Apple macOS Sequoia Privilege Restriction Insufficiency Vulnerability

Apple macOS Sequoia is an operating system announced by Apple on June 10, 2024 at the WWDC24 developer conference. Apple macOS Sequoia suffers from an insufficient privilege restriction vulnerability that can be exploited by an attacker to cause the disclosure of sensitive user data...

Exploit for CVE-2025-12907

Chrome DevTools RCE Exploit CVE-2025-12907 Overview This...

CVE-2025-12909

Insufficient policy enforcement in Devtools in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to leak cross-origin data via Devtools. Chromium security severity: Low...

EUVD-2025-38338

Insufficient validation of untrusted input in Devtools in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to execute arbitrary code via user action in Devtools. Chromium security severity: Low...

PT-2025-45387

Name of the Vulnerable Software and Affected Versions 3scale Developer Portal affected versions not specified Description A flaw exists in the 3scale developer portal that could allow account creation or updates through hidden or read-only fields. This allows an attacker to potentially access or...

CVE-2025-63418

Summary: CVE-2025-63418 affects the SelfBest platform 2023.3. The issue is a DOM-based XSS caused by client-side code performing direct DOM manipulation without adequate sanitization or a CSP. This could allow an attacker to execute arbitrary JavaScript in a logged-in user’s context, potentially ...

CVE-2025-62369 Xibo CMS: Remote Code Execution through module templates

Xibo is an open source digital signage platform with a web content management system CMS. Versions 4.3.0 and below contain a Remote Code Execution vulnerability in the CMS Developer menu's Module Templating functionality, allowing authenticated users with "System - Add/Edit custom modules and...

Xibo CMS 安全漏洞

Xibo CMS is an open source content management system from Xibo Digital Signage. A security vulnerability exists in Xibo CMS 4.3.0 and prior versions, which stems from a mishandled Twig filter in the Module Templates feature in the CMS Developer menu, which could lead to remote code execution...

Important: Red Hat Security Advisory: Red Hat Developer Hub 1.7.2 release.

Red Hat Developer Hub 1.7.2 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

CarLux 安全漏洞

CarLux is a car booking system by the individual developer AKSHIT SONANI. A security vulnerability exists in CarLux version 1.0, which originates from a SQL injection vulnerability in the file /carlux/sign-in.php...

EUVD-2025-37028

Kanova Android App version 1.0.27 package name com.karelane, developed by Karely L.L.C., contains improper access control vulnerabilities. Attackers may gain unauthorized access to user details and obtain group information, including entry codes, by manipulating API request parameters. Successful...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in nimbus-jose-jwt

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in nimbus-jose-jwt Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of servic...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer Vulnerability Details CVEID:CVE-2025-7338 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts.1 and prio...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in flask-3.1.0-py3-none-any.whl

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in flask-3.1.0-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in net/http

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in net/http Vulnerability Details CVEID:CVE-2025-4673 DESCRIPTION: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVSS...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in setuptools

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in setuptools Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by torch

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by torch Vulnerability Details CVEID:CVE-2025-2953 DESCRIPTION: A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnnmaxpool2d...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in protobuf

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in protobuf Vulnerability Details CVEID:CVE-2025-4565 DESCRIPTION: Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer Vulnerability Details CVEID:CVE-2025-48997 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts.1 and pri...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer Vulnerability Details CVEID:CVE-2025-47944 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts.1 and pri...