PT-2025-43964

Name of the Vulnerable Software and Affected Versions PingFederate affected versions not specified Description A configuration issue in PingFederate’s HTML Form Adapter, specifically when operating in non-default redirectless mode, can lead to unexpected authentication form rendering. This allows...

WordPress Watu Quiz plugin <= 3.4.4 - Unauthenticated Stored Cross-Site Scripting via HTTP Referer vulnerability

Unauthenticated Stored Cross-Site Scripting via HTTP Referer vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin Watu Quiz versions = 3.4.4...

EUVD-2025-35824

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Edge-Themes Edge CPT allows PHP Local File Inclusion.This issue affects Edge CPT: from n/a through 1.4...

EUVD-2025-35671

An error-handling issue in the Moodle router r.php could cause the application to display internal directory listings when specific HTTP headers were not properly configured...

DEBIAN-CVE-2025-12105

A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missin...

CVE-2025-61752

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle WebLogic Server...

EUVD-2025-35445

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in AmentoTech Doctreat doctreat allows Code Injection.This issue affects Doctreat: from n/a through = 1.6.7...

CVE-2025-60332

A NULL pointer dereference in the SetWLanRadioSettings function of D-Link DIR-823G A1 v1.0.2B05 allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

CVE-2025-61756

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications component: System Configuration. Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows unauthenticated...

CVE-2025-62475

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems component: Core. The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful...

CVE-2025-61763

Vulnerability in Oracle Essbase component: Essbase Web Platform. The supported version that is affected is 21.7.3.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Essbase. Successful attacks of this vulnerability can result in...

CVE-2025-61752

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle WebLogic Server...

EUVD-2025-35258

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications component: Platform. Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows low privileged attacker with...

EUVD-2025-35259

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Query. Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTool...

Oracle Health Sciences Applications 安全漏洞

Oracle Health Sciences Applications is a suite of clinical research and development solutions for the healthcare industry from Oracle Corporation USA. A security vulnerability exists in Oracle Health Sciences Data Management Workbench for Oracle Health Sciences Applications, versions 3.4.0.1.3 an...

Oracle Financial Services Applications 安全漏洞

Oracle Financial Services Applications is a suite of financial services software from Oracle Corporation USA. The product includes core banking, online banking, and estate management. A security vulnerability exists in Oracle Financial Services Analytical Applications Infrastructure versions...

CLSA-2025-1760722427 Fix CVE(s): CVE-2023-44487

SECURITY UPDATE: The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly - debian/patches/CVE-2023-44487.patch: HTTP/2 - per-iteration stream handling limit. - CVE-2023-44487...

JLSEC-2025-147 A flaw was found in FFmpeg's DASH playlist support

A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs...

Eclipse ThreadX NetX Duo 安全漏洞

Eclipse ThreadX NetX Duo is an IPv4 and IPv6 dual network stack for Eclipse ThreadX open source. A security vulnerability exists in Eclipse ThreadX NetX Duo versions prior to 6.4.4, which stems from a lack of boundary validation in the Eclipse Foundation ThreadX's network support code in the HTTP...

CVE-2025-11492

In the ConnectWise Automate Agent, communications could be configured to use HTTP instead of HTTPS. In such cases, an on-path threat actor with a man-in-the-middle network position could intercept, modify, or replay agent-server traffic. Additionally, the encryption method used to obfuscate some...