PT-2025-15971 · Videx · Videx Cyberaudit-Web

Name of the Vulnerable Software and Affected Versions: Videx CyberAudit-Web versions prior to 1.1.3 Description: A Server-Side Request Forgery SSRF vulnerability was discovered in the videx-legacy-ssl web service of Videx’s CyberAudit-Web. This issue could lead to unauthorized access to the...

WordPress Easyfonts plugin <= 1.1.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Thi Huyen Trang - Skalucy in WordPress Plugin Easyfonts versions = 1.1.2...

PT-2025-15762 · Microsoft · Windows Live Writer

Name of the Vulnerable Software and Affected Versions: Windows Live Writer versions 0.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application,...

CVE-2025-32017

CVE-2025-32017 – Umbraco CMS : A path traversal vulnerability in the management API allows authenticated backoffice users to upload files to unintended locations in Umbraco 14+ installations. Root cause is insufficient validation in the management API, enabling uploads to incorrect paths. Affecte...

PT-2025-15913 · Sonicwall · Sonicwall Netextender

Name of the Vulnerable Software and Affected Versions: SonicWall NetExtender versions affected versions not specified Description: A local privilege escalation vulnerability in the SonicWall NetExtender Windows client allows an attacker to trigger an arbitrary file deletion. This issue is related...

PT-2025-15311 · Unknown · Hailey888 Oa System

Name of the Vulnerable Software and Affected Versions: hailey888 oa system versions up to 2025.01.01 Description: A vulnerability has been found in the function outAddress of the file cn/gson/oass/controller/address/AddrController.java of the component Backend. The manipulation of the argument...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service [CVE-2024-21538]

Summary Node.js module cross-spawn is used by IBM App Connect Enterprise Certified Container when handling internal metrics. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability ...

PT-2025-15276 · Unknown · Pcman Ftp Server

Name of the Vulnerable Software and Affected Versions: PCMan FTP Server version 2.0.7 Description: A critical issue was found in the EPSV Command Handler component, which can be exploited remotely. The manipulation leads to a buffer overflow. The issue has been publicly disclosed. Recommendations...

CVE-2025-31487

The XWiki JIRA extension provides various integration points between XWiki and JIRA macros, UI, CKEditor plugin. If the JIRA macro is installed, any logged in XWiki user could edit his/her user profile wiki page and use that JIRA macro, specifying a fake JIRA URL that returns an XML specifying a...

GHSA-WC53-4255-GW3F The XWiki JIRA extension allows data leak through an XXE attack by using a fake JIRA server

Impact If the JIRA macro is installed, any logged in XWiki user could edit his/her user profile wiki page and use that JIRA macro, specifying a fake JIRA URL that returns an XML specifying a DOCTYPE pointing to a local file on the XWiki server host and displaying that file's content in one of the...

PT-2025-14860 · Unknown · Phpgurukul E-Diary Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul e-Diary Management System version 1.0 Description: A critical issue affects an unknown part of the /password-recovery.php file. The manipulation of the username or contactno argument leads to SQL injection. It is possible to initia...

PT-2025-14880 · Unknown · Phpgurukul Online Fire Reporting System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Fire Reporting System version 1.2 Description: A critical issue has been found in the PHPGurukul Online Fire Reporting System. The problem affects some unknown functionality of the file /admin/search.php. The manipulation of...

wonderwork.ucoz.com Cross Site Scripting vulnerability OBB-4042103

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2025-31487

The XWiki JIRA extension provides various integration points between XWiki and JIRA macros, UI, CKEditor plugin. If the JIRA macro is installed, any logged in XWiki user could edit his/her user profile wiki page and use that JIRA macro, specifying a fake JIRA URL that returns an XML specifying a...

CVE-2025-31487 The XWiki JIRA extension allows data leak through an XXE attack by using a fake JIRA server

The XWiki JIRA extension provides various integration points between XWiki and JIRA macros, UI, CKEditor plugin. If the JIRA macro is installed, any logged in XWiki user could edit his/her user profile wiki page and use that JIRA macro, specifying a fake JIRA URL that returns an XML specifying a...

CVE-2025-31487 The XWiki JIRA extension allows data leak through an XXE attack by using a fake JIRA server

The XWiki JIRA extension provides various integration points between XWiki and JIRA macros, UI, CKEditor plugin. If the JIRA macro is installed, any logged in XWiki user could edit his/her user profile wiki page and use that JIRA macro, specifying a fake JIRA URL that returns an XML specifying a...

DSA-5891-1 thunderbird - security update

Bulletin has no description...

CVE-2025-31137

React Router is a multi-strategy router for React bridging the gap from React 18 to React 19. There is a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an...

zeger.org Cross Site Scripting vulnerability OBB-4041645

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2025-21982 pinctrl: nuvoton: npcm8xx: Add NULL check in npcm8xx_gpio_fw

In the Linux kernel, the following vulnerability has been resolved: pinctrl: nuvoton: npcm8xx: Add NULL check in npcm8xxgpiofw devmkasprintf calls can return null pointers on failure. But the return values were not checked in npcm8xxgpiofw. Add NULL check in npcm8xxgpiofw, to handle kernel NULL...