CVE-2025-8233

A vulnerability has been found in code-projects Online Ordering System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/user.php. The manipulation of the argument un leads to sql injection. The attack can be launched remotely. The explo...

CVE-2025-7382

A command injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR2 21.0.2 can lead to adjacent attackers achieving pre-auth code execution on High Availability HA auxiliary devices, if OTP authentication for the admin user is enabled...

CVE-2025-6719 Terms descriptions <= 3.4.8 - Authenticated (Admin+) Stored Cross-Site Scripting

The Terms descriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

Unspecified Vulnerability in Tenable Agent

Tenable Agent is a vulnerability scanning program from Tenable USA. Tenable Agent suffers from a security vulnerability that originates from a non-administrative user being able to overwrite arbitrary local system files with SYSTEM privileges. No details of the vulnerability are provided at this...

Tenable Agent Elevation of Privilege Vulnerability

Tenable Agent is a vulnerability scanning program from Tenable USA. Tenable Agent has an elevation of privilege vulnerability, which originates from a non-administrative user deleting arbitrary local system files with SYSTEM privileges, and can be exploited by an attacker to tamper with the syste...

CVE-2025-7542

A vulnerability was found in PHPGurukul User Registration & Login and User Management System 3.3 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/user-profile.php. The manipulation of the argument uid leads to sql injection. The attack may be...

Palo Alto Networks GlobalProtect app 安全漏洞

Palo Alto Networks GlobalProtect app is a network protection software from Palo Alto Networks, Inc. A security vulnerability exists in the Palo Alto Networks GlobalProtect app that stems from an improperly assigned privilege, which could result in a locally authenticated non-administrative user...

📄 Microsoft AutoUpdate Privilege Escalation

Microsoft AutoUpdate MAU suffers from a privilege escalation vulnerability. Titles: CVE-2025-47968-Core-Logic Microsoft AutoUpdate MAU Elevation of Privilege Vulnerability Author: nu11secur1ty Date: 07/03/2025 Vendor: https://www.microsoft.com/en-us Software:...

CVE-2025-24332

Nokia Single RAN AirScale baseband prior to 23R4-SR 3.0 MP is affected. An authenticated administrative user can move laterally across baseband boards via the internal bsoc SSH over the baseband backplane, using an SSH private key on the baseband system board, without re-authentication. This effe...

CVE-2025-52880

Komga is a media server for comics, mangas, BDs, magazines and eBooks. A Cross-Site Scripting XSS vulnerability has been discovered in versions 1.8.0 through 1.21.3 when serving EPUB resources, either directly from the API, or when reading using the epub reader. The vulnerability lets an attacker...

CVE-2025-6512

On a client with a non-admin user, a script can be integrated into a report. The reports could later be executed on the BRAIN2 server with administrator rights...

CVE-2025-52880

Komga is a media server for comics, mangas, BDs, magazines and eBooks. A Cross-Site Scripting XSS vulnerability has been discovered in versions 1.8.0 through 1.21.3 when serving EPUB resources, either directly from the API, or when reading using the epub reader. The vulnerability lets an attacker...

CVE-2025-52880

Komga (media server for comics/manga/eBooks) has a documented XSS vulnerability in EPUB handling affecting versions 1.8.0–1.21.3. The flaw lets an attacker perform actions on the victim via crafted EPUBs, and when an admin user is targeted, it can combine with server-side commands to achieve arbi...

CVE-2025-52880 Komga Vulnerable to Arbitrary Code Execution via Crafted EPUB File

Komga is a media server for comics, mangas, BDs, magazines and eBooks. A Cross-Site Scripting XSS vulnerability has been discovered in versions 1.8.0 through 1.21.3 when serving EPUB resources, either directly from the API, or when reading using the epub reader. The vulnerability lets an attacker...

CVE-2025-52880 Komga Vulnerable to Arbitrary Code Execution via Crafted EPUB File

Komga is a media server for comics, mangas, BDs, magazines and eBooks. A Cross-Site Scripting XSS vulnerability has been discovered in versions 1.8.0 through 1.21.3 when serving EPUB resources, either directly from the API, or when reading using the epub reader. The vulnerability lets an attacker...

CVE-2025-6512 Scripts within reports executable on BRAIN2 Server

On a client with a non-admin user, a script can be integrated into a report. The reports could later be executed on the BRAIN2 server with administrator rights...

CVE-2025-6512 Scripts within reports executable on BRAIN2 Server

On a client with a non-admin user, a script can be integrated into a report. The reports could later be executed on the BRAIN2 server with administrator rights...

idm:DL1 security update

bind-dyndb-ldap 11.6-6 - Fix rpminspect warnings Resolves: RHEL-22497 custodia ipa 4.9.13-18.0.1 - Set IPAPLATFORM=rhel when build on Oracle Linux Orabug: 29516674 4.9.13-18 - Set krbCanonicalName admin@REALM on the admin user Resolves: RHEL-89895 4.9.13-17 - kdb: keeep ipadbgetconnection from...

CVE-2025-6050

Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting XSS vulnerability in the admin interface. The vulnerability exists in the "displayablelinksjs" function, which fails to properly sanitize blog post titles before including them in JSON responses served via...

CVE-2025-5209 Ivory Search < 5.5.10 - Admin+ Stored XSS

The Ivory Search WordPress plugin before 5.5.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...