54815 matches found
cpython: python: Extraction filter bypass for linking outside extraction directory
A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall or TarFile.extract with the...
CVE-2025-66921
A Cross-site scripting XSS vulnerability in Create/Update Items Module in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web script or HTML via the "name" parameter...
OPENSUSE-SU-2025:20177-1 Security update for cheat
This update for cheat fixes the following issues: - Security: CVE-2025-47913: Fix client process termination bsc1253593 CVE-2025-58181: Fix potential unbounded memory consumption bsc1253922 CVE-2025-47914: Fix panic due to an out of bounds read bsc1254051 Replace...
CVE-2025-14837
A vulnerability has been found in ZZCMS 2025. Affected by this issue is the function stripfxg of the file /admin/siteconfig.php of the component Backend Website Settings Module. Such manipulation of the argument icp leads to code injection. The attack can be executed remotely. The exploit has bee...
CVE-2025-14837
A vulnerability has been found in ZZCMS 2025. Affected by this issue is the function stripfxg of the file /admin/siteconfig.php of the component Backend Website Settings Module. Such manipulation of the argument icp leads to code injection. The attack can be executed remotely. The exploit has bee...
PT-2025-52213
Name of the Vulnerable Software and Affected Versions 1C-Bitrix versions prior to 25.100.501 Description The software contains a remote code execution issue within the Translate Module. The application does not properly validate the contents of archive files before unpacking them, allowing...
PT-2025-52212
Name of the Vulnerable Software and Affected Versions Bitrix24 versions prior to 25.100.301 Description Remote Code Execution is possible because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. The supplier...
PT-2025-52000
Name of the Vulnerable Software and Affected Versions M-Files Server versions prior to 25.12 Description A flaw exists in M-Files Server that allows users to download files through M-Files Web using Web Companion, even when the Print and Download Prevention module is enabled. This is due to...
CVE-2025-65568
A denial-of-service vulnerability exists in the omec-project UPF pfcpiface component in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association, a PFCP Session Establishment Request that includes a CreateFAR with an empty or truncated IPv4 address field is not properly validated. During...
EulerOS Virtualization 2.13.0 : mod_http2 (EulerOS-SA-2025-2588)
According to the versions of the modhttp2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In certain proxy configurations, a denial of service attack againstApache HTTP Server versions 2.4.26 through to 2.4.63 can be...
PT-2025-52279
Name of the Vulnerable Software and Affected Versions SourceCodester Client Database Management System version 1.0 Description A flaw exists in SourceCodester Client Database Management System 1.0 within the Leads Generation Module. The issue affects the file /user leads.php and allows for...
EulerOS Virtualization 2.13.1 : httpd (EulerOS-SA-2025-2543)
According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of...
RHEL 8 : container-tools:rhel8 (RHSA-2025:23374)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:23374 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang: archive/ta...
π CβBitrix 25.100.500 Translate Module Arbitrary File Upload
CβBitrix version 25.100.500 proof of concept exploit that demonstrates an arbitrary file upload vulnerability in the translate module. ============================================================================================================================================= | Title : CβBitrix...
kernel: wifi: cfg80211: fix use-after-free in cmp_bss()
A use after free vulnerbility exists in the linux kernel wifi module in the cmpbss function,an attacker could create a crafted payload to trigger, leading to damage availability and integrity of the system...
Security update for poppler
This update for poppler fixes the following issues: CVE-2025-11896: Fixed infinite recursion leading to stack overflow due to object loop in PDF CMap bsc1252337 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an infinate loop condition in CPython [CVE-2025-8194]
Summary IBM Watson Speech Services Cartridge is vulnerable to an infinate loop condition in CPython, due to a defect in the CPython "tarfile" module affecting the "TarFile" extraction and entry enumeration APIs CVE-2025-8194 . CPython is used in our service runtimes. This vulnerabilitiy has been...
CVE-2025-65581
An open redirect vulnerability exists in the Account module in Volosoft ABP Framework = 5.1.0 and 10.0.0-rc.2. Improper validation of the returnUrl parameter in the register function allows an attacker to redirect users to arbitrary external domains...
kernel: wifi: cfg80211: fix use-after-free in cmp_bss()
A use after free vulnerbility exists in the linux kernel wifi module in the cmpbss function,an attacker could create a crafted payload to trigger, leading to damage availability and integrity of the system...
kernel: wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit()
A use after free exists in the wifi module of the linux kernel in the function brcmfnetdevstartxmit,thereby leading to damage to system availability and integrity...