13663 matches found
PT-2025-47474
Name of the Vulnerable Software and Affected Versions i-Educar versions prior to 2.10.0 Description i-Educar is school management software. A time-based SQL injection exists in the ieducar/intranet/funcionario vinculo cad.php script for authenticated users. An attacker with an authenticated sessi...
PT-2025-47475
Name of the Vulnerable Software and Affected Versions i-Educar versions prior to 2.10.0 Description i-Educar is school management software with a flaw that allows an authenticated attacker to execute arbitrary SQL commands against the application's database. This is due to a time-based SQL...
Expired Pointer Dereference
Overview Affected versions of this package are vulnerable to Expired Pointer Dereference via mongocbulkoperationt when large options are passed. An attacker can cause the application to read invalid memory. Remediation Upgrade mongo-c-driver to version 1.30.6 or higher. References - GitHub Commit...
curl: Double free in tool_ssls_load()
Summary: There is a double-free bugs in toolsslsload, which can happen at line 83-84 or 129-130 toolssls.c: c curlfreeshmac; curlfreesdata; The root cause is that line 83-84 did not reset shmac and sdata to NULL. If the seesion is malformed, the double-free will be triggerd. No AI was used to fin...
Security Bulletin: NVIDIA Isaac-GR00T - November 2025
NVIDIA has released a software update for NVIDIA Isaac-GR00T. To protect your system, install software from GitHub commit 7f53666 of NVIDIA Isaac-GR00T. Go to NVIDIA Product Security...
drm/amd/display: Do not set DRR on pipe Commit
...
CVE-2025-64482
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap Community Edition prior to version 16.13.99.1762267347 and Tuleap Enterprise Edition prior to versions 17.01-, 16.13-6, and 16.12-9 don't have cross-site request forgery protections in the file...
CVE-2025-64117
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap Community Edition prior to version 16.13.99.1761813675 and Tuleap Enterprise Edition prior to versions 16.13-5 and 16.12-8 don't have cross-site request forgery protection in the management of...
EUVD-2025-175319
Lichess lila before commit 11b4c0fb00f0ffd823246f839627005459c8f05c 2025-06-02 contains a Server-Side Request Forgery SSRF vulnerability in the game export API. The players parameter is passed directly to an internal HTTP client without validation, allowing remote attackers to force the server to...
NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service (DoS) condition.
...
NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service (DoS) condition.
...
PT-2025-46842
šØ CVE-2025-52186 Lichess lila before commit 11b4c0fb00f0ffd823246f839627005459c8f05c 2025-06-02 contains a Server-Side Request Forgery SSRF vulnerability in the game export API. The players parameter is passed directly to an internal HTTP client without validation, allowing remote attackers to...
CVE-2025-64482
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap Community Edition prior to version 16.13.99.1762267347 and Tuleap Enterprise Edition prior to versions 17.01-, 16.13-6, and 16.12-9 don't have cross-site request forgery protections in the file...
CVE-2025-64482
Tuleap CSRF vulnerability (CVE-2025-64482) affects File Release System in Tuleap Community Edition before 16.13.99.1762267347 and Tuleap Enterprise Edition before 17.01-, 16.13-6, or 16.12-9. The issue arises from lack of cross-site request forgery protections, potentially allowing an attacker to...
CVE-2025-64482 Tuleap missing CSRF protections in the File Release System
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap Community Edition prior to version 16.13.99.1762267347 and Tuleap Enterprise Edition prior to versions 17.01-, 16.13-6, and 16.12-9 don't have cross-site request forgery protections in the file...
CVE-2025-64482 Tuleap missing CSRF protections in the File Release System
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap Community Edition prior to version 16.13.99.1762267347 and Tuleap Enterprise Edition prior to versions 17.01-, 16.13-6, and 16.12-9 don't have cross-site request forgery protections in the file...
CVE-2025-64117
CVE-2025-64117 affects Tuleap, where both Community Edition (pre-16.13.99.1761813675) and Enterprise Edition (pre-16.13-5 and pre-16.12-8) lack cross-site request forgery (CSRF) protection in SVN commit rules and immutable tags management. The root cause is missing CSRF protection in the affected...
CVE-2025-64117 Tuleap missing CSRF protection in the management of SVN commit rules and immutable tags
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap Community Edition prior to version 16.13.99.1761813675 and Tuleap Enterprise Edition prior to versions 16.13-5 and 16.12-8 don't have cross-site request forgery protection in the management of...
CVE-2025-64117 Tuleap missing CSRF protection in the management of SVN commit rules and immutable tags
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap Community Edition prior to version 16.13.99.1761813675 and Tuleap Enterprise Edition prior to versions 16.13-5 and 16.12-8 don't have cross-site request forgery protection in the management of...
Malicious code in commitizen-ursa-figures-winston (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36d2b2b10f8fe2f0581eb6d7fbf66437e6265cf09e3d3bd6f0e3e5ac26422761 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...