CVE-2025-53623 Job Iteration API is vulnerable to OS Command Injection attack through its CsvEnumerator class

The Job Iteration API is an an extension for ActiveJob that make jobs interruptible and resumable Versions prior to 1.11.0 have an arbitrary code execution vulnerability in the CsvEnumerator class. This vulnerability can be exploited by an attacker to execute arbitrary commands on the system wher...

Instantel Micromate (Update A)

RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to access the device's configuration port and execute commands. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability,...

CVE-2024-51992

Orchid is a @laravel package that allows for rapid application development of back-office applications, admin/user panels, and dashboards. This vulnerability is a method exposure issue CWE-749: Exposed Dangerous Method or Function in the Orchid Platform’s asynchronous modal functionality, affecti...

GHSA-7CX3-6M66-7C5M Tornado vulnerable to excessive logging caused by malformed multipart form data

Summary When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the...

PT-2025-14582 · Sourcecodester · Sourcecodester Apartment Visitor Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Apartment Visitor Management System version 1.0 Description: A critical vulnerability has been found in the SourceCodester Apartment Visitor Management System. The issue affects an unknown function of the file /visitor-entry.ph...

PT-2025-14442 · Cryptolib · Cryptolib

Name of the Vulnerable Software and Affected Versions: CryptoLib versions 1.3.3 and earlier Description: The issue concerns a heap buffer overflow vulnerability in the Crypto TC ApplySecurity function due to an incomplete validation check on the fl frame length field. This allows an attacker to...

PT-2025-14433 · WordPress · Wp Autokeyword

Name of the Vulnerable Software and Affected Versions: WP AutoKeyword versions n/a through 1.0 Description: The issue is related to an SQL Injection vulnerability, which allows attackers to inject malicious SQL commands. This is due to the improper neutralization of special elements used in an SQ...

CVE-2025-27610 Local File Inclusion in Rack::Static

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, Rack::Static can serve files under the specified root: even if urls: are provided, which may expose other files under the specified root: unexpectedly. The vulnerability occurs becaus...

Linux Distros Unpatched Vulnerability : CVE-2022-31008

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker link...

CVE-2025-1686

CVE-2025-1686 affects io.pebbletemplates:pebble across all versions, enabling External Control of File Name or Path via the include tag. The root cause is the include macro resolving the provided relativePath against the template name, which for literal templates can resolve to the filesystem roo...

CVE-2024-56328

Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users' browsers by posting a maliciously crafted onebox url. This issue only affects sites with CSP disabled. This problem has been patched in the latest version of Discourse. Users are...

MAL-2024-10978 Malicious code in icf-react-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8361b152fc7c673dc95e4055a36459ced57bfc88a733b5e9543c2dc07914156a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Siemens SCALANCE M-800 Family Improper Neutralization of Special Elements in Output Used By a Downstream Component (CVE-2024-50572)

Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

CVE-2024-47083

Power Platform Terraform Provider allows managing environments and other resources within Power Platform. Versions prior to 3.0.0 have an issue in the Power Platform Terraform Provider where sensitive information, specifically the clientsecret used in the service principal authentication, may be...

PT-2024-37609 · Seacms · Seacms

Name of the Vulnerable Software and Affected Versions: SeaCMS version 12.9 Description: A critical issue has been found in SeaCMS, affecting an unknown functionality of the file /js/player/dmplayer/dmku/?ac=edit. The manipulation of the cid argument with a specific input leads to SQL injection...

PT-2024-21382 · Unknown · Fluent-Bit

Name of the Vulnerable Software and Affected Versions: fluent-bit version 2.2.2 Description: The issue is a Use-After-Free vulnerability located in the /fluent-bit/plugins/custom calyptia/calyptia.c file. Recommendations: For fluent-bit version 2.2.2, consider disabling the custom calyptia plugin...

If the controller for _data.projectId is not defined, it can lead to incorrect execution of _swap() and theft of funds by the beneficiary.

Lines of code Vulnerability details Impact If the controller is not defined in the swap function, then it becomes impossible to mint and burn tokens, which leads to incorrect execution of the function. IJBController controller = IJBControllerjbxTerminal.directory.controllerOfdata.projectId; Proof...

PT-2023-8231

Name of the Vulnerable Software and Affected Versions Ivanti Connect Secure versions 9.0 through 22.3 Ivanti Policy Secure versions 9.0 through 22.3 Description A command injection flaw exists in web components of Ivanti Connect Secure and Ivanti Policy Secure. An authenticated administrator can...

PT-2022-28087 · Isos · Isos

Name of the Vulnerable Software and Affected Versions: ISOS firmwares versions 1.81 through 2.00 Description: The issue concerns hardcoded credentials in the embedded StreamX installer within ISOS firmwares. These credentials are not mandatory for integrators to change, posing a security risk...

Russia under Attack from New RURansom Wiper

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here A series of Wiper Malware attacks have been launched in the continuing cyber war between Russia and Ukraine. Researchers have discovered the RURansom wiper malware, which adds to the current collection of harmful malware. The...