CVE-2025-8447 Incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed read-only access

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed users with access to any repository to retrieve limited code content from another repository by creating a diff between the repositories. To exploit this vulnerability, an attacker needed to know the...

CVE-2025-55526

n8n-workflows Main Commit ee25413 allows attackers to execute a directory traversal via the downloadworkflow function within apiserver.py...

PT-2025-34777 · Notescms · Notescms

Name of the Vulnerable Software and Affected Versions: NotesCMS versions prior to commit 95322c5121dbd7070f3bd54f2848079654a0a8ea dated 2025-03-31 Description: A stored cross-site scripting XSS vulnerability exists in NotesCMS. The vulnerability is located on the /index.php?route=categories page...

PT-2025-34776 · Notescms · Notescms

Name of the Vulnerable Software and Affected Versions: NotesCMS versions prior to commit 95322c5121dbd7070f3bd54f2848079654a0a8ea Description: A vulnerability exists in NotesCMS, specifically within the /index.php?route=notes page. Manipulation of the title of service descriptions leads to a stor...

PT-2025-34727

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.18 GitHub Enterprise Server versions 3.14.17 GitHub Enterprise Server versions 3.15.12 GitHub Enterprise Server versions 3.16.8 GitHub Enterprise Server versions 3.17.5 Description: An improper...

Linux Distros Unpatched Vulnerability : CVE-2022-38233

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::readMCURow at /xpdf/Stream.cc. CVE-2022-38233 Note that Nessus relies on t...

Linux Distros Unpatched Vulnerability : CVE-2023-1072

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions starting from 9.0 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions...

GHSA-6HGW-6X87-578X ImageMagick has Undefined Behavior (function-type-mismatch) in CloneSplayTree

Summary - Target: ImageMagick commit ecc9a5eb456747374bae8e07038ba10b3d8821b3 - Type: Undefined Behavior function-type-mismatch in splay tree cloning callback - Impact: Deterministic abort under UBSan DoS in sanitizer builds. No crash in a non-sanitized build; likely low security impact. - Trigge...

CVE-2025-48005

A heap-based buffer overflow vulnerability exists in the RHS2000 parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch 35a819fa. A specially crafted RHS2000 file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2025-53518

An integer overflow vulnerability exists in the ABF parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch 35a819fa. A specially crafted ABF file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2025-53853

A heap-based buffer overflow vulnerability exists in the ISHNE parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch 35a819fa. A specially crafted ISHNE ECG annotations file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this...

CVE-2025-54491

A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch 35a819fa. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This...

CVE-2025-54485

A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch 35a819fa. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This...

CVE-2025-54482

A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch 35a819fa. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This...

Linux Distros Unpatched Vulnerability : CVE-2016-9646

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder-field method similar to the CGI-param API that led to Bugzilla's CVE-2014-1572, which can be...

CVE-2025-9384 appneta tcpreplay parse_args.c tcpedit_post_args null pointer dereference

A vulnerability was detected in appneta tcpreplay up to 4.5.1. Impacted is the function tcpeditpostargs of the file /src/tcpedit/parseargs.c. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit is now public and may be used. Upgrading t...

CVE-2025-38672

CVE-2025-38672 concerns a Linux kernel issue where the dma_buf field in struct drm_gem_object is not stable over a GEM object’s lifetime, leading to NULL-pointer dereference when the final GEM handle is released. The fix reverts the earlier change by reverting drm/gem-dma: Use dma_buf from GEM ob...

CVE-2025-50904

There is an authentication bypass vulnerability in WinterChenS my-site thru commit 6c79286 2025-06-11. An attacker can exploit this vulnerability to access /admin/ API without any token...

Linux Distros Unpatched Vulnerability : CVE-2023-30847

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - H2O is an HTTP server. In versions 2.3.0-beta2 and prior, when the reverse proxy handler tries to processes a certain type of invalid HTTP request, it tries to...

OS Command Injection

Overview @wong2/mcp-cli is an A CLI inspector for the Model Context Protocol Affected versions of this package are vulnerable to OS Command Injection via the redirectToAuthorization function in src/oauth/provider.js. Attackers can setup a MCP server with compatible OAuth authorization server...