Linux Distros Unpatched Vulnerability : CVE-2021-35621

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.4.33 and prior, 7.5.23 and...

AZL-65996 CVE-2024-48916 affecting package ceph for versions less than 16.2.10-9

Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has "none" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As of time of publication, a kno...

CVE-2025-53923

Emlog is an open source website building system. A cross-site scripting XSS vulnerability in emlog up to and including pro-2.5.17 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. Due to lack of sanitization it is possible to inject HTML/JS code into keywor...

CVE-2025-53924 Emlog vulnerable to stored Cross-site Scripting in links functionality

Emlog is an open source website building system. A cross-site scripting XSS vulnerability in emlog up to and including pro-2.5.17 allows authenticated remote attackers to inject arbitrary web script or HTML via the siteurl parameter. It is possible to inject malicious code into siteurl parameter...

CVE-2025-53924 Emlog vulnerable to stored Cross-site Scripting in links functionality

Emlog is an open source website building system. A cross-site scripting XSS vulnerability in emlog up to and including pro-2.5.17 allows authenticated remote attackers to inject arbitrary web script or HTML via the siteurl parameter. It is possible to inject malicious code into siteurl parameter...

CVE-2025-49836 GHSL-2025-048: GPT-SoVITS Command Injection vulnerability

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in webui.py changelabel function. pathlist takes user input, which is passed to the changelabel function, which concatenates the user input into a command...

PT-2025-27947

Name of the Vulnerable Software and Affected Versions: Jirafeau affected versions not specified Description: The issue concerns a MIME Type Bypass Cross-Site Scripting vulnerability in Jirafeau. Normally, Jirafeau prevents browser preview for text files to prevent potential cross-site scripting...

PT-2025-26623 · Hdf5 +1 · Hdf5 +1

Name of the Vulnerable Software and Affected Versions: HDF5 versions up to 1.14.6 Description: A critical vulnerability has been found in HDF5, affecting the function H5F addr decode len of the file /hdf5/src/H5Fint.c. The manipulation leads to a heap-based buffer overflow. An attack must be...

PT-2025-27393 · Git +1 · Glaze

Name of the Vulnerable Software and Affected Versions: glz affected versions not specified Description: The software contains a stack-buffer-overflow vulnerability. The crash occurs during the glz::from and glz::visit functions when processing data, potentially leading to a read error. The crash...

SUSE CVE-2025-49825

Teleport provides connectivity, authentication, access controls and audit for infrastructure. Community Edition versions before and including 17.5.1 are vulnerable to remote authentication bypass. At time of posting, there is no available open-source patch...

PT-2025-26220

Name of the Vulnerable Software and Affected Versions jq version 1.8.0 Description A heap use after free issue exists within the function f strflocaltime of /src/builtin.c. This is a problem in a command-line JSON processor. Recommendations For version 1.8.0, consider restricting access to the f...

CVE-2025-49149

Dify is an open-source LLM app development platform. In version 1.2.0, there is insufficient filtering of user input by web applications. Attackers can use website vulnerabilities to inject malicious script code into web pages. This may result in a cross-site scripting XSS attack when a user...

CVE-2025-49149 Dify has XSS vulnerability

Dify is an open-source LLM app development platform. In version 1.2.0, there is insufficient filtering of user input by web applications. Attackers can use website vulnerabilities to inject malicious script code into web pages. This may result in a cross-site scripting XSS attack when a user...

CVE-2025-49825

CVE-2025-49825 affects Teleport Community Edition and versions up to and including 17.5.1, enabling a remote authentication bypass. The NVD/NVD-adjacent entries describe a high-severity issue with potential full access to affected infrastructure. The Nuclei and OSV entries corroborate remote auth...

PT-2025-25674 · Ovatheme · Ovatheme Events Manager

Name of the Vulnerable Software and Affected Versions: Ovatheme Events Manager versions 1.7.5 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, enabling the use of malicious files. Recommendations: For Ovatheme Events Manager versions 1.7.5 and...

PT-2025-23758 · Unknown · Phpgurukul Curfew E-Pass Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Curfew e-Pass Management System version 1.0 Description: A critical issue affects some unknown functionality of the file /admin/edit-category-detail.php, where the manipulation of the editid argument leads to SQL injection. This...

SUSE CVE-2025-48946

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. liboqs prior to version 0.13.0 supports the HQC algorithm, an algorithm with a theoretical design flaw which leads to large numbers of malformed ciphertexts sharing the same implici...

PT-2025-23503 · Linksys · Linksys Re6300 +5

Name of the Vulnerable Software and Affected Versions: Linksys RE6500, RE6250, RE6300, RE6350, RE7000, and RE9000 versions 1.0.013.001 through 1.2.07.001 Description: A critical issue has been found, affecting the function RP pingGatewayByBBS of the file /goform/RP pingGatewayByBBS. The...

CVE-2025-48946 liboqs affected by theoretical design flaw in HQC

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. liboqs prior to version 0.13.0 supports the HQC algorithm, an algorithm with a theoretical design flaw which leads to large numbers of malformed ciphertexts sharing the same implici...

Valtimo backend libraries allows objects in the object-api to be accessed and modified by unauthorized users

Impact All objects for which an object-management configuration exists can be listed, viewed, edited, created or deleted by unauthorised users. If object-urls are exposed via other channels, the contents of these objects can be viewed independent of object-management configurations. Attack...