BELL-CVE-2025-54090

Bulletin has no description...

CVE-2025-7953 Sanluan PublicCMS viewer.html redirect

A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS up to 5.202506.a. This issue affects some unknown processing of the file publiccms-parent/publiccms/src/main/webapp/resource/plugins/pdfjs/viewer.html. The manipulation of the argument File leads to open...

CVE-2025-7949 Sanluan PublicCMS preview.html redirect

A vulnerability was found in Sanluan PublicCMS up to 5.202506.a. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file publiccms-parent/publiccms/src/main/resources/templates/admin/cmsDiy/preview.html. The manipulation of the argument url lead...

redis security update

6.2.19-1 - rebase to 6.2.19 for CVE-2025-32023 and CVE-2025-48367 6.2.18-1 - rebase to 6.2.18 for CVE-2025-21605 6.2.17-1 -- rebase to 6.2.17 for CVE-2024-46981 6.2.16-1 - rebase to 6.2.16 RHEL-26627...

CVE-2025-7865

CVE-2025-7865 affects thinkgem JeeSite up to version 5.12.0. The XSS Filter component’s EncodeUtils.java xssFilter function mishandles the text parameter, enabling cross-site scripting via remote manipulation. Exploit has been publicly disclosed; remediation involves applying patch 3585737d21fe49...

CVE-2025-7863 thinkgem JeeSite ServletUtils.java redirectUrl

A vulnerability was found in thinkgem JeeSite up to 5.12.0 and classified as problematic. Affected by this issue is the function redirectUrl of the file src/main/java/com/jeesite/common/web/http/ServletUtils.java. The manipulation of the argument url leads to open redirect. The attack may be...

CVE-2025-54068

Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is...

CVE-2024-25176 affecting package sysbench for versions less than 1.0.20-6

CVE-2024-25176 affecting package sysbench for versions less than 1.0.20-6. A patched version of the package is available...

CVE-2024-25178 affecting package sysbench for versions less than 1.0.20-6

CVE-2024-25178 affecting package sysbench for versions less than 1.0.20-6. A patched version of the package is available...

CVE-2024-12718 affecting package python3 for versions less than 3.9.19-14

CVE-2024-12718 affecting package python3 for versions less than 3.9.19-14. A patched version of the package is available...

CVE-2025-54068

Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is...

RHSA-2025:11321 Red Hat Security Advisory: iputils security update

Bulletin has no description...

CVE-2025-53908

RomM is affected by an authenticated path traversal vulnerability in the /api/raw endpoint. Versions prior to 3.10.3 and prior to 4.0.0-beta.3 are vulnerable. The issue can allow leakage of passwords and user data on systems with multiple users (including unprivileged users such as the kiosk user...

BIT-APACHE-2024-42516 Apache HTTP Server: HTTP response splitting

HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response. This vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP...

CVE-2025-50086

...

Oracle Linux 8 : lz4 (ELSA-2025-11035)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-11035 advisory. - Fix CVE-2019-17543 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not tested fo...

CVE-2025-53822

WeGIA (open source web manager) is affected by a Reflected XSS in the relatorio_geracao.php endpoint, via the tipo_relatorio parameter, for versions prior to 3.4.5. The underlying issue is lack of proper input filtering/escaping, enabling injection of arbitrary scripts. A fix is available in vers...

CVE-2025-53822 WeGIA vulnerable to Reflected Cross-Site Scripting in endpoint 'relatorio_geracao.php' parameter 'tipo_relatorio'

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the relatoriogeracao.php endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to...

RHEL 9 : kpatch-patch-5_14_0-284_104_1, kpatch-patch-5_14_0-284_117_1, kpatch-patch-5_14_0-284_52_1, kpatch-patch-5_14_0-284_79_1, and kpatch-patch-5_14_0-284_92_1 (RHSA-2025:10980)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:10980 advisory. This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patch module ...

UBUNTU-CVE-2025-7545

A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copysection of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the publ...