54847 matches found
ALSA-2025:22394 Moderate: qt6-qtsvg security update
Scalable Vector Graphics SVG is an XML-based language for describing two-dimensional vector graphics. Qt provides classes for rendering and displaying SVG drawings in widgets and on other paint devices. Security Fixes: qtsvg: Uncontrolled recursion in Qt SVG module CVE-2025-10728 For more details...
Linux Distros Unpatched Vulnerability : CVE-2025-13735
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out-of-bounds Read vulnerability in ASR1903ASR3901 in ASR LapwingLinux on Linux nrfw modules. This vulnerability is associated with program files...
kernel security update
5.14.0-611.11.1 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug:...
EUVD-2025-199932
A vulnerability was found in ZenTao up to 21.7.6-8564. This affects the function makeRequest of the file module/ai/model.php. The manipulation of the argument Base results in server-side request forgery. The attack can be launched remotely. The exploit has been made public and could be used...
CVE-2025-13789
ZenTao up to 21.7.6-8564 is affected by a vulnerability in the makeRequest function of module/ai/model.php where improper handling of the Base parameter enables server-side request forgery (SSRF). The issue is exploitable remotely, and public exploits have been reported. Upgrading to version 21.7...
CVE-2025-13782
Affects taosir WTCMS (SlideController component). The delete function in application/Admin/Controller/SlideController.class.php accepts an ids parameter and can be abused to perform SQL injection. This is exploitable remotely; public exploit is referenced. Affected versions are prior to 01a5f68a3...
CVE-2025-13435
A security vulnerability has been detected in Dreampie Resty up to 1.3.1.SNAPSHOT. This affects the function Request of the file /resty-httpclient/src/main/java/cn/dreampie/client/HttpClient.java of the component HttpClient Module. Such manipulation of the argument filename leads to path traversa...
Nature Easy Soft Network Technology ZenTao 代码问题漏洞
Nature Easy Soft Network Technology ZenTao is a set of open source project management software from China's Nature Easy Soft Network Technology Nature Easy Soft Network Technology. The software includes product management, project management, quality management and document management functions. ...
CVE-2025-66291
OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the interview attachment retrieval endpoint in the Recruitment module serves files based solely on an authenticated session and user-supplied identifiers, without verifying whether the requester has...
CVE-2025-64312
Permission control vulnerability in the file management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...
CVE-2025-66291 OrangeHRM is Vulnerable to Improper Authorization Allowing Unauthorized Access to Interview Attachments
OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the interview attachment retrieval endpoint in the Recruitment module serves files based solely on an authenticated session and user-supplied identifiers, without verifying whether the requester has...
CVE-2025-66291
OrangeHRM versions 5.0–5.7 expose confidential interview documents through an Authorization vulnerability in the Interview Attachment Retrieval endpoint of the Recruitment module. The endpoint serves files based solely on an authenticated session and user-supplied identifiers without verifying wh...
CVE-2025-66291 OrangeHRM is Vulnerable to Improper Authorization Allowing Unauthorized Access to Interview Attachments
OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the interview attachment retrieval endpoint in the Recruitment module serves files based solely on an authenticated session and user-supplied identifiers, without verifying whether the requester has...
CVE-2025-58315
Permission control vulnerability in the Wi-Fi module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...
CVE-2025-58303
UAF vulnerability in the screen recording framework module. Impact: Successful exploitation of this vulnerability may affect availability...
CVE-2025-58308
Vulnerability of improper criterion security check in the call module. Impact: Successful exploitation of this vulnerability may cause features to perform abnormally...
CVE-2025-58312
Permission control vulnerability in the App Lock module. Impact: Successful exploitation of this vulnerability may affect availability...
CVE-2025-58304
Permission control vulnerability in the file management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...
CVE-2025-58314
Vulnerability of accessing invalid memory in the component driver module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality...
CVE-2025-58294
Permission control vulnerability in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...