CVE-2025-14580 Qualitor viewDocumento.php cross site scripting

A security vulnerability has been detected in Qualitor up to 8.24.73. The impacted element is an unknown function of the file /Qualitor/html/bc/bcdocumento9/biblioteca/request/viewDocumento.php. Such manipulation of the argument cdscript leads to cross site scripting. It is possible to launch the...

XXE (XML External Entity Injection) org.apache.tika:tika-core Dependency in Crowd Data Center and Server

This is a vulnerability in a non-Atlassian Crowd dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This High severity XXE XML External Entity Injection vulnerability was introduced in versions 6.3.0, 6.3.1, 6.3.2, 7.1.0, and 7.1.1 of Crowd Data...

DoS (Denial of Service) path-to-regexp Dependency in Jira Service Management Data Center and Server

This High severity DoS Denial of Service vulnerability was introduced in versions 10.2.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Service Management Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

EulerOS 2.0 SP13 : cmake (EulerOS-SA-2025-2496)

According to the versions of the cmake packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was determined in cmake 4.1.20250725-gb5cce23. This affects the function cmForEachFunctionBlocker::ReplayItems of the file...

CVE-2025-14276

A vulnerability was determined in Ilevia EVE X1 Server up to 4.6.5.0.eden. Impacted is an unknown function of the file /ajax/php/leafsearch.php. This manipulation of the argument line causes command injection. The attack can be initiated remotely. A high degree of complexity is needed for the...

EUVD-2025-201816

A vulnerability was determined in Ilevia EVE X1 Server up to 4.6.5.0.eden. Impacted is an unknown function of the file /ajax/php/leafsearch.php. This manipulation of the argument line causes command injection. The attack can be initiated remotely. A high degree of complexity is needed for the...

CVE-2025-14276

A vulnerability was determined in Ilevia EVE X1 Server up to 4.6.5.0.eden. Impacted is an unknown function of the file /ajax/php/leafsearch.php. This manipulation of the argument line causes command injection. The attack can be initiated remotely. A high degree of complexity is needed for the...

CVE-2025-14276

CVE-2025-14276 affects Ilevia EVE X1 Server (versions up to 4.6.5.0.eden). The vulnerability is described as a command injection in an unknown function of the file /ajax/php/leaf_search.php, caused by manipulation of the argument line. It can be triggered remotely, with a high attack complexity a...

CVE-2025-14276 Ilevia EVE X1 Server leaf_search.php command injection

A vulnerability was determined in Ilevia EVE X1 Server up to 4.6.5.0.eden. Impacted is an unknown function of the file /ajax/php/leafsearch.php. This manipulation of the argument line causes command injection. The attack can be initiated remotely. A high degree of complexity is needed for the...

PT-2025-49597

A vulnerability was determined in Ilevia EVE X1 Server up to 4.6.5.0.eden. Impacted is an unknown function of the file /ajax/php/leaf search.php. This manipulation of the argument line causes command injection. The attack can be initiated remotely. A high degree of complexity is needed for the...

Debian dla-4393 : python-mako-doc - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4393 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4393-1 [email protected] https://www.debian.org/lts/security/...

CVE-2025-66200

moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are...

BIT-ACTIVEMQ-2025-27533 Apache ActiveMQ: Unchecked buffer length can cause excessive memory allocation

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling of OpenWire commands the size value of buffers was not properly validated which could lead to excessive memory allocation and be exploited to cause a denial of service DoS by depleting process memor...

[SECURITY] [DLA 4393-1] mako security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-4393-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta December 03, 2025 https://wiki.debian.org/LTS -...

Malicious code in stream-xor-chain (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc5f6f6ecd6b8dc9aa3f0b220d7281e20d4cdb8d668fad3b2eaf3d574b5c1803 The package stream-xor-chain was found to contain malicious code. Source: ghsa-malware 5fa72b796385b0370be584212f5220a4a6e6960e840a4e700b2df2f99e7be1...

Malicious Package

Overview nodenetbanxsdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

[SECURITY] [DLA 4386-1] sogo security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4386-1 [email protected] https://www.debian.org/lts/security/ Paride Legovini November 28, 2025 https://wiki.debian.org/LTS -...

JLSEC-2025-320 A vulnerability classified as problematic was found in libtiff 4.6.0

A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PSLvl2page of the file tools/tiff2ps.c of the component tiff2ps. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The complexity ...

[SECURITY] [DSA 6062-1] pdfminer security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6062-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 25, 2025 https://www.debian.org/security/faq -...

Malicious code in react-jam-icons (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 369fe7c56e5f271a31e023cbe36323fc11043fc4747d0309c5c48aaa1eedf822 The package react-jam-icons was found to contain malicious code. Source: ghsa-malware 1c50426946a6dd92cf360d347aa3ed8f15988f3655c7721aff8dd0b8ff8e946...