PT-2025-14871 · Tenda · Tenda Fh1202

Name of the Vulnerable Software and Affected Versions: Tenda FH1202 version 1.2.0.14408 Description: A critical issue affects the Web Management Interface component, specifically the /goform/VirSerDMZ file, leading to improper access controls. The attack can be initiated remotely. Recommendations...

zinkinfobenelux.com Cross Site Scripting vulnerability OBB-4041328

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

PT-2025-13633 · Hewlett Packard · Hpe Insight Cluster Management Utility

Name of the Vulnerable Software and Affected Versions: HPE Insight Cluster Management Utility CMU version 8.2 Description: The issue is related to an unauthenticated Remote Code Execution RCE vulnerability in HPE Insight Cluster Management Utility CMU. This vulnerability allows unauthenticated...

RHEL 8 : container-tools:rhel8 (RHSA-2025:3210)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3210 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes:...

CVE-2025-22870 affecting package azcopy for versions less than 10.25.1-4

CVE-2025-22870 affecting package azcopy for versions less than 10.25.1-4. A patched version of the package is available...

CVE-2023-52976

In the Linux kernel, the following vulnerability has been resolved: efi: fix potential NULL deref in efimemreservepersistent When iterating on a linked list, a result of memremap is dereferenced without checking it for NULL. This patch adds a check that falls back on allocating a new page in case...

CVE-2022-49760 mm/hugetlb: fix PTE marker handling in hugetlb_change_protection()

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix PTE marker handling in hugetlbchangeprotection Patch series "mm/hugetlb: uffd-wp fixes for hugetlbchangeprotection". Playing with virtio-mem and background snapshots using uffd-wp on hugetlb in QEMU, I managed to...

CVE-2022-49744 mm/uffd: fix pte marker when fork() without fork event

In the Linux kernel, the following vulnerability has been resolved: mm/uffd: fix pte marker when fork without fork event Patch series "mm: Fixes on pte markers". Patch 1 resolves the syzkiller report from Pengfei. Patch 2 further harden pte markers when used with the recent swapin error markers...

CVE-2022-49740

CVE-2022-49740 concerns the Linux kernel brcmfmac driver. The vulnerability arises when the device-provided channel spec count exceeds the allocated list length in brcmf_construct_chaninfo() and brcmf_enable_bw40_2g(), causing slab-out-of-bounds reads. The patch adds bounds checks so these functi...

PT-2025-24369 · Quantenna · Quantenna Wi-Fi Chipset

Name of the Vulnerable Software and Affected Versions: Quantenna Wi-Fi chipset versions prior to 8.0.0.28 Description: The Quantenna Wi-Fi chipset contains a local control script, router command.sh, that is vulnerable to command injection. This issue is an instance of improper neutralization of...

Pitchfork HTTP Request/Response Splitting vulnerability

Impact HTTP Response Header Injection in Pitchfork Versions 0.11.0 when used in conjunction with Rack 3 Patches The issue was fixed in Pitchfork release 0.11.0 Workarounds There are no known work arounds. Users must upgrade...

CVE-2025-29789

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.3.0 are vulnerable to Directory Traversal in the Load Code feature. Version 7.3.0 contains a patch for the issue...

CVE-2025-29789 OpenEMR Has Directory Traversal in Load Code feature

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.3.0 are vulnerable to Directory Traversal in the Load Code feature. Version 7.3.0 contains a patch for the issue...

CVE-2025-30213

Frappe is a full-stack web application framework. Prior to versions 14.91.0 and 15.52.0, a system user was able to create certain documents in a specific way that could lead to remote code execution. Versions 14.9.1 and 15.52.0 contain a patch for the vulnerability. There's no workaround; an...

SUSE-SU-2025:1004-1 Security update for python-Jinja2

This update for python-Jinja2 fixes the following issues: - CVE-2025-27516: Fixed sandbox breakout through attr filter selecting format method bsc1238879...

PT-2025-13440 · Unknown · Choco Tei Watcher Mini

Name of the Vulnerable Software and Affected Versions: CHOCO TEI WATCHER mini IB-MCT001 all versions Description: A Direct request 'Forced Browsing' issue exists, allowing a remote attacker to send a specially crafted HTTP request to obtain or delete product data, and/or alter product settings...

CVE-2025-29778

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were...

PT-2025-12669 · Kentico · Kentico Xperience

Name of the Vulnerable Software and Affected Versions: Kentico Xperience versions through 13.0.178 Description: An authentication bypass issue in Kentico Xperience allows attackers to bypass authentication via the Staging Sync Server component's password handling for the server-defined None type...

RHEL 8 : kpatch-patch-4_18_0-477_43_1, kpatch-patch-4_18_0-477_67_1, kpatch-patch-4_18_0-477_81_1, and kpatch-patch-4_18_0-477_89_1 (RHSA-2025:3094)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3094 advisory. This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patch module i...

Critical GitHub Attack

This is serious: A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical CI/CD secrets across tens of thousands of repositories. The attack, which originally targeted the widely used “tj-actions/changed-files” utility, is now believed to have...