544 matches found
CVE-2025-30839
CVE-2025-30839 – Taxi Booking Manager for WooCommerce (Ecab) has a Missing Authorization vulnerability affecting versions from n/a up to 1.2.1. The issue arises from incorrectly configured access control security levels that permit unauthorized access or actions. The connected ENISA vulnerability...
PT-2025-13289 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to an incorrect offset calculation in the Linux kernel, specifically in the erofs/zmap.c file. This miscalculation resulted in the iomap-length being set to 0,...
PT-2025-12022 · Parisneo · Lollms-Webui
Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui versions v9.9 to the latest Description: The issue allows an attacker to list arbitrary directories on a Windows system by sending a specially crafted HTTP request to the "/open file" endpoint. This enables the attacker ...
GHSA-2865-HH9G-W894 Microsoft Security Advisory CVE-2025-24070: .NET Elevation of Privilege Vulnerability
Microsoft Security Advisory CVE-2025-24070: .NET Elevation of Privilege Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 9.0, ASP.NET Core 8.0, ASP.NET Core 6.0, and ASP.NET Core 2.3. This advisory also...
CVE-2025-24055
CVE-2025-24055 is a Windows USB Video Driver vulnerability described as an out-of-bounds read that could allow an authorized attacker to disclose information with a physical attack. The CVSSv3.1 base score is 4.3 (Medium), with privileges required as Low, attack vector Physical, and impact restri...
Security Advisory 0112
Security Advisory 0112 . CSAF PDF Date: March 11, 2025 Revision | Date | Changes ---|---|--- 1.0 | March 11, 2025 | Initial release The CVE-ID tracking this issue: CVE-2024-9448 CVSSv3.1 Base Score: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Common Weakness Enumeration: CWE-284 Improper...
Debian: Security Advisory (DSA-5873-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Linux Distros Unpatched Vulnerability : CVE-2017-5433
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller whil...
Linux Distros Unpatched Vulnerability : CVE-2020-15658
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier...
GO-2025-3489 Rancher's SAML-based login via CLI can be denied by unauthenticated users in github.com/rancher/rancher
Rancher's SAML-based login via CLI can be denied by unauthenticated users in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...
CVE-2025-1857
Summary of CVE-2025-1857 (PHPGurukul Nipah Virus Testing Management System 1.0) A critical SQL injection vulnerability exists in an unspecified part of the file /check_availability.php, caused by manipulation of the employeeid argument. The issue allows remote initiation of an attack and the expl...
CVE-2025-1744
Out-of-bounds Write vulnerability in radareorg radare2 allows heap-based buffer over-read or buffer overflow.This issue affects radare2: before 5.9.9...
Security Bulletin: Vulnerability in paramiko affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2023-48795]
Summary The paramiko package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2023-48795. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH befo...
CVE-2022-49325
In the Linux kernel, the following vulnerability has been resolved: tcp: add accessors to read/set tp-sndcwnd We had various bugs over the years with code breaking the assumption that tp-sndcwnd is greater than zero. Lately, syzbot reported the WARNONONCE!tp-priorcwnd added in commit 8b8a321ff72c...
Security Advisory 0111
Security Advisory 0111 . CSAF PDF Date: February 25, 2025 Revision | Date | Changes ---|---|--- 1.0 | February 25, 2025 | Initial release The CVE-ID tracking this issue: CVE-2025-1259 CVSSv3.1 Base Score: 7.7 CVSS:3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Common Weakness Enumeration: CWE-284:...
GHSA-5FWX-P6XH-VJRH Mattermost allows reading arbitrary files related to importing boards
Mattermost versions 10.4.x = 10.4.1, 9.11.x = 9.11.7, 10.3.x = 10.3.2, 10.2.x = 10.2.2 fail to properly validate board blocks when importing boards which allows an attacker could read any arbitrary file on the system via importing and exporting a specially crafted import archive in Boards...
CVE-2024-11346
: Access of Resource Using Incompatible Type 'Type Confusion' vulnerability in Lexmark International CX, XC, CS, et. Al. Postscript interpreter modules allows Resource Injection.This issue affects CX, XC, CS, et. Al.: from 001.001:0 through 081.231, from ..P001 through ..P233, from ..P001 through...
PT-2025-6190 · Unknown · Octopus Server
Name of the Vulnerable Software and Affected Versions: Octopus Server affected versions not specified Description: The issue arises from the unsafe handling of error messages on the error page in affected versions of Octopus Server. If an adversary can control any part of the error message, they...
PT-2025-6221 · Undefined · Undefined
Name of the Vulnerable Software and Affected Versions: No information is available about the vulnerable software and its affected versions. Description: The reason for rejection is mentioned, but no further details are provided about the issue. Recommendations: At the moment, there is no...
PT-2025-6002 · Trojan · Trojan
Name of the Vulnerable Software and Affected Versions: trojan versions 2.0.0 through 2.15.3 Description: An issue in trojan allows a remote attacker to escalate privileges via the initialization interface "/auth/register". Recommendations: For trojan versions 2.0.0 through 2.15.3, consider...