gitk: git script execution flaw

There's a vulnerability in gitk where an user can be tricked to run malicious scripts supplied by the attacker when running gitk filename command. When successfully exploited this vulnerability may result in arbitrary code execution...

PT-2025-30333 · Unknown · Livehelperchat

Name of the Vulnerable Software and Affected Versions: Live Helper Chat version 4.60 Description: A stored cross-site scripting XSS vulnerability exists in the chat transfer function. Attackers can execute arbitrary web scripts or HTML by injecting a crafted payload into the operator name...

CVE-2025-7889

A vulnerability was found in CallApp Caller ID App up to 2.0.4 on Android. It has been classified as problematic. Affected is an unknown function of the file AndroidManifest.xml of the component caller.id.phone.number.block. The manipulation leads to improper export of android application...

OAuth Dynamic Client Registration Permissive Metadata Field

OAuth Dynamic Client Registration allows for various metadata fields such as 'clientname', 'websiteuri' during the registration process. When the OAuth server accepts permissive values for such fields, such as ones starting with javascript://, an attacker could exploit this to perform Cross-Site...

CVE-2024-49784

IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data with AES encryption and CBC mode. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data values...

CVE-2025-42992 Multiple Privilege Escalation Vulnerabilities in SAPCAR

SAPCAR allows an attacker logged in with high privileges to create a malicious SAR archive in SAPCAR. This could enable the attacker to exploit critical files and directory permissions without breaking signature validation, resulting in potential privilege escalation. This has high impact on...

PT-2025-28507 · Microsoft · Windows Virtualization-Based Security +2

Name of the Vulnerable Software and Affected Versions: Windows Virtualization-Based Security VBS Enclave affected versions not specified Description: The issue is related to a protection mechanism failure in Windows Virtualization-Based Security VBS Enclave, allowing an authorized attacker to...

PT-2025-28526 · Microsoft · Windows Mbt Transport Driver +1

Name of the Vulnerable Software and Affected Versions: Windows MBT Transport driver affected versions not specified Description: The issue is related to an integer underflow, also known as a wrap or wraparound, in the Windows MBT Transport driver. This allows an authorized attacker to elevate...

The vulnerability of the ext4_ind_migrate() function in the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the ext4indmigrate function in the Linux operating system is related to insufficient locking mechanisms. Exploiting this vulnerability could allow an attacker to trigger a service failure...

CVE-2025-6224

CVE-2025-6224 affects juju/utils (cert.NewLeaf). The issue allows a certificate generated by cert.NewLeaf to reveal the private key if the cert is later sent in plaintext over the network. Multiple sources (NVD, Red Hat, OSV, GHSA) confirm the leak in juju/utils and reference the same root cause....

CVE-2025-36026

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link an...

CVE-2025-48470 Stored Cross site Scripting (XSS)

Successful exploitation of the stored cross-site scripting vulnerability could allow an attacker to inject malicious scripts into device fields and executed in other users’ browser, potentially leading to session hijacking, defacement, credential theft, or privilege escalation...

The vulnerability of the ptp_ocp_probe() function in the drivers/ptp/ptp_ocp.c kernel module of the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the ptpocpprobe function in the drivers/ptp/ptpocp.c kernel module of the Linux operating system is related to security configuration errors. Exploiting this vulnerability can allow a attacker to cause service failures...

CVE-2025-5478

Sony XAV-AX8500 Bluetooth SDP Protocol Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability. The...

PT-2025-26300 · Unknown · Phpgurukul Directory Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Directory Management System version 1.0 Description: A critical vulnerability was found in the PHPGurukul Directory Management System. The issue affects an unknown functionality of the file /admin/search-directory.php. The...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the listNames function. An attacker can cause significant CPU consumption and degrade server performance by supplying a crafted regular expression and influencing the set of resource names...

TencentOS Server 3: unbound (TSSA-2024:0112)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0112 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

CVE-2025-49199 Backup files can be modified and uploaded

The backup ZIPs are not signed by the application, leading to the possibility that an attacker can download a backup ZIP, modify and re-upload it. This allows the attacker to disrupt the application by configuring the services in a way that they are unable to run, making the application unusable...

CVE-2025-29756

The CVE-2025-29756 entry describes a vulnerability in SunGrow iSolarCloud’s MQTT service used by the backend for device data transport. The MQTT broker reportedly lacks sufficient topic-subscription restrictions, enabling a user with an iSolarCloud account to subscribe to any topic (notably the a...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...