BIT-MOODLE-2024-33999 moodle: unsafe direct use of $_SERVER['HTTP_REFERER'] in admin/tool/mfa/index.php

The referrer URL used by MFA required additional sanitizing, rather than being used directly...

CVE-2025-5129

creationtimestamp| type| source ---|---|--- 2025-05-24 16:45:17+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/17492 2025-05-24 16:52:14+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lpwm53hixkj2 2025-05-24...

OESA-2025-1558 bind security update

BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...

CVE-2024-23275

A race condition was addressed with additional validation. This issue is fixed in macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to access protected user data...

CVE-2024-44229

An information leakage was addressed with additional validation. This issue is fixed in Safari 18.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, visionOS 2.1. Private browsing may leak some browsing history...

CVE-2023-0643

Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0...

CVE-2022-29172

Auth0 is an authentication broker that supports both social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce. In versions before 11.33.0, when the “additional signup fields” feature is configured, a malicious actor can inject invalidated HTML code...

CVE-2022-39114

In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed...

CVE-2022-39093

In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed...

CVE-2021-39631

In cleardatadlgtext of strings.xml, there is a possible situation when "Clear storage" functionality sets up the wrong security/privacy expectations due to a misleading message. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not...

CVE-1999-0339

Buffer overflow in the libauth library in Solaris allows local users to gain additional privileges, possibly root access...

CVE-2025-48414

There are several scripts in the web interface that are accessible via undocumented hard-coded credentials. The scripts provide access to additional administrative/debug functionality and are likely intended for debugging during development and provides an additional attack surface...

CVE-2025-48251

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Additional Custom Emails & Recipients for WooCommerce custom-emails-for-woocommerce allows Stored XSS.This issue affects Additional Custom Emails & Recipients for WooCommerce: from n/a...

WordPress plugin Additional Custom Emails & Recipients for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

PT-2025-21779 · Unknown · Tiiwee X1 Alarm System

Name of the Vulnerable Software and Affected Versions: Tiiwee X1 Alarm System version TWX1HAKV2 Description: The issue allows for authentication bypass through capture-replay, resulting in physical access to protected facilities without triggering an alarm. Recommendations: For Tiiwee X1 Alarm...

Security Bulletin: Vulnerabilities in Pivota Spring Framework, VMware Tanzu Spring Framework, VMware Spring Framework might affect IBM Storage Defender Copy Data Management.

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Pivota Spring Framework, VMware Tanzu Spring Framework, VMware Spring Framework. Vulnerabilities include an attacker and remote attacker could exploit these vulnerabilities to execute arbitrary code on the...

CVE-2025-31244

A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.5. An app may be able to break out of its sandbox...

CVE-2025-31244

CVE-2025-31244 affects macOS Sequoia 15.5 where a file quarantine bypass could allow a sandbox to be broken. The Apple advisory records the issue as a quarantine bypass addressed with additional checks and fixed in macOS Sequoia 15.5 (the description explicitly notes the sandbox bypass risk and t...

CVE-2025-30448

This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.4, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, visionOS 2.5. An attacker may be able to turn on sharing of an iCloud folder without authentication...

CVE-2025-24220

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4. An app may be able to read a persistent device identifier...