Lucene search
K

54847 matches found

OSV
OSV
added 2025/12/01 12:0 a.m.10 views

ALSA-2025:22394 Moderate: qt6-qtsvg security update

Scalable Vector Graphics SVG is an XML-based language for describing two-dimensional vector graphics. Qt provides classes for rendering and displaying SVG drawings in widgets and on other paint devices. Security Fixes: qtsvg: Uncontrolled recursion in Qt SVG module CVE-2025-10728 For more details...

9.4CVSS6.7AI score0.00203EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/12/01 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-13735

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out-of-bounds Read vulnerability in ASR1903ASR3901 in ASR LapwingLinux on Linux nrfw modules. This vulnerability is associated with program files...

7.4CVSS5.8AI score0.00174EPSS
Exploits0References2
Oracle linux
Oracle linux
added 2025/12/01 12:0 a.m.11 views

kernel security update

5.14.0-611.11.1 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug:...

7.2AI score0.00194EPSS
Exploits0
EUVD
EUVD
added 2025/11/30 3:30 p.m.5 views

EUVD-2025-199932

A vulnerability was found in ZenTao up to 21.7.6-8564. This affects the function makeRequest of the file module/ai/model.php. The manipulation of the argument Base results in server-side request forgery. The attack can be launched remotely. The exploit has been made public and could be used...

6.5CVSS6.3AI score0.00257EPSS
Exploits1References8
CVE
CVE
added 2025/11/30 1:32 p.m.14 views

CVE-2025-13789

ZenTao up to 21.7.6-8564 is affected by a vulnerability in the makeRequest function of module/ai/model.php where improper handling of the Base parameter enables server-side request forgery (SSRF). The issue is exploitable remotely, and public exploits have been reported. Upgrading to version 21.7...

6.5CVSS6.3AI score0.00257EPSS
Exploits1References7Affected Software1
CVE
CVE
added 2025/11/30 3:2 a.m.19 views

CVE-2025-13782

Affects taosir WTCMS (SlideController component). The delete function in application/Admin/Controller/SlideController.class.php accepts an ids parameter and can be abused to perform SQL injection. This is exploitable remotely; public exploit is referenced. Affected versions are prior to 01a5f68a3...

9.8CVSS7.2AI score0.00336EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/30 1:41 a.m.8 views

CVE-2025-13435

A security vulnerability has been detected in Dreampie Resty up to 1.3.1.SNAPSHOT. This affects the function Request of the file /resty-httpclient/src/main/java/cn/dreampie/client/HttpClient.java of the component HttpClient Module. Such manipulation of the argument filename leads to path traversa...

8.1CVSS6.5AI score0.00644EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/11/30 12:0 a.m.3 views

Nature Easy Soft Network Technology ZenTao 代码问题漏洞

Nature Easy Soft Network Technology ZenTao is a set of open source project management software from China's Nature Easy Soft Network Technology Nature Easy Soft Network Technology. The software includes product management, project management, quality management and document management functions. ...

6.5CVSS6.5AI score0.00257EPSS
Exploits1References7
NVD
NVD
added 2025/11/29 4:15 a.m.11 views

CVE-2025-66291

OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the interview attachment retrieval endpoint in the Recruitment module serves files based solely on an authenticated session and user-supplied identifiers, without verifying whether the requester has...

5.3CVSS0.00175EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/29 4:1 a.m.13 views

CVE-2025-64312

Permission control vulnerability in the file management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

7.5CVSS6.9AI score0.00137EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/29 3:8 a.m.8 views

CVE-2025-66291 OrangeHRM is Vulnerable to Improper Authorization Allowing Unauthorized Access to Interview Attachments

OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the interview attachment retrieval endpoint in the Recruitment module serves files based solely on an authenticated session and user-supplied identifiers, without verifying whether the requester has...

5.3CVSS6.2AI score0.00175EPSS
Exploits0References2
CVE
CVE
added 2025/11/29 3:8 a.m.23 views

CVE-2025-66291

OrangeHRM versions 5.0–5.7 expose confidential interview documents through an Authorization vulnerability in the Interview Attachment Retrieval endpoint of the Recruitment module. The endpoint serves files based solely on an authenticated session and user-supplied identifiers without verifying wh...

5.3CVSS6.2AI score0.00175EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/11/29 3:8 a.m.7 views

CVE-2025-66291 OrangeHRM is Vulnerable to Improper Authorization Allowing Unauthorized Access to Interview Attachments

OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the interview attachment retrieval endpoint in the Recruitment module serves files based solely on an authenticated session and user-supplied identifiers, without verifying whether the requester has...

5.3CVSS6.5AI score0.00175EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/11/29 3:4 a.m.11 views

CVE-2025-58315

Permission control vulnerability in the Wi-Fi module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

5.5CVSS6.9AI score0.00078EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/29 3:4 a.m.9 views

CVE-2025-58303

UAF vulnerability in the screen recording framework module. Impact: Successful exploitation of this vulnerability may affect availability...

8.4CVSS6.9AI score0.00067EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/29 3:4 a.m.7 views

CVE-2025-58308

Vulnerability of improper criterion security check in the call module. Impact: Successful exploitation of this vulnerability may cause features to perform abnormally...

7.3CVSS6.8AI score0.00074EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/29 3:4 a.m.10 views

CVE-2025-58312

Permission control vulnerability in the App Lock module. Impact: Successful exploitation of this vulnerability may affect availability...

5.5CVSS6.9AI score0.00069EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/29 3:4 a.m.9 views

CVE-2025-58304

Permission control vulnerability in the file management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

5.5CVSS6.9AI score0.00074EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/29 3:4 a.m.9 views

CVE-2025-58314

Vulnerability of accessing invalid memory in the component driver module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality...

7.1CVSS6.9AI score0.00079EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/29 3:4 a.m.11 views

CVE-2025-58294

Permission control vulnerability in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

6.2CVSS6.9AI score0.0008EPSS
Exploits0References1
Rows per page
Query Builder