43 matches found
PT-2026-39589
Path traversal vulnerability exists in GROWI v7.5.0 and earlier, which may allow an attacker to execute arbitrary EJS templates on the server when an email server is running in GROWI...
GHSA-2P6R-X3VV-XQM2 rpassword affected by partial password reveal when input is interrupted
rpassword maintainers were made aware of a possible issue with a partial password reveal when input is interrupted. To quote @squell: @conradkleinespel I've confirmed this problem with SequoiaPGP, which I think uses rpassword, e.g.: Suppose we use pkill -9 sq in a different terminal right after t...
Fedora 43 : squid (2026-e6a4814a4d)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-e6a4814a4d advisory. - new version 7.5 - security update Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Ness...
Important: squid
Issue Overview: Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expected lifetime and heap Use-After-Free bugs, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable a...
PT-2026-31650
Lychee is a free, open-source photo-management tool. Prior to 7.5.4, a SQL operator-precedence bug in SharingController::listAll causes the orWhereNotNull'user group id' clause to escape the ownership filter applied by the when block. Any authenticated non-admin user with upload permission who ow...
CVE-2026-33526
Summary (CVE-2026-33526): Squid before version 7.5 is vulnerable to a Denial of Service via a heap Use-After-Free in ICP traffic handling. The attack requires an ICP-enabled deployment (non-zero icp_port) and remote elicitation, and is described as reliable and repeatable for causing service disr...
CVE-2026-32748
Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expected lifetime and heap Use-After-Free bugs, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable...
CVE-2025-13995 IBM QRadar SIEM Information Disclosure
IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 could allow an attacker with access to one tenant to access hostname data from another tenant's account...
EUVD-2026-10403
node-tar Symlink Path Traversal via Drive-Relative Linkpath...
CVE-2026-29786
node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x extraction. Th...
CVE-2020-37081
Fishing Reservation System 7.5 contains multiple remote SQL injection vulnerabilities in admin.php, cart.php, and calendar.php that allow attackers to inject malicious SQL commands. Attackers can exploit vulnerable parameters like uid, pid, type, m, y, and code to compromise the database manageme...
WordPress WPBakery Visual Composer plugin <= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Heading tag attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Custom Heading tag attribute vulnerability discovered by Nikolas - mdr in WordPress Plugin WPBakery Page Builder versions = 7.5...
PT-2026-5047
Name of the Vulnerable Software and Affected Versions node-tar versions prior to 7.5.7 Description The node-tar software has an issue where the security check for hardlink entries uses different path resolution logic than the actual hardlink creation process. This discrepancy allows a malicious T...
Security Bulletin: IBM QRadar SIEM is affected by an information disclosure vulnerability
Summary IBM QRadar SIEM is affected by an information disclosure vulnerability involving exposure of directory information. IBM has addressed this vulnerability in the latest update. Vulnerability Details CVEID:CVE-2024-56464 DESCRIPTION: IBM QRadar SIEM could allow a privileged user to enumerate...
CVE-2025-33119
IBM QRadar SIEM 7.5 through 7.5.0 UP14 stores user credentials in configuration files in source control which can be read by an authenticated user...
CVE-2025-64118 node-tar vulnerable to race condition leading to uninitialized memory exposure
node-tar is a Tar for Node.js. In 7.5.1, using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2...
CVE-2025-58939
This CVE describes a CSRF vulnerability in the WordPress plugin Super Store Finder (superstorefinder-wp) up to and including version 7.5. The issue enables CSRF attacks, allowing actions to be performed on behalf of authenticated users without proper authorization. Root cause details indicate a C...
VulnCheck KEV: CVE-2025-12450
The LiteSpeed Cache plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 7.5.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...
EUVD-2025-27703
Malicious code in bioql PyPI...
Minor update(7) for Vivaldi Android Browser 7.5
Head to the Google Play Store and download the browser. Alternatively, you can download Vivaldi from Uptodown, the Android app store. Your rating for our browser matters. ⭐️ ⭐️ ⭐️ ⭐️ ⭐️ Enjoy! Changelog The following is a list of changes since the sixth 7.5 stable, minor update: Upgraded to...