CVE-2025-50904

There is an authentication bypass vulnerability in WinterChenS my-site thru commit 6c79286 2025-06-11. An attacker can exploit this vulnerability to access /admin/ API without any token...

PT-2025-34076 · Unknown · Onboardlite

Name of the Vulnerable Software and Affected Versions: OnboardLite versions with commit hash 6cca19e or later Description: An attacker can manipulate a link to the trusted application, redirecting users to a malicious external site upon access. This enables phishing, credential theft, malware...

PT-2025-34134 · Winterchens · My-Site

Name of the Vulnerable Software and Affected Versions: WinterChenS my-site versions through commit 6c79286 2025-06-11 Description: An authentication bypass allows unauthorized access to the /admin/ API without a token. Recommendations: Versions prior to commit 6c79286 2025-06-11 should be updated...

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release in the TIFFmallocExt, TIFFCheckRealloc, TIFFHashSetNew and InitCCITTFax3 functions of the tools/tiffcmp.c file. An attacker can cause resource exhaustion by repeatedly triggering the allocation of...

GHSA-CWGH-R52J-XH6C Liferay Portal Reflected Cross-Site Scripting Vulnerability in displayType Parameter

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.19...

Liferay Portal Reflected Cross-Site Scripting Vulnerability in displayType Parameter

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.19...

UBUNTU-CVE-2025-38594

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix UAF on sva unbind with pending IOPFs Commit 17fce9d2336d "iommu/vt-d: Put iopf enablement in domain attach path" disables IOPF on device by removing the device from its IOMMU's IOPF queue when the last IOPF-capabl...

CVE-2025-9147

CVE-2025-9147 affects the jasonclark getsemantic package up to version 040c96eb8cf9947488bd01b8de99b607b0519f7d. The vulnerability is a cross-site scripting flaw in an unknown function triggered by manipulating the view argument in /index.php. Remote exploitation is possible, and an exploit has b...

GHSA-7MXQ-H2R7-H449 Liferay Portal Email Modification Vulnerability via Calendar Portlet

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.6, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allow any authenticated user to modify the content of emails sent...

Linux Distros Unpatched Vulnerability : CVE-2025-38357

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: fuse: fix runtime warning on truncatefoliobatchexceptionals The WARNONONCE is introduced on...

Liferay Portal Vulnerable to Cross-Site Scripting

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7 allows a remote authenticated attacker to inject JavaScript code via the content page's name field. This malicious payload is then reflected and executed within the user...

IdMap from_iter may lead to uninitialized memory being freed on drop

Due to a flaw in the constructor idmap::IdMap::fromiter, ill-formed objects may be created in which the amount of actually initialized memory is less than what is expected by the fields of IdMap. Specifically, the field ids is initialized based on the capacity of the vector values, which is...

Linux Distros Unpatched Vulnerability : CVE-2022-35060

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0a32. CVE-2022-35060 Note that Nessus relies on the presenc...

Linux Distros Unpatched Vulnerability : CVE-2023-2030

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which an attack...

Linux Distros Unpatched Vulnerability : CVE-2022-35065

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x65f724. CVE-2022-35065 Note that Nessus relies on the...

Linux Distros Unpatched Vulnerability : CVE-2022-1193

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows a malicious actor to obtain details...

Linux Distros Unpatched Vulnerability : CVE-2024-0231

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft ...

Linux Distros Unpatched Vulnerability : CVE-2019-1010057

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nfdump 1.6.16 and earlier is affected by: Buffer Overflow. The impact is: The impact could range from a denial of service to local code execution. The component...

Linux Distros Unpatched Vulnerability : CVE-2022-35069

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b544e. CVE-2022-35069 Note that Nessus relies on the presenc...

CVE-2025-55192

HomeAssistant-Tapo-Control offers Control for Tapo cameras as a Home Assistant component. Prior to commit 2a3b80f, there is a code injection vulnerability in the GitHub Actions workflow .github/workflows/issues.yml. It does not affect users of the Home Assistant integration itself — it only impac...