ABB M2M Gateway

SUMMARY ABB is aware of public reports of a vulnerabilities in product versions listed as affected in this advisory. An attacker who successfully exploited these vulnerabilities could cause the product to stop, make the product inacces-sible, take remote control of the product or insert and run...

PT-2025-14582 · Sourcecodester · Sourcecodester Apartment Visitor Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Apartment Visitor Management System version 1.0 Description: A critical vulnerability has been found in the SourceCodester Apartment Visitor Management System. The issue affects an unknown function of the file /visitor-entry.ph...

WordPress Rich Text Editor Plugin <= 1.0.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by thiennv in WordPress Plugin Rich Text Editor versions = 1.0.1...

PT-2025-14433 · WordPress · Wp Autokeyword

Name of the Vulnerable Software and Affected Versions: WP AutoKeyword versions n/a through 1.0 Description: The issue is related to an SQL Injection vulnerability, which allows attackers to inject malicious SQL commands. This is due to the improper neutralization of special elements used in an SQ...

PT-2025-14442 · Cryptolib · Cryptolib

Name of the Vulnerable Software and Affected Versions: CryptoLib versions 1.3.3 and earlier Description: The issue concerns a heap buffer overflow vulnerability in the Crypto TC ApplySecurity function due to an incomplete validation check on the fl frame length field. This allows an attacker to...

PT-2025-16816 · Unknown · Telecontrol Server Basic

Name of the Vulnerable Software and Affected Versions: TeleControl Server Basic versions prior to 3.1.2.2 Description: A SQL injection vulnerability has been identified in the affected application through the internally used UpdateTcmSettings method. This could allow an authenticated remote...

CVE-2025-27610 Local File Inclusion in Rack::Static

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, Rack::Static can serve files under the specified root: even if urls: are provided, which may expose other files under the specified root: unexpectedly. The vulnerability occurs becaus...

Linux Distros Unpatched Vulnerability : CVE-2022-31008

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker link...

CVE-2025-1686

CVE-2025-1686 affects io.pebbletemplates:pebble across all versions, enabling External Control of File Name or Path via the include tag. The root cause is the include macro resolving the provided relativePath against the template name, which for literal templates can resolve to the filesystem roo...

SUSE CVE-2024-45772

Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users ar...

CVE-2024-56328

Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users' browsers by posting a maliciously crafted onebox url. This issue only affects sites with CSP disabled. This problem has been patched in the latest version of Discourse. Users are...

CVE-2024-46984

The reference validator is a tool to perform advanced validation of FHIR resources for TI applications and interoperability standards. The profile location routine in the referencevalidator commons package is vulnerable to XML External Entities attack due to insecure defaults of the used Woodstox...

CVE-2025-24959 Environment Variable Injection for dotenv API in zx

zx is a tool for writing better scripts. An attacker with control over environment variable values can inject unintended environment variables into process.env. This can lead to arbitrary command execution or unexpected behavior in applications that rely on environment variables for...

CVE-2024-56320

GoCD is a continuous deliver server. GoCD versions prior to 24.5.0 are vulnerable to admin privilege escalation due to improper authorization of access to the admin "Configuration XML" UI feature, and its associated API. A malicious insider/existing authenticated GoCD user with an existing GoCD...

CVE-2024-56320 GoCD vulnerable to admin privilege escalation by a malicious internal/existing authenticated user

GoCD is a continuous deliver server. GoCD versions prior to 24.5.0 are vulnerable to admin privilege escalation due to improper authorization of access to the admin "Configuration XML" UI feature, and its associated API. A malicious insider/existing authenticated GoCD user with an existing GoCD...

CVE-2024-53163

In the Linux kernel, the following vulnerability has been resolved: crypto: qat/qat420xx - fix off by one in uofgetname This is called from uofgetname420xx where "numobjs" is the ARRAYSIZE of fwobjs. The needs to be = to prevent an out of bounds access. Mitigation To mitigate this issue, prevent...

CVE-2024-56145

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has registerargcargv enabled. For these users an unspecified remote code execution vector is present...

Proactively Managing High-Risk Vulnerabilities with TruRisk Mitigate™

In late 2024, organizations faced over 65 million detections from three critical vulnerabilities—CVE-2013-2900, CVE-2024-38122, and CVE-2024-30078—underscoring the urgent need for proactive vulnerability management. Adding to these challenges, the Qualys Threat Research Unit TRU uncovered five...

MAL-2024-10978 Malicious code in icf-react-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8361b152fc7c673dc95e4055a36459ced57bfc88a733b5e9543c2dc07914156a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

WordPress Spam protection, AntiSpam, FireWall by CleanTalk Plugin <= 6.44 is vulnerable to Broken Authentication

Software Spam protection, AntiSpam, FireWall by CleanTalk Type Plugin Vulnerable versions = 6.44 Fixed in 6.45 OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-10781 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 0bd21f35fe5e...