CVE-2025-10966 affecting package cmake for versions less than 3.30.3-12

CVE-2025-10966 affecting package cmake for versions less than 3.30.3-12. A patched version of the package is available...

CVE-2026-1299 affecting package python3 for versions less than 3.12.9-9

CVE-2026-1299 affecting package python3 for versions less than 3.12.9-9. A patched version of the package is available...

CVE-2025-40773

A vulnerability has been identified in SiPass integrated All versions V3.0. Affected server applications contains a broken access control vulnerability. The authorization mechanism lacks sufficient server-side checks, allowing an attacker to execute a specific API request. Successful exploitation...

CVE-2025-40772

A vulnerability has been identified in SiPass integrated All versions V3.0. Affected server applications are vulnerable to stored Cross-Site Scripting XSS, allowing an attacker to inject malicious code that can be executed by other users when they visit the affected page. Successful exploitation...

CVE-2025-9624

A vulnerability in OpenSearch allows attackers to cause Denial of Service DoS by submitting complex querystring inputs. This issue affects all OpenSearch versions between 3.0.0 and 3.3.0 and OpenSearch 2.19.4...

CVE-2025-40773

A vulnerability has been identified in SiPass integrated All versions V3.0. Affected server applications contains a broken access control vulnerability. The authorization mechanism lacks sufficient server-side checks, allowing an attacker to execute a specific API request. Successful exploitation...

EUVD-2025-24234

Malicious code in bioql PyPI...

EUVD-2025-24233

Malicious code in bioql PyPI...

CVE-2025-40769

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V3.0. The affected application uses a Content Security Policy that allows unsafe script execution methods. This could allow an attacker to execute unauthorized scripts, potentially leading to cross-site...

CVE-2025-40769

CVE-2025-40769 affects Siemens SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) prior to version 3.0. Root cause: a Content Security Policy that allows unsafe script execution methods, enabling potential cross-site scripting via unauthorized scripts. Impact is described as high for confidentiality, in...

CVE-2025-40768

CVE-2025-40768 affects Siemens SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) versions prior to 3.0. The vulnerability stems from the application exposing an internal service port that can be accessed from outside the system, potentially allowing an unauthorized attacker to access the application. P...

CVE-2025-30034

A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V3.3. Affected devices do not properly validate input sent to its listening port on the local loopback interface. This could allow an unauthenticated local attacker to cause a denial of service condition...

AZL-65154 CVE-2025-6395 affecting package gnutls for versions less than 3.7.11-4

A NULL pointer dereference flaw was found in the GnuTLS software in gnutlsfigurecommonciphersuite...

Drupal Mail Login module < 3.2.0,4.0.0-4.1.0 - Unauthenticated Broken Access Control vulnerability

Unauthenticated Broken Access Control vulnerability discovered by Ryugo Kinoshita dc-kinoshita in WordPress Module Mail Login versions 3.2.0,4.0.0-4.1.0...

CVE-2025-40568

A vulnerability has been identified in RUGGEDCOM RST2428P 6GK6242-6PA00 All versions V3.2, SCALANCE XCH328 6GK5328-4TS01-2EC2 All versions V3.2, SCALANCE XCM324 6GK5324-8TS01-2AC2 All versions V3.2, SCALANCE XCM328 6GK5328-4TS01-2AC2 All versions V3.2, SCALANCE XCM332 6GK5332-0GA01-2AC2 All...

CVE-2025-40567

A vulnerability has been identified in RUGGEDCOM RST2428P 6GK6242-6PA00 All versions V3.2, SCALANCE XCH328 6GK5328-4TS01-2EC2 All versions V3.2, SCALANCE XCM324 6GK5324-8TS01-2AC2 All versions V3.2, SCALANCE XCM328 6GK5328-4TS01-2AC2 All versions V3.2, SCALANCE XCM332 6GK5332-0GA01-2AC2 All...

CVE-2025-30938 WordPress Broadly for WordPress plugin <= 3.0.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in broadly Broadly for WordPress broadly allows Stored XSS.This issue affects Broadly for WordPress: from n/a through = 3.0.2...

AZL-62038 CVE-2025-5025 affecting package cmake for versions less than 3.30.3-6

libcurl supports pinning of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC...

WordPress Jetpack plugin < 3.4.8 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Marc Montpas in WordPress Plugin Jetpack Boost versions 3.4.8...

CVE-2025-31353

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UpdateOpcSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from a...