KLA91049 DoS vulnerability in PostgreSQL

Heap buffer overflow vulnerability was found in PostgreSQL. Malicious users can exploit this vulnerability to cause denial of service. Original advisories PostgreSQL pgrestoreattributestats accepts values that cause query planning to read past end of stats array Exploitation Related products...

Security Bulletin: IBM SPSS Modeler is vulnerabile to SSL private key exposure (CVE-2023-33842)

Summary An SSL private key exposure in IBM SPSS Modeler could allow a local user to decrypt and obtain sensitive information Vulnerability Details CVEID:CVE-2023-33842 DESCRIPTION: IBM SPSS Modeler on Windows requires the end user to have access to the server SSL key which could allow a local use...

PT-2026-1714

Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.4 through 18.5.4 GitLab EE versions 18.6 through 18.6.2 GitLab EE versions 18.7 through 18.7.0 Description An authenticated user could potentially access and utilize AI model settings from unauthorized namespaces. This...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab EE versions 18.4 before 18.4.4 and...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab EE versions 18.1 through 18.3 prior ...

EUVD-2025-35954

GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.3, and 18.5 before 18.5.1 that under certain conditions could have allowed authenticated users to gain unauthorized project access by exploiting the access request approval workflow...

CVE-2025-10004 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.12 to 18.2.8, 18.3 to 18.3.4, and 18.4 to 18.4.2 that could make the GitLab instance unresponsive or severely degraded by sending crafted GraphQL queries requesting large repository blobs...

BIT-GITLAB-2025-10868 Business Logic Errors in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.4 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 where certain string conversion methods exhibit performance degradation with large inputs...

CVE-2025-30466

This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4. A website may be able to bypass Same Origin Policy...

SUSE CVE-2025-24208

A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4. Loading a malicious iframe may lead to a cross-site scripting attack...

CVE-2025-30434

The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.4 and iPadOS 18.4. Processing a maliciously crafted file may lead to a cross site scripting attack...

Apple iOS < 18.4 Multiple Vulnerabilities (122371)

Binary data appleios184check.nbin...

PT-2025-13964 · Apple · Ios +1

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 18.4 iPadOS versions prior to 18.4 iPadOS versions prior to 17.7.6 Description: The issue allows photos in the Hidden Photos Album to be viewed without authentication. This was addressed through improved state management...

PT-2022-1478 · Juniper Networks · Junos

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions 17.3R3-S9 through 17.3R3-S12 Juniper Networks Junos OS versions 17.4R3-S3 through 17.4R3-S5 Juniper Networks Junos OS versions 18.1R3-S11 through 18.1R3-S13 Juniper Networks Junos OS versions 18.2R3-S6 and...

CVE-2021-40751

Adobe After Effects version 18.4 and earlier is affected by a memory corruption vulnerability due to insecure handling of a malicious .m4a file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a...

CVE-2021-40752

Adobe After Effects version 18.4 and earlier is affected by a memory corruption vulnerability due to insecure handling of a malicious .m4a file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a...

Juniper Junos OS Vulnerability (JSA11129)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA11129 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C Tenable Network Security, Inc...

CVE-2020-1664 Junos OS: Buffer overflow vulnerability in device control daemon

A stack buffer overflow vulnerability in the device control daemon DCD on Juniper Networks Junos OS allows a low privilege local user to create a Denial of Service DoS against the daemon or execute arbitrary code in the system with root privilege. This issue affects Juniper Networks Junos OS: 17....

Tiki Wiki CMS Groupware <= 18.4 XSS Vulnerability

Tiki Wiki CMS Groupware is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Default credentials

Open Dental before version 18.4 installs a mysql database and uses the default credentials of "root" with a blank password. This allows anyone on the network with access to the server to access all database information...