PT-2025-34567 · Unknown · Bjskzy Zhiyou Erp

Name of the Vulnerable Software and Affected Versions: Bjskzy Zhiyou ERP versions prior to 11.1 Description: A weakness has been identified in Bjskzy Zhiyou ERP that allows for remote SQL injection. The issue is related to the manipulation of the sql argument within the getFieldValue function of...

Linux Distros Unpatched Vulnerability : CVE-2016-5705

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web scri...

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect via EditInfoItemStrutsAction accessible through c/portal/editinfoitem. An attacker can redirect users to arbitrary external sites by crafting a malicious URL. Remediation Upgrade com.liferay:com.liferay.info.impl to versio...

CVE-2025-55398

An issue was discovered in mouse07410 asn1c thru 0.9.29 2025-03-20 - a fork of vlm asn1c. In UPER Unaligned Packed Encoding Rules, asn1c-generated decoders fail to enforce INTEGER constraints when the bound is positive and exceeds 32 bits in length, potentially allowing incorrect or malicious inp...

A Survey of Post-Quantum Cryptography Support in Cryptographic Libraries

The rapid advancement of quantum computing poses a significant threat to modern cryptographic systems, necessitating the transition to Post-Quantum Cryptography PQC. This study evaluates the support for PQC algorithms within nine widely used open-source cryptographic libraries -- OpenSSL, wolfSSL...

SUSE CVE-2025-38566

In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix handling of server side tls alerts Scott Mayhew discovered a security exploit in NFS over TLS in tlsalertrecv due to its assumption it can read data from the msg iterator's kvec.. kTLS implementation splits TLS non-da...

CVE-2025-52767

Cross-Site Request Forgery CSRF vulnerability in lisensee NetInsight Analytics Implementation Plugin netinsight-analytics-implementation-plugin allows Cross Site Request Forgery.This issue affects NetInsight Analytics Implementation Plugin: from n/a through = 1.0.3...

Malicious code in design-implementation (npm)

The package design-implementation was found to contain malicious code...

MAL-2025-18323 Malicious code in design-implementation (npm)

The package design-implementation was found to contain malicious code...

CVE-2025-52765 WordPress NetInsight Analytics Implementation Plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in lisensee NetInsight Analytics Implementation Plugin netinsight-analytics-implementation-plugin allows Stored XSS.This issue affects NetInsight Analytics Implementation Plugin: from n/a through = 1.0.3...

CVE-2025-52767 WordPress NetInsight Analytics Implementation Plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in lisensee NetInsight Analytics Implementation Plugin netinsight-analytics-implementation-plugin allows Cross Site Request Forgery.This issue affects NetInsight Analytics Implementation Plugin: from n/a through = 1.0.3...

[SECURITY] Fedora 42 Update: perl-Authen-SASL-2.1900-1.fc42

SASL is a generic mechanism for authentication used by several network protocols. Authen::SASL provides an implementation framework that all protocols should be able to share...

PT-2025-33363 · Unknown · Netinsight Analytics Implementation Plugin

Name of the Vulnerable Software and Affected Versions: NetInsight Analytics Implementation Plugin versions through 1.0.3 Description: The NetInsight Analytics Implementation Plugin is susceptible to a Cross-Site Request Forgery CSRF issue. This allows an attacker to potentially perform actions on...

Linux Distros Unpatched Vulnerability : CVE-2025-7396

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In wolfSSL release 5.8.2 blinding support is turned on by default for Curve25519 in applicable builds. The blinding configure option is only for the base C...

CVE-2025-54887

jwe is a Ruby implementation of the RFC 7516 JSON Web Encryption JWE standard. In versions 1.1.0 and below, authentication tags of encrypted JWEs can be brute forced, which may result in loss of confidentiality for those JWEs and provide ways to craft arbitrary JWEs. This puts users at risk becau...

Fedora 42 : chromium (2025-04158e05ef)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-04158e05ef advisory. Updated to 139.0.7258.66 CVE-2025-8576: Use after free in Extensions CVE-2025-8578: Use after free in Cast CVE-2025-8579: Inappropriate implementati...

CVE-2025-54887

jwe is a Ruby implementation of the RFC 7516 JSON Web Encryption JWE standard. In versions 1.1.0 and below, authentication tags of encrypted JWEs can be brute forced, which may result in loss of confidentiality for those JWEs and provide ways to craft arbitrary JWEs. This puts users at risk becau...

Chromium: CVE-2025-8580 Inappropriate implementation in Filesystems

Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

SUSE-SU-2025:02719-1 Security update for libgcrypt

This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts bsc1221107...

DEBIAN-CVE-2025-8580

Inappropriate implementation in Filesystems in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...