute arbitrary commands with root-level privileges...

EUVD-2025-28350

Malicious code in bioql PyPI...

Next.js 安全漏洞

Next.js is a React framework open-sourced by Vercel. A security vulnerability exists in Next.js versions prior to 14.2.31 and 15.0.0 through 15.4.5, which stems from cache key obfuscation and could lead to unauthorized user access...

Access Control Bypass

Overview @koa/router is a Affected versions of this package are vulnerable to Access Control Bypass. due to the middleware being silently dropped from the execution chain when the router prefix contains path parameters. Depending on what the skipped middleware was supposed to protect, an attacker...

CVE-2025-50012

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fridaysystems Inventory Presser inventory-presser allows Stored XSS.This issue affects Inventory Presser: from n/a through = 15.2.6...

ImaginAIry 资源管理错误漏洞

ImaginAIry is a Pythonic AI image and video generating application by Bryce Drennan Personal Developer. A resource management error vulnerability exists in ImaginAIry version 15.0.0 that originates from an unauthenticated request and could lead to a denial of service attack...

Improper Authorization

Overview dolibarr/dolibarr is a modern and easy to use web software to manage your business. Affected versions of this package are vulnerable to Improper Authorization via direct URL access. An attacker can view sensitive reception details by accessing specific URLs without the required...

PT-2024-11006 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr versions prior to the 'develop' branch Dolibarr versions prior to 15.0.0 Dolibarr versions prior to 63cd063 Description: An Improper Authorization issue exists, allowing a user with restricted permissions in the 'Reception' section t...

CVE-2024-47819 Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section

Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerability starting in version 14.0.0 and prior to versions 14.3.1 and 15.0.0. This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the...

CVE-2024-47819 Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section

Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerability starting in version 14.0.0 and prior to versions 14.3.1 and 15.0.0. This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the...

Security Bulletin: Control Access issues in PCOMM

Summary There is a vulnerability in IBM Person CommunicationsPCOMM . Person Communications has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-37410 DESCRIPTION: IBM Personal Communications could allow a local user to escalate their privileges to the SYSTEM user due to overly...

PT-2023-30001 · Audimex · Audimex

Name of the Vulnerable Software and Affected Versions: Audimex version 15.0.0 Description: The issue concerns Cross Site Scripting XSS in the /audimex/cgi-bin/wal.fcgi endpoint via the company parameter in search filters. Recommendations: For Audimex version 15.0.0, as a temporary workaround,...

Audimex AG AudimexEE Cross-Site Scripting Vulnerability

Audimex AG AudimexEE is a system for audit management from Audimex Ag, Germany. The system meets complex audit processes around a company's business, supports customization for use and is deployed platform-independently. A cross-site scripting vulnerability exists in Audimex version 15.0.0, which...

MAL-2023-1565 Malicious code in hardhat-contract (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3593917b9125465c1d3c5d6b38c62a9819d7590aea1522bdcf400ffef560a9b7 The OpenSSF Package Analysis project identified 'hardhat-contract' @ 15.0.0 npm as malicious. It is considered malicious because: - The package...

CVE-2023-28444 angular-server-side-configuration information disclosure vulnerability in monorepo with node.js backend

angular-server-side-configuration helps configure an angular application at runtime on the server or in a docker container via environment variables. angular-server-side-configuration detects used environment variables in TypeScript .ts files during build time of an Angular CLI project. The...

CVE-2020-5881

On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when the BIG-IP Virtual Edition VE is configured with VLAN groups and there are devices configured with OSPF connected to it, the Network Device Abstraction Layer NDAL Interfaces can lock up and in turn disrupting the communicatio...

Code injection

On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when the BIG-IP Virtual Edition VE is configured with VLAN groups and there are devices configured with OSPF connected to it, the Network Device Abstraction Layer NDAL Interfaces can lock up and in turn disrupting the communicatio...

Design/Logic Flaw

On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.3, Traffic Management Microkernel TMM may restart on BIG-IP Virtual Edition VE while processing unusual IP traffic...

PT-2020-14901

Name of the Vulnerable Software and Affected Versions Ceph versions 14.2.5 through 14.2.6 Ceph version 15.0.0 Description A path traversal flaw was found in the Ceph dashboard, allowing an unauthenticated attacker to cause information disclosure on the host machine running the Ceph dashboard...