CVE-2025-27931

An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Editor version 10.5.2.395. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...

CVE-2025-8538

A vulnerability has been found in Portabilis i-Educar 2.10 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /usuarios/tipos/novo. The manipulation of the argument name/description leads to cross site scripting. The attack can be launched...

PT-2025-31935 · Tracker · Pdf-Xchange Editor

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor version 10.6.0.396 Description: An out-of-bounds read issue exists in the EMF functionality. Exploitation involves using a specially crafted EMF file, which could lead to the disclosure of sensitive information...

CVE-2025-4599

The fragment preview functionality in Liferay Portal 7.4.3.61 through 7.4.3.132, and Liferay DXP 2024.Q4.1 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.13 and 7.4 update 61 through update 92 was found to be vulnerable to postMessage-base...

CVE-2025-8495 code-projects Intern Membership Management System edit_admin_query.php sql injection

A vulnerability, which was classified as critical, was found in code-projects Intern Membership Management System 1.0. Affected is an unknown function of the file /admin/editadminquery.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack...

CVE-2025-54789

The CVE-2025-54789 entry relates to the Files module, specifically the File Move functionality. Versions ≤ 0.16.9 allow injection of arbitrary JavaScript, enabling Browser JavaScript execution in the user’s session. This is the underlying issue described across multiple sources (NVD, Red Hat advi...

CVE-2025-54789 Files is Vulnerable to Reflected Self-XSS through its File Move Functionality

Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, the File Move functionality does not contain logic that prevents injection of arbitrary JavaScript, which can lead to Browser JS code execution in the context of the user’s session. This is fixed i...

MAL-2025-191824 Malicious code in prof-tg-dooorto-qu (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b4b5d4d87a39a286c8665b40b510ac0016d0b71fcc83fde246dd1bca7402af09 Package silently exfiltrates user's credentials ahead of starting the promised functionality. First batch used simple code, the newer attempt to hide...

CVE-2025-8409

A vulnerability has been found in code-projects Vehicle Management 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /filter.php. The manipulation of the argument from leads to sql injection. The attack can be launched remotely. The exploit has...

CVE-2025-50849

CS Cart 4.18.3 is vulnerable to Insecure Direct Object Reference IDOR. The user profile functionality allows enabling or disabling stickers through a parameter companyid sent in the request. However, this operation is not properly validated on the server side. An authenticated user can manipulate...

CVE-2025-8378

A vulnerability was found in Campcodes Online Hotel Reservation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/index.php of the component Login. The manipulation of the argument username/password leads to sql injection. The attac...

MAL-2025-191827 Malicious code in prof-tg-go-qu (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e68d60babccd176fc8f6620e7b711731ff8d6b200d2141b318f1f09482c5a903 Package silently exfiltrates user's credentials ahead of starting the promised functionality. First batch used simple code, the newer attempt to hide...

MAL-2025-191825 Malicious code in prof-tg-gdghho-qu (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6df3141fefe81c96a851af6c8844be2deba7f120c5700fed083ef85087a132b0 Package silently exfiltrates user's credentials ahead of starting the promised functionality. First batch used simple code, the newer attempt to hide...

Malicious code in prof-tg-dggrto-qu (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a9dba23d808b6cdccaa1ceb5d393dd3b7774d71a2fdcde19ef7e1ea927a386ce Package silently exfiltrates user's credentials ahead of starting the promised functionality. First batch used simple code, the newer attempt to hide...

MAL-2025-191823 Malicious code in prof-tg-dggrto-qu (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a9dba23d808b6cdccaa1ceb5d393dd3b7774d71a2fdcde19ef7e1ea927a386ce Package silently exfiltrates user's credentials ahead of starting the promised functionality. First batch used simple code, the newer attempt to hide...

CVE-2025-27801

The Episerver Content Management System CMS by Optimizely was affected by multiple Stored Cross-Site Scripting XSS vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. ContentReference properties, which could be used in the "Edit"...

glibc security update

An update is available for glibc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The glibc packages provide the standard C libraries libc, POSIX thread librarie...

RLSA-2025:3828 Moderate: glibc security update

The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cache daemon nscd used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fixes: glibc:...

RLSA-2025:8246 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: wifi: rtw89: Fix array index mistake in rtw89stainfogetiter CVE-2024-43842 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other relat...

SAMSUNG DMS 安全漏洞

SAMSUNG DMS is a data management server from Samsung South Korea. A security vulnerability exists in SAMSUNG DMS that originates from execution after redirection and could lead to the execution of restricted functionality...