PT-2025-48203

Name of the Vulnerable Software and Affected Versions Suricata versions prior to 7.0.13 Suricata versions prior to 8.0.2 Description Suricata is a network IDS, IPS and NSM engine. A heap overflow can occur when logging verdict information in eve.alert and eve.drop records for versions prior to...

CVE-2025-12468

The FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.4.1 via the '/wc-coupons/' REST API endpoint. This is due to the endpoint being marked as a...

Lexmark Printers 7PK - Security Features (CVE-2019-10059)

The legacy finger service TCP port 79 is enabled by default on various older Lexmark devices. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989641)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989641 advisory. In the Linux kernel, the following vulnerability has been resolved: tcp: tcprtxsynack can be called from process context Laurent reported the enclosed report 1 This...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988820)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988820 advisory. In the Linux kernel, the following vulnerability has been resolved: ima: Fix a potential integer overflow in imaappraisemeasurement When the ima-modsig is enabled, t...

can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled

...

Apache Tomcat 9.0.0-M1 < 9.0.109 Multiple Vulnerabilities

The version of Apache Tomcat installed on the remote host is 9.0.0-M1 prior to 9.0.109, 10.1.0-M1 prior to 10.1.45 or 11.0.0-M1 prior to 11.0.11. It is, therefore, affected by multiple vulnerabilities : - Console manipulation via escape sequences in log messages. CVE-2025-55754 - Directory...

Apache Tomcat 10.1.0-M1 < 10.1.45 Multiple Vulnerabilities

The version of Apache Tomcat installed on the remote host is 9.0.0-M1 prior to 9.0.109, 10.1.0-M1 prior to 10.1.45 or 11.0.0-M1 prior to 11.0.11. It is, therefore, affected by multiple vulnerabilities : - Console manipulation via escape sequences in log messages. CVE-2025-55754 - Directory...

CVE-2025-34501 Shuffle Master Deck Mate 2 Hard-coded Credentials & Exposed Services

Deck Mate 2 is distributed with static, hard-coded credentials for the root shell and web user interface, while multiple management services SSH, HTTP, Telnet, SMB, X11 are enabled by default. If an attacker can reach these interfaces - most often through local or near-local access such as...

CVE-2025-40107 can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled

In the Linux kernel, the following vulnerability has been resolved: can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled This issue is similar to the vulnerability in the mcp251x driver, which was fixed in commit 03c427147b2d "can: mcp251x: fix resume fr...

CVE-2025-48397

The privileged user could log in without sufficient credentials after enabling an application protocol. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS 7.3.0.SCP004...

Light & Wonder Deck Mate 安全漏洞

Light & Wonder Deck Mate is an automated licensing device from Light & Wonder UK. A security vulnerability exists in the Light & Wonder Deck Mate that stems from the use of hard-coded credentials and the enabling of multiple management services by default, which could lead to unauthorized...

CVE-2025-46363

Dell Secure Connect Gateway SCG 5.0 Application and Appliance versions 5.26.00.00 - 5.30.00.00, contain a Relative Path Traversal vulnerability in the SCG exposed for an internal collection download REST API if this REST API is enabled by Admin user from UI. A low privileged attacker with remote...

CVE-2025-30189

When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted...

CVE-2025-46363

Dell Secure Connect Gateway SCG 5.0 Application and Appliance versions 5.26.00.00 - 5.30.00.00, contain a Relative Path Traversal vulnerability in the SCG exposed for an internal collection download REST API if this REST API is enabled by Admin user from UI. A low privileged attacker with remote...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the exampledagdecorator function. An attacker can execute arbitrary commands on the worker by supplying a crafted parameter through the UI. Note: This is only exploitable if example DAGs are enabled in production o...

CVE-2025-54941 Apache Airflow: Command injection in "example_dag_decorator"

An example dag exampledagdecorator had non-validated parameter that allowed the UI user to redirect the example to a malicious server and execute code on worker. This however required that the example dags are enabled in production not default or the example dag code copied to build your own...

CVE-2025-62257

CVE-2025-62257 affects Liferay Portal 7.4.0 through 7.4.3.119 and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92. The connected documents describe a password enumeration vulnerabilit...

CVE-2025-64103

Starting from 2.53.6, 2.54.3, and 2.55.0, Zitadel only required multi factor authentication in case the login policy has either enabled requireMFA or requireMFAForLocalUsers. If a user has set up MFA without this requirement, Zitadel would consider single factor auhtenticated sessions as valid as...

kernel: sctp: linearize cloned gso packets in sctp_rcv

A flaw use of uninitialized memory uncontrolled and invisible by attacker in the Linux kernel SCTP transport protocol was found in the way user triggers malicious SCTP packets. A remote user could use this flaw to crash the system. The bug actual only for systems where SCTP protocol being enabled...