PT-2025-27882 · Woocommerce · Zoomit Woocommerce Shop Page Builder

Name of the Vulnerable Software and Affected Versions: ZoomIt WooCommerce Shop Page Builder versions 2.27.7 and earlier Description: The issue is related to a Missing Authorization vulnerability in ZoomIt WooCommerce Shop Page Builder, which allows exploiting incorrectly configured access control...

CVE-2025-53367 DjVuLibre OOB-Write Vulnerability in MMRDecoder

DjVuLibre is a GPL implementation of DjVu, a web-centric format for distributing documents and images. Prior to version 3.5.29, the MMRDecoder::scanruns method is affected by an OOB-write vulnerability, because it does not check that the xr pointer stays within the bounds of the allocated buffer...

CVE-2025-53006 Dataease PostgreSQL & Redshift Data Source JDBC Connection Parameters Bypass Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, in both PostgreSQL and Redshift, apart from parameters like "socketfactory" and "socketfactoryarg", there are also "sslfactory" and "sslfactoryarg" with similar functionality. The difference li...

CVE-2025-27153

Escalade GLPI plugin is a ticket escalation process helper for GLPI. Prior to version 2.9.11, there is an improper access control vulnerability. This can lead to data exposure and workflow disruptions. This issue has been patched in version 2.9.11...

CVE-2025-53103 JUnit OpenTestReportGeneratingListener can leak Git credentials

JUnit is a testing framework for Java and the JVM. From version 5.12.0 to 5.13.1, JUnit's support for writing Open Test Reporting XML files can leak Git credentials. The impact depends on the level of the access token exposed through the OpenTestReportGeneratingListener. If these test reports are...

CVE-2025-53100

The CVE-2025-53100 entry concerns RestDB codehooks-mcp-server (Codehooks.io MCP Server). Before version 0.2.2, the MCP Server tools definition/implementation allow user-initiated remote command injection, enabling a potential attacker to execute commands on a running MCP Server. The issue is stat...

CVE-2025-6297

It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and...

CVE-2024-49364 tiny-secp256k1 vulnerable to private key extraction when signing a malicious JSON-stringifyable message in bundled environment

tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a private key can be extracted on signing a malicious JSON-stringifiable object, when global Buffer is the buffer package. This affects only environments where require'buffer' is the NPM buffer package. The...

CVE-2025-53003 Janssen Config API returns results without scope verification

The Janssen Project is an open-source identity and access management IAM platform. Prior to version 1.8.0, the Config API returns results without scope verification. This has a large internal surface attack area that exposes all sorts of information from the IDP including clients, users, scripts...

CVE-2025-53005 Dataease PostgreSQL Data Source JDBC Connection Parameters Bypass Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's PostgreSQL Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has...

CVE-2025-53005 Dataease PostgreSQL Data Source JDBC Connection Parameters Bypass Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's PostgreSQL Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has...

PT-2025-27530 · Unknown · Campcodes Employee Management System

Name of the Vulnerable Software and Affected Versions: Campcodes Employee Management System version 1.0 Description: A critical vulnerability has been found in the Campcodes Employee Management System, affecting an unknown functionality of the file /applyleave.php. The manipulation of the ID...

CVE-2025-53004 Dataease Redshift Data Source JDBC Connection Parameters Bypass Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's Redshift Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has...

PT-2025-27387 · Sourcecodester · Sourcecodester Best Pos Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Best Salon Management System version 1.0 Description: A critical issue has been discovered, affecting an unknown functionality of the file /panel/edit-subscription.php. The manipulation of the editid argument leads to SQL...

SUSE SLES15 / openSUSE 15 Security Update : google-osconfig-agent (SUSE-SU-2025:02149-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:02149-1 advisory. - Update to version 20250416.02 bsc1244304, bsc1244503 defaultSleeper: tolerate 10% difference to reduce test flakiness Add...

CVE-2025-6775

The CVE-2025-6775 entry concerns xiaoyunjie openvpn-cms-flask (versions

PT-2025-26952

Name of the Vulnerable Software and Affected Versions: System Information Reporter SIR versions 1.0.3 and prior Description: A sensitive information exposure issue allows an authenticated non-admin local user to extract sensitive information stored in a registry backup folder. Recommendations: Fo...

CVE-2025-50178

GitForge.jl is a unified interface for interacting with Git "forges." Versions prior to 0.4.3 lack input validation for user provided values in certain functions. In the GitForge.getrepo function for GitHub, the user can provide any string for the owner and repo fields. These inputs are not...

WordPress Blogbyte Theme <= 1.1.1 is vulnerable to Local File Inclusion

Software Blogbyte Type Theme Vulnerable versions = 1.1.1 Fixed in 1.1.2 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-49275 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 149a2dc2444b Credits Le Ngoc Anh Required privilege Unauthenticated...

PT-2025-26937 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 10.7 through 17.11.5 GitLab CE/EE versions 18.0 through 18.0.3 GitLab CE/EE versions 18.1 through 18.1.1 Description: An issue has been discovered in GitLab CE/EE that could allow authenticated attackers to create a...