CVE-2025-59026

CVE-2025-59026 affects Open-Xchange OX App Suite (and related advisories) where uploading a malicious file enables execution of script code when a user clicks attacker-controlled links. Actions may run in the user’s context and can include exfiltration of sensitive information. Public exploit det...

CVE-2025-30190

Malicious content at office documents can be used to inject script code when editing a document. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No publicly available...

CVE-2025-30186

CVE-2025-30186 affects Open-Xchange OX App Suite. Malicious content uploaded as a file can execute script code when users follow attacker-controlled links, enabling unintended actions within the user’s account and potential exfiltration of sensitive data. The impact is described as limited to the...

CVE-2025-13432

Terraform state versions can be created by a user with specific but insufficient permissions in a Terraform Enterprise workspace. This may allow for the alteration of infrastructure if a subsequent plan operation is approved by a user with approval permission or auto-applied. This vulnerability,...

PT-2025-47302

Name of the Vulnerable Software and Affected Versions SourceCodester Train Station Ticketing System version 1.0 Description A SQL injection weakness exists in the Train Station Ticketing System. This issue is related to the manipulation of the Username argument within the login functionality,...

PT-2025-47082

Name of the Vulnerable Software and Affected Versions PHPGurukul Tourism Management System version 1.0 Description A security flaw exists in PHPGurukul Tourism Management System 1.0. The issue is related to SQL injection within an unknown function of the file /admin/user-bookings.php. Manipulatio...

PT-2025-47003

Name of the Vulnerable Software and Affected Versions pojoin h3blog version 1.0 Description A flaw exists in pojoin h3blog version 1.0 where manipulation of the Name argument in an unknown function within the file '/admin/cms/material/add' can lead to cross site scripting. This issue is potential...

An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).

...

SUSE CVE-2025-60753

An issue was discovered in libarchive bsdtar before version 3.8.1 in function applysubstitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service Out-of-Memory crash...

PT-2025-45476

Name of the Vulnerable Software and Affected Versions Campcodes School File Management version 1.0 Description A security flaw exists in Campcodes School File Management 1.0. The issue is related to SQL injection, which can be triggered by manipulating the user id argument in the /admin/update...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990184)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990184 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/pm: Fix the null pointer dereference in applystateadjustrules Check the pointer value ...

CVE-2025-30188

Malicious or unintentional API requests can be used to add significant amount of data to caches. Caches may evict information that is required to operate the web frontend, which leads to unavailability of the component. Please deploy the provided updates and patch releases. No publicly available...

CVE-2022-50587

Nagios XI versions prior to 5.8.9 are vulnerable to cross-site scripting XSS via the Apply Configuration error text. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

CVE-2022-50587

Nagios XI versions prior to 5.8.9 are vulnerable to cross-site scripting XSS via the Apply Configuration error text. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

CVE-2022-50587

Nagios XI versions prior to 5.8.9 are vulnerable to cross-site scripting XSS via the Apply Configuration error text. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

CVE-2022-50587 Nagios XI < 5.8.9 Stored XSS via Command Names in Apply Config Error Text

Nagios XI versions prior to 5.8.9 are vulnerable to cross-site scripting XSS via the Apply Configuration error text. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

CVE-2022-50587 Nagios XI < 5.8.9 Stored XSS via Command Names in Apply Config Error Text

Nagios XI versions prior to 5.8.9 are vulnerable to cross-site scripting XSS via the Apply Configuration error text. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

CVE-2022-50587

CVE-2022-50587 affects Nagios XI prior to 5.8.9. The issue is a stored XSS via the Apply Configuration error text, caused by insufficient validation/escaping of user input in configuration commands. Impact is arbitrary script execution in a victim’s browser when the error text is processed. The p...

PT-2025-44484

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.8.9 Description The software is susceptible to a cross-site scripting XSS issue through the Apply Configuration error text. A lack of proper input validation or escaping of user-provided data could enable an...

PT-2025-43922

Name of the Vulnerable Software and Affected Versions CodeAstro Gym Management System version 1.0 Description A flaw exists in CodeAstro Gym Management System version 1.0 that allows for SQL injection. This occurs through manipulation of the ID argument in the file...