GHSA-8J63-96WH-WH3J 1Panel agent certificate verification bypass leading to arbitrary command execution

Project Address: Project Address 1Panel Official website: https://www.1panel.cn/ Time: 2025 07 26 Version: 1panel V2.0.5 Vulnerability Summary - First, we introduce the concepts of 1panel v2 Core and Agent. After the new version is released, 1panel adds the node management function, which allows...

PT-2025-25738 · Unknown · Miliaris Amigdala

Name of the Vulnerable Software and Affected Versions: Miliaris Amigdala version 2.2.6 Description: A cross-site scripting XSS issue in the data resource management function allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload. Recommendations: For...

CVE-2025-44091

yangyouwang crud v1.0.0 is vulnerable to Cross Site Scripting XSS via the role management function...

CVE-2025-44091

The CVE-2025-44091 entry documents a Cross Site Scripting (XSS) vulnerability in yangyouwang crud v1.0.0, exploitable via the role management function. Affected software/component: yangyouwang crud (v1.0.0). Root cause details are not fully disclosed in the provided materials, but multiple source...

CVE-2024-25009

Ericsson Packet Core Controller PCC contains a vulnerability in Access and Mobility Management Function AMF where improper input validation can lead to denial of service which may result in service degradation...

CVE-2024-44572

RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the sysmgmt function...

CVE-2024-51229

Cross Site Scripting vulnerability in LinZhaoguan pb-cms v.2.0 allows a remote attacker to execute arbitrary code via the theme management function...

CVE-2023-44009

File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the Skin Management function...

CVE-2022-27341

JFinalCMS v2.0 was discovered to contain a SQL injection vulnerability via the Article Management function...

CVE-2025-31339

Wisdom Master Pro (versions 5.0–5.2) has an unrestricted upload of a file with a dangerous type in the course management function, allowing remote authenticated users to craft a malicious file. The issue is described across multiple sources (e.g., Red Hat, NVD, CVE listing, PT-Security) with no p...

PT-2025-16927 · Unknown · Wisdom Master Pro

Name of the Vulnerable Software and Affected Versions: Wisdom Master Pro versions 5.0 through 5.2 Description: An unrestricted upload of file with dangerous type vulnerability in the course management function allows remote authenticated users to craft a malicious file. Recommendations: For Wisdo...

CVE-2022-49754

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix a buffer overflow in mgmtmeshadd Smatch Warning: net/bluetooth/mgmtutil.c:375 mgmtmeshadd error: memcpy 'meshtx-param' too small 48 vs 50 Analysis: 'meshtx-param' is array of size 48. This is the destination. u8...

CVE-2024-58013

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix slab-use-after-free Read in mgmtremoveadvmonitorsync This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ASoC: Topology – Fixing references to freed memory After parsing a topology file, most users release the memory used by that file. Therefore, having pointers that directly reference the contents of the topology file is incorrect...

ClassCMS 安全漏洞

ClassCMS is a simple, flexible, secure and easy to expand content management system from China ClassCMS open source. A security vulnerability exists in ClassCMS version 4.8, which stems from a code execution vulnerability that allows an attacker to execute arbitrary code by constructing a payload...

CVE-2024-51229

Cross Site Scripting vulnerability in LinZhaoguan pb-cms v.2.0 allows a remote attacker to execute arbitrary code via the theme management function...

CVE-2024-51229

Cross Site Scripting vulnerability in LinZhaoguan pb-cms v.2.0 allows a remote attacker to execute arbitrary code via the theme management function...

CVE-2024-51179

An issue in Open 5GS v.2.7.1 allows a remote attacker to cause a denial of service via the Network Function Virtualizations NFVs such as the User Plane Function UPF and the Session Management Function SMF, The Packet Data Unit PDU session establishment process...

kernel: scsi: qedf: Make qedf_execute_tmf() non-preemptible

A vulnerability was found in the Linux kernel's qedf driver function qedfexecutetmf, where the function call smpprocessorid is done from preemptible code before acquiring a lock which can result in BUGON when running an RT kernel. This can result in system inconsistencies...

PT-2024-34550 · Open5Gs · Open5Gs

Name of the Vulnerable Software and Affected Versions: Open 5GS version 2.7.1 Description: The issue allows a remote attacker to cause a denial of service via the Network Function Virtualizations NFVs such as the User Plane Function UPF and the Session Management Function SMF, during the Packet...