CVE-2025-30147 ALTBN128_ADD, ALTBN128_MUL, ALTBN128_PAIRING precompile functions do not check if points are on curve

Besu Native contains scripts and tooling that is used to build and package the native libraries used by the Ethereum client Hyperledger Besu. Besu 24.7.1 through 25.2.2, corresponding to besu-native versions 0.9.0 through 1.2.1, have a potential consensus bug for the precompiles ALTBN128ADD 0x06,...

CVE-2025-20155

Cisco IOS XE Software vulnerability CVE-2025-20155: insecure bootstrap file validation can let an authenticated, local attacker write arbitrary files to the device when SD-WAN/SD-Routing bootstrap is used. Root cause is insufficient input validation of the bootstrap file read during initial deplo...

scanner has a Public API without sufficient bounds checking

Match::get and Match::ptr lack sufficient bounds checks, leading to potential out of bounds reads...

BIT-VAULT-2025-3879 Vault’s Azure Authentication Method bound_location Restriction Could be Bypassed on Login

Vault Community, Vault Enterprise “Vault” Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the boundlocations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18...

CVE-2025-45242

Rhymix v2.1.22 was discovered to contain an arbitrary file deletion vulnerability via the procFileAdminEditImage method in /file/file.admin.controller.php...

CVE-2025-45240

foxcms v1.2.5 was discovered to contain a SQL injection vulnerability via the executeCommand method in DataBackup.php...

uri: userinfo leakage in URI#join, URI#merge and URI#+

A flaw was found in the URI ruby gem package, where userinfo leakage can occur in the uri gem. The methods URIjoin, URImerge, and URI+ retained userinfo, such as user:password, even after the host is replaced. When generating a URL to a malicious host from a URL containing secret userinfo using...

uri: userinfo leakage in URI#join, URI#merge and URI#+

A flaw was found in the URI ruby gem package, where userinfo leakage can occur in the uri gem. The methods URIjoin, URImerge, and URI+ retained userinfo, such as user:password, even after the host is replaced. When generating a URL to a malicious host from a URL containing secret userinfo using...

CVE-2025-45239

An issue in the restores method DataBackup.php of foxcms v2.0.6 allows attackers to execute a directory traversal...

CVE-2025-45238

foxcms v1.2.5 was discovered to contain an arbitrary file deletion vulnerability via the delRestoreSerie method...

U.S. Dept Of Defense: POST XSS - fields[account][firstname] parameter

A cross-site scripting XSS vulnerability was discovered in a parameter named "fieldsaccountfirstname" that was processed via the POST method. The vulnerability allowed the injection of malicious scripts that could be executed when the affected page was loaded. The impact of the vulnerability was...

U.S. Dept Of Defense: POST XSS - data[account][id] parameter

A Cross-Site Scripting XSS vulnerability was discovered in the POST method through the "dataaccountid" parameter. The vulnerability allowed the injection of malicious scripts that could be executed. The affected system was located on a system host. The vulnerability was not assigned a CVE number...

com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson

A flaw was found in gson, which is vulnerable to Deserialization of Untrusted Data via the writeReplace method in internal classes. This issue may lead to availability attacks...

CVE-2025-45240

foxcms v1.2.5 was discovered to contain a SQL injection vulnerability via the executeCommand method in DataBackup.php...

CVE-2025-45239

FoxCMS v2.0.6 contains a vulnerability in the restores method of DataBackup.php that allows a directory traversal attack. The issue stems from improper handling in the restores logic, enabling access to filesystem paths beyond the intended directory. Documented impact is limited to information ex...

CVE-2025-45238

foxcms v1.2.5 was discovered to contain an arbitrary file deletion vulnerability via the delRestoreSerie method...

PT-2025-19730 · Rhymix · Rhymix

Name of the Vulnerable Software and Affected Versions: Rhymix version 2.1.22 Description: The issue is related to an arbitrary file deletion vulnerability. This vulnerability can be exploited via the procFileAdminEditImage method in the /file/file.admin.controller.php file. Recommendations: For...

Towards Dataset Copyright Evasion Attack against Personalized Text-To-Image Diffusion Models

Text-to-image T2I diffusion models have rapidly advanced, enabling high-quality image generation conditioned on textual prompts. However, the growing trend of fine-tuning pre-trained models for personalization raises serious concerns about unauthorized dataset usage. To combat this, dataset...

PT-2025-19753 · Foxcms · Foxcms

Name of the Vulnerable Software and Affected Versions: foxcms version 1.2.5 Description: The issue is related to an arbitrary file deletion vulnerability. This vulnerability can be exploited via the delRestoreSerie method. Recommendations: For foxcms version 1.2.5, consider disabling the...

CVE-2025-45238

foxcms v1.2.5 was discovered to contain an arbitrary file deletion vulnerability via the delRestoreSerie method...