EUVD-2025-35868

jshERP up to commit fbda24da was discovered to contain an unauthenticated remote code execution RCE vulnerability via the jsherp function...

EUVD-2025-35863

Antabot White-Jotter up to commit 9bcadc was discovered to contain an unauthenticated remote code execution RCE vulnerability via the component /api/aaa;/../register...

CVE-2025-60803

Antabot White-Jotter up to commit 9bcadc was discovered to contain an unauthenticated remote code execution RCE vulnerability via the component /api/aaa;/../register...

CVE-2025-60801

jshERP up to commit fbda24da was discovered to contain an unauthenticated remote code execution RCE vulnerability via the jsherp function...

CVE-2025-60801

jshERP up to commit fbda24da was discovered to contain an unauthenticated remote code execution RCE vulnerability via the jsherp function...

CVE-2025-60801

jshERP up to commit fbda24da was discovered to contain an unauthenticated remote code execution RCE vulnerability via the jsherp function...

PT-2025-43650

Name of the Vulnerable Software and Affected Versions jshERP versions prior to commit fbda24da Description The software contains an unauthenticated remote code execution RCE issue via the jsh erp function. This allows for the execution of arbitrary code without authentication. Recommendations...

PT-2025-43660

Name of the Vulnerable Software and Affected Versions Antabot White-Jotter versions prior to commit 9bcadc Description The software contains an unauthenticated remote code execution RCE issue. The issue is present via the /api/aaa;/../register component. The vulnerability allows for the execution...

CVE-2025-60803

Antabot White-Jotter up to commit 9bcadc was discovered to contain an unauthenticated remote code execution RCE vulnerability via the component /api/aaa;/../register...

CVE-2025-60803

CVE-2025-60803 affects Antabot White-Jotter up to commit 9bcadc, with an unauthenticated remote code execution via the component /api/aaa;/../register. The issue is caused by the specific path handling in that component, enabling arbitrary code execution without authentication. Affected versions ...

PT-2025-43672

Name of the Vulnerable Software and Affected Versions Emlog versions prior to the commit 1f726df Emlog Pro version 2.5.23 Description Emlog Pro version 2.5.23 contains a flaw related to session verification codes. A clearing logic error allows the reuse of email verification codes in any context...

CVE-2025-62614 BookLore Media API Authentication Bypass

BookLore is a self-hosted web app for organizing and managing personal book collections. In versions 1.8.1 and prior, an authentication bypass vulnerability in the BookMediaController allows any unauthenticated user to access and download book covers, thumbnails, and complete PDF/CBX page content...

EUVD-2025-35633

BookLore is a self-hosted web app for organizing and managing personal book collections. In versions 1.8.1 and prior, an authentication bypass vulnerability in the BookMediaController allows any unauthenticated user to access and download book covers, thumbnails, and complete PDF/CBX page content...

EUVD-2023-59999

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: qmiencdec: Restrict string length in decode The QMI TLV value for strings in a lot of qmi element info structures account for null terminated strings with MAXLEN + 1. If a string is actually MAXLEN + 1 length, this wil...

EUVD-2022-54880

In the Linux kernel, the following vulnerability has been resolved: ext4: filter out EXT4FCREPLAY from on-disk superblock field sstate The EXT4FCREPLAY bit in sbi-smountstate is used to indicate that we are in the middle of replay the fast commit journal. This was actually a mistake, since the...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987630)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987630 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: memleak flow rule from commit path Abort path release flow rule object,...

Heap-buffer-overflow in nftnl::Batch::with_page_size (nftnl-rs)

A heap-buffer-overflow vulnerability exists in the Rust wrapper for libnftnl, triggered via the nftnl::Batch::withpagesize constructor. When a small or malformed page size is provided, the underlying C code allocates an insufficient buffer, leading to out-of-bounds writes during batch...

JLSEC-2025-76 Possible cross-site scripting vulnerability in libxml after commit 960f0e2.

Possible cross-site scripting vulnerability in libxml after commit 960f0e2...

JLSEC-2025-69 GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesIntern...

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e...

CVE-2025-60639

Hardcoded credentials in gsigel14 ATLAS-EPIC commit f29312c 2025-05-26...