CVE-2013-10071 Nagios XI < 2012R1.6 Reflected XSS via Dashlet AJAX Load Functionality

Nagios XI versions prior to 2012R1.6 contain a reflected cross-site scripting XSS vulnerability in the dashboard dashlet AJAX load functionality. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's...

CVE-2013-10071 Nagios XI < 2012R1.6 Reflected XSS via Dashlet AJAX Load Functionality

Nagios XI versions prior to 2012R1.6 contain a reflected cross-site scripting XSS vulnerability in the dashboard dashlet AJAX load functionality. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's...

GO-2025-4047 Mattermost Server: initial_load API exposes unnecessary information in github.com/mattermost/mattermost-server

Mattermost Server: initialload API exposes unnecessary information in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports fr...

CVE-2025-54470

Summary: CVE-2025-54470 affects NeuVector telemetry sender when the “Report anonymous cluster data” option is enabled. The root cause is failure to verify the telemetry server’s TLS certificate and hostname, enabling MITM attacks, and unbounded in-memory loading of the server response, enabling p...

[SECURITY] Fedora 41 Update: bind-dyndb-ldap-11.10-35.fc41

This package provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP server...

squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling

A Information Disclosure vulnerability has been identified in the Squid web caching proxy. This flaw occurs when the application fails to properly redact sensitive Hypertext Transfer Protocol HTTP authentication credentials from an error response. A remote client can exploit this by triggering an...

PT-2025-44566

Name of the Vulnerable Software and Affected Versions oobabooga text-generation-webui versions prior to 2.5 Description The software is susceptible to a remote code execution issue stemming from insufficient validation of user-supplied input. Specifically, the trust remote code parameter within t...

PT-2025-44533

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2012R1.6 Description The software contains a reflected cross-site scripting XSS issue in the dashboard dashlet AJAX load functionality. Insufficient validation or escaping of user-supplied input could allow an...

oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of oobabooga text-generation-webui. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the trustremotecode parameter provided to the load...

CVE-2025-61724 Excessive CPU consumption in Reader.ReadResponse in net/textproto

The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption...

EUVD-2025-36642

DLL hijacking vulnerability in Evope Collector 1.1.6.9.0 and related components load the wtsapi32.dll library from an uncontrolled search path C:\ProgramData\Evope. This allows local unprivileged attackers to execute arbitrary code or escalate privileges to SYSTEM by placing a crafted DLL in that...

CVE-2025-12058 Vulnerability in Keras Model.load_model Leading to Arbitrary Local File Loading and SSRF

The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery SSRF. This vulnerability stems from the way the StringLookup layer is handled during model loading from a...

CVE-2025-12058

The CVE describes a vulnerability in Keras Model.load_model where the StringLookup layer can load a local file or fetch remote content during model loading, enabling arbitrary local file reads and SSRF even when safe_mode=True. IBM bulletins link affected packages (keras-3.11.3 wheel; keras-2.14....

CVE-2025-12058

The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery SSRF. This vulnerability stems from the way the StringLookup layer is handled during model loading from a...

Security Bulletin: CVE-2025-36024 vulnerability have been identified with the DS8900F and DS8A00 Hardware Management Console (HMC)

Summary DS8900F and DS8A00 updates have been released to remediate user enumeration errors. Review the Vulnerability Details section below for additional information. Vulnerability Details CVEID:CVE-2025-36024 DESCRIPTION: IBM System Storage DS8000 could allow a remote attacker to obtain sensitiv...

PT-2025-44303

Name of the Vulnerable Software and Affected Versions Evope Collector version 1.1.6.9.0 Description A DLL hijacking issue exists in Evope Collector. The software loads the wtsapi32.dll library from an uncontrolled search path, specifically C:ProgramDataEvope. This allows a local, unprivileged...

Revenera InstallShield 安全漏洞

Revenera InstallShield Flexera InstallShield is a development package from Revenera Inc. for building Windows installers and MSIX packages. A security vulnerability exists in Revenera InstallShield version 2023 R1, which stems from MPR.dll being loaded from an insecure location, which could lead ...

PT-2025-44308

Name of the Vulnerable Software and Affected Versions Revenera InstallShield versions prior to 2023 R2 Description A privilege escalation issue exists in Revenera InstallShield version 2023 R1 when running a renamed Setup.exe on Windows. If a local administrator executes a renamed Setup.exe, the...

squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling

A Information Disclosure vulnerability has been identified in the Squid web caching proxy. This flaw occurs when the application fails to properly redact sensitive Hypertext Transfer Protocol HTTP authentication credentials from an error response. A remote client can exploit this by triggering an...

CVE-2025-24934

Software which sets SOREUSEPORTLB on a socket and then connects it to a host will not directly observe any problems. However, due to its membership in a load-balancing group, that socket will receive packets originating from any host. This breaks the contract of the connect2 and implied connect v...