CVE-2024-57938

In the Linux kernel, the following vulnerability has been resolved: net/sctp: Prevent autoclose integer overflow in sctpassociationinit While by default maxautoclose equals to INTMAX / HZ, one may set net.sctp.maxautoclose to UINTMAX. There is code in sctpassociationinit that can consequently...

Updated dcmtk packages fix security vulnerabilities

An improper array index validation vulnerability exists in the nowindow functionality of OFFIS. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability, CVE-2024-47796. An improper array index validation vulnerabili...

PT-2025-2206 · Obsproject · Obs Studio

Name of the Vulnerable Software and Affected Versions: obsproject OBS Studio versions up to 30.0.2 Description: A vulnerability has been found in obsproject OBS Studio, affecting an unknown functionality. The manipulation leads to an untrusted search path. The attack needs to be approached locall...

CVE-2024-52870

Teradata Vantage Editor 1.0.1 is mostly intended for SQL database access and docs.teradata.com access, but provides unintended functionality including Chromium Developer Tools that can result in a client user accessing arbitrary remote websites...

Plugin Telemetry

Provide telemetry on plugin runs. No source data...

PT-2025-2938 · Teradata · Teradata Vantage Editor

Name of the Vulnerable Software and Affected Versions: Teradata Vantage Editor version 1.0.1 Description: The issue concerns unintended functionality in the software, including the presence of Chromium Developer Tools, which can allow a client user to access arbitrary remote websites. This can...

CVE-2025-0473 Incomplete Cleanup vulnerability in PMB platform

Vulnerability in the PMB platform that allows an attacker to persist temporary files on the server, affecting versions 4.0.10 and above. This vulnerability exists in the file upload functionality on the ‘/pmb/authorities/import/iimportauthorities’ endpoint. When a file is uploaded via this...

CVE-2025-0473

CVE-2025-0473 describes a vulnerability in PMB platform where the file upload at /pmb/authorities/import/iimport_authorities creates a temporary file that is deleted after a POST to the same endpoint, but an attacker can trap the second POST to prevent deletion, causing persistence of temporary f...

CVE-2025-0456

The airPASS from NetVision Information has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access the specific administrative functionality to retrieve all accounts and passwords...

Unspecified vulnerability in Huawei HarmonyOS and EMUI (CNVD-2025-02245)

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scene distributed operating system based on a microkernel.Huawei EMUI is an emotional operating system developed by Huawei based on Android Android. Huawei HarmonyOS and EMUI have a security vulnerability...

PT-2025-3892 · Netvision Information · Airpass

Name of the Vulnerable Software and Affected Versions: airPASS from NetVision Information affected versions not specified Description: The issue allows unauthenticated remote attackers to access specific administrative functionality, enabling them to retrieve all accounts and passwords. This pose...

PT-2025-4881 · Unknown · Shockingly Big Ie6 Warning

Name of the Vulnerable Software and Affected Versions: Shockingly Big IE6 Warning versions n/a through 1.6.3 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

PT-2025-5002 · Mercadolibre · Mercadolibre Integration

Name of the Vulnerable Software and Affected Versions: MercadoLibre Integration versions 1.1 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF problem that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

PT-2025-5013 · Mailchimp · Import Users To Mailchimp

Name of the Vulnerable Software and Affected Versions: Import Users to MailChimp versions 1.0 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a we...

Unspecified vulnerability in Huawei HarmonyOS (CNVD-2025-02238)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security vulnerability that can be exploited by attackers to cause abnormal functionality...

Unspecified vulnerability in Huawei HarmonyOS and EMUI (CNVD-2025-02246)

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scene distributed operating system based on a microkernel.Huawei EMUI is an emotional operating system developed by Huawei based on Android Android. Huawei HarmonyOS and EMUI have a security vulnerability...

NorthGrid Proself Installed (Linux)

Binary data northgridproselflinuxinstalled.nbin...

CVE-2025-23074 Special:EditProfile exposes the contents of profile fields marked "hidden"/friends or "friends of friends" when the privileged user isn't a friend of the user whose profile they edit(ed)

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Mediawiki - SocialProfile Extension allows Functionality Misuse.This issue affects Mediawiki - SocialProfile Extension: from 1.39.X before 1.39.11, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2...

CVE-2025-23074 Special:EditProfile exposes the contents of profile fields marked "hidden"/friends or "friends of friends" when the privileged user isn't a friend of the user whose profile they edit(ed)

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Mediawiki - SocialProfile Extension allows Functionality Misuse.This issue affects Mediawiki - SocialProfile Extension: from 1.39.X before 1.39.11, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2...

CVE-2025-23074

CVE-2025-23074 affects the Wikimedia MediaWiki SocialProfile Extension, with an information-disclosure flaw in Special:EditProfile. Versions affected: 1.39.X before 1.39.11, 1.41.X before 1.41.3, and 1.42.X before 1.42.2. Root cause: contents marked as hidden or restricted fields can be exposed t...