OpenUSD File Parsing Use-After-Free Remote Code Execution Vulnerability

Patch This is fixed with commit b953092, with the fix available in OpenUSD 25.11 and onwards. Summary We have been advised by Zero Day Initiative that our usage of the USD framework may constitute a Use-After-Free Remote Code Execution Vulnerability. They have sent us the attached file illustrati...

CVE-2025-62797

FluxCP is a web-based Control Panel for rAthena servers written in PHP. A critical Cross-Site Request Forgery CSRF vulnerability exists in the FluxCP-based website template used by multiple rAthena/Ragnarok servers. State-changing POST endpoints accept browser-initiated requests that are authoriz...

EUVD-2025-36690

FluxCP is a web-based Control Panel for rAthena servers written in PHP. A critical Cross-Site Request Forgery CSRF vulnerability exists in the FluxCP-based website template used by multiple rAthena/Ragnarok servers. State-changing POST endpoints accept browser-initiated requests that are authoriz...

CVE-2025-60800

Incorrect access control in the /jshERP-boot/user/info interface of jshERP up to commit 90c411a allows attackers to access sensitive information via a crafted GET request...

Siemens SIMATIC Devices Use After Free (CVE-2023-5197)

A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. Addition and removal of rules from chain bindings within the same transaction causes leads to use-after-free. We recommend upgrading past commit...

Siemens SIMATIC Devices Use After Free (CVE-2023-3389)

A use-after-free vulnerability in the Linux Kernel iouring subsystem can be exploited to achieve local privilege escalation. Racing a iouring cancel poll request with a linked timeout can cause a UAF in a hrtimer. We recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59...

CVE-2025-60800

Incorrect access control in the /jshERP-boot/user/info interface of jshERP up to commit 90c411a allows attackers to access sensitive information via a crafted GET request...

PT-2025-44195

Name of the Vulnerable Software and Affected Versions jshERP versions prior to commit 90c411a Description An access control issue exists in the /jshERP-boot/user/info interface of jshERP. An attacker can obtain sensitive information by sending a specially crafted GET request to this interface. Th...

EUVD-2025-35953

GitLab has remediated an issue in GitLab EE affecting all versions from 10.6 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker to trigger unauthorized pipeline executions by manipulating commits...

UBUNTU-CVE-2025-11971

GitLab has remediated an issue in GitLab EE affecting all versions from 10.6 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker to trigger unauthorized pipeline executions by manipulating commits...

CVE-2025-11971 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 10.6 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker to trigger unauthorized pipeline executions by manipulating commits...

CVE-2025-11971

Removed by vendor...

CVE-2025-11971 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 10.6 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker to trigger unauthorized pipeline executions by manipulating commits...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab EE version 10.6 up to and including...

Siemens SIMATIC Devices Loop with Unreachable Exit Condition (CVE-2024-43828)

In the Linux kernel, the following vulnerability has been resolved: ext4: fix infinite loop when replaying fastcommit When doing fastcommit replay an infinite loop may occur due to an uninitialized extentstatus struct. ext4extdetermineinserthole does not detect the replay and calls...

CVE-2025-62717

Emlog is an open source website building system. In version 2.5.23, Emlog Pro is vulnerable to a session verification code error due to a clearing logic error. This means the verification code could be reused anywhere an email verification code is required. This issue has been fixed in commit...

CVE-2025-60803

Antabot White-Jotter up to commit 9bcadc was discovered to contain an unauthenticated remote code execution RCE vulnerability via the component /api/aaa;/../register...

CVE-2025-62717

Emlog is an open source website building system. In version 2.5.23, Emlog Pro is vulnerable to a session verification code error due to a clearing logic error. This means the verification code could be reused anywhere an email verification code is required. This issue has been fixed in commit...

EUVD-2025-35889

Emlog is an open source website building system. In version 2.5.23, Emlog Pro is vulnerable to a session verification code error due to a clearing logic error. This means the verification code could be reused anywhere an email verification code is required. This issue has been fixed in commit...

CVE-2025-62717

CVE-2025-62717 affects Emlog Pro 2.5.23, where a clearing-logic error in session verification code allows reuse of verification codes. The issue has a fix in commit 1f726df. Remediation: upgrade to a version including the fix (per the cited advisories). If upgrading is not possible, apply the pat...