CVE-2025-53816

7-Zip is a file archiver with a high compression ratio. Zeroes written outside heap buffer in RAR5 handler may lead to memory corruption and denial of service in versions of 7-Zip prior to 25.0.0. Version 25.0.0 contains a fix for the issue...

PT-2025-29342 · Open5Gs · Open5Gs

Name of the Vulnerable Software and Affected Versions: Open5GS versions up to 2.7.3 Description: A problematic issue exists in Open5GS related to the SCTP Partial Message Handler component. The ngap recv handler/s1ap recv handler/recv handler function is susceptible to a reachable assertion due t...

CVE-2025-52967

gatewayproxyhandler in MLflow before 3.1.0 lacks gatewaypath validation...

CVE-2022-50139

In the Linux kernel, the following vulnerability has been resolved: usb: aspeed-vhub: Fix refcount leak bug in astvhubinitdesc We should call ofnodeput for the reference returned by ofgetchildbyname which has increased the refcount...

PT-2025-23882 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10 versions up to 15.03.06.47 Description: A critical issue was found in the HTTP Handler component, specifically affecting the formSetPPTPServer function of the /goform/SetPptpServerCfg file. The manipulation of the startIp and endIp...

PT-2025-23415 · Jeewms · Jeewms

Name of the Vulnerable Software and Affected Versions: JeeWMS up to 20250504 Description: A critical issue was found in the File Handler component, specifically affecting the filedeal function of the /systemController/filedeal.do file. This leads to improper access controls, allowing remote...

CVE-2025-5164

A vulnerability has been found in PerfreeBlog 4.0.11 and classified as problematic. This vulnerability affects the function JwtUtil of the component JWT Handler. The manipulation leads to use of hard-coded cryptographic key . The attack can be initiated remotely. The complexity of an attack is...

CVE-2025-5164

A vulnerability has been found in PerfreeBlog 4.0.11 and classified as problematic. This vulnerability affects the function JwtUtil of the component JWT Handler. The manipulation leads to use of hard-coded cryptographic key . The attack can be initiated remotely. The complexity of an attack is...

CVE-2024-5766

A vulnerability was found in Likeshop up to 2.5.7 and classified as problematic. This issue affects some unknown processing of the file /admin of the component Merchandise Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-267449 was...

CVE-2024-8334

A vulnerability was found in master-nan Sweet-CMS up to 5f441e022b8876f07cde709c77b5be6d2f262e3f. It has been rated as problematic. This issue affects the function LogHandler of the file middleware/log.go. The manipulation leads to improper output neutralization for logs. The attack may be...

CVE-2024-11661

A vulnerability was found in Codezips Free Exam Hall Seating Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file profile.php of the component Profile Image Handler. The manipulation of the argument image leads to unrestricted upload. The...

CVE-2023-28862

An issue was discovered in LemonLDAP::NG before 2.16.1. Weak session ID generation in the AuthBasic handler and incorrect failure handling during a password check allow attackers to bypass 2FA verification. Any plugin that tries to deny session creation after the store step does not deny an...

CVE-2023-37023

Open5GS MME versions = 2.6.4 contain a reachable assertion in the Uplink NAS Transport packet handler. A packet missing its MMEUES1APID field causes Open5gs to crash; an attacker may repeatedly send such packets to cause denial of service...

PT-2025-21282

Name of the Vulnerable Software and Affected Versions: CPython affected versions not specified Description: The issue arises when using bytes.decode with the "unicode escape" encoding and an error handler set to "ignore" or "replace". Users not utilizing this specific encoding or error handler ar...

CVE-2025-4270

A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi of the component Config Handler. The manipulation of the argument topicurl with the input getInitCfg/getSysStatusCfg leads to informatio...

PT-2025-19346 · Totolink · Totolink A720R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A720R version 4.1.5cu.374 Description: A critical issue affects the Log Handler component of TOTOLINK A720R, specifically the file /cgi-bin/cstecgi.cgi. The manipulation of the topicurl argument with the input...

Stored XSS in Miniflux when opening a broken image due to unescaped ServerError in proxy handler

Impact Since v2.0.25, Miniflux will automatically proxy images served over HTTP to prevent mixed content errors. When an outbound request made by the Go HTTP client fails, the html.ServerError is returned unescaped without the expected Content Security Policy header added to valid responses. By...

CVE-2025-2220

A vulnerability was found in Odyssey CMS up to 10.34. It has been classified as problematic. Affected is an unknown function of the file /modules/odysseycontactform/odysseycontactform.php of the component reCAPTCHA Handler. The manipulation of the argument g-recaptcha-response leads to key...

CVE-2025-2220

A vulnerability was found in Odyssey CMS up to 10.34. It has been classified as problematic. Affected is an unknown function of the file /modules/odysseycontactform/odysseycontactform.php of the component reCAPTCHA Handler. The manipulation of the argument g-recaptcha-response leads to key...

Amazon Linux 2 : thunderbird (ALAS-2025-2789)

The version of thunderbird installed on the remote host is prior to 128.7.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2789 advisory. A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements. This...