CVE-2021-47729

Selea Targa IP OCR-ANPR Camera contains a stored cross-site scripting vulnerability in the 'fileslist' parameter that allows attackers to inject malicious HTML and script code. Attackers can send a POST request to /cgi-bin/getfile.php with crafted payload to execute arbitrary scripts in victim's...

EUVD-2025-201881

A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote Code Execution RCE in the server. The flaw stemmed from weak validation of uploaded Python package code. An attacker could upload a package containi...

CVE-2025-13428

A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote Code Execution RCE in the server. The flaw stemmed from weak validation of uploaded Python package code. An attacker could upload a package containi...

UBUNTU-CVE-2023-53822

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Ignore frags from uninitialized peer in dp. When max virtual ap interfaces are configured in all the bands with ACS and hostapd restart is done every 60s, a crash is observed at random times. In this certain scenari...

CVE-2025-13428 RCE in SecOps SOAR server via user-provided Python packages

A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote Code Execution RCE in the server. The flaw stemmed from weak validation of uploaded Python package code. An attacker could upload a package containi...

CVE-2025-13428 RCE in SecOps SOAR server via user-provided Python packages

A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote Code Execution RCE in the server. The flaw stemmed from weak validation of uploaded Python package code. An attacker could upload a package containi...

CVE-2023-53822 wifi: ath11k: Ignore frags from uninitialized peer in dp.

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Ignore frags from uninitialized peer in dp. When max virtual ap interfaces are configured in all the bands with ACS and hostapd restart is done every 60s, a crash is observed at random times. In this certain scenari...

GO-2025-4180 Step CA Has Authorization Bypass in ACME and SCEP Provisioners in github.com/smallstep/certificates

Step CA Has Authorization Bypass in ACME and SCEP Provisioners in github.com/smallstep/certificates...

📄 ClipBucket 5.5.2 Build 90 Practical Exploitation Tool

An enhanced Python penetration testing tool designed specifically for ClipBucket video sharing platform vulnerability assessment and exploitation. It checks for remote command execution, file upload, SQL injection, local file inclusion, and more. It affects ClipBucket version 5.5.2 Build 90...

Exploit for Deserialization of Untrusted Data in Facebook React

Next.js RCE Patcher CVE-2025-55182 A simple, automated tool...

CVE-2025-55753

An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures 30 days in default configurations, to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeeds. This issue affects Apache HTTP Server: fro...

EUVD-2025-201295

When a WF200/WGM160P device is configured to operate as an Access Point, it may be vulnerable to a denial of service triggered by a malformed packet. The device may recover automatically or require a hard reset...

Nextcloud Calendar 安全漏洞

Nextcloud Calendar is an open source calendar application from Nextcloud. A security vulnerability exists in Nextcloud Calendar versions prior to 4.7.17 and prior to 5.2.4, which stems from a malicious user being able to create specially crafted attachments that could result in files being...

PT-2025-49290

Name of the Vulnerable Software and Affected Versions Nextcloud Calendar versions prior to 4.7.17 Nextcloud Calendar versions prior to 5.2.4 Description A malicious user could create a calendar event with a specially crafted attachment that links to a file on the same Nextcloud server. This actio...

CVE-2025-12986

When a WF200/WGM160P device is configured to operate as an Access Point, it may be vulnerable to a denial of service triggered by a malformed packet. The device may recover automatically or require a hard reset...

Important: Red Hat Security Advisory: abrt security update

An update for abrt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Update Chrome now: Google fixes 13 security issues affecting billions

Google has released an update for its Chrome browser that includes 13 security fixes, four of which are classified as high severity. One of these was found in Chrome’s Digital Credentials feature–a tool that lets you share verified information from your digital wallet with websites so you can pro...

Exploit for CVE-2025-55182

React 19 & Next.js Security Fix Prompts for AI Agents 🚨 CRI...

PT-2025-49159

Name of the Vulnerable Software and Affected Versions WF200/WGM160P affected versions not specified Description A device operating as an Access Point may experience a denial of service when processing a malformed packet. The device may automatically recover or require a hard reset. Recommendation...

ALSA-2025:22760 Important: abrt security update

The Automatic Bug Reporting Tool ABRT recognizes defects in applications and creates bug reports that help maintainers fix the defects. ABRT uses a plug-in system to extend its functionality. Security Fixes: abrt: Command-injection in ABRT leading to local privilege escalation CVE-2025-12744 For...