CVE-2026-40965

Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a vulnerability where EC Elliptic Curve private keys are inadvertently exposed through the public /tokenkeys endpoint. This endpoint is designed to provide public key material for JW...

PT-2026-32715

CVE-2026-0209 Under certain administrative conditions, FlashArray Purity may apply snapshot retention policies earlier or later than configured. https://t.co/EJhrC81EMh...

CVE-2026-22566

CVE-2026-22566 describes an improper access control vulnerability in UniFi Play components. Affected: UniFi Play PowerAmp (<= 1.0.35) and UniFi Play Audio Port (

CVE-2024-14025

An SQL injection vulnerability has been reported to affect Video Station. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the...

DOM-based XSS @remix-run/router Dependency in Crowd Data Center

This High severity DOM-based XSS vulnerability was introduced in version 7.1.0 of Crowd Data Center. This DOM-based XSS vulnerability, with a CVSS Score of 8 and a CVSS Vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N allows an unauthenticated attacker to execute arbitrary HTML or JavaScrip...

Google Chrome Security Update (stable-channel-update-for-desktop_17-2025-11) - Windows

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

Google Chrome Security Update (stable-channel-update-for-desktop-2025-11) - Mac OS X

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

Linux Distros Unpatched Vulnerability : CVE-2025-59728

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When calculating the content path in handling of MPEG-DASH manifests, there's an out-of-bounds NUL-byte write one byte past the end of the buffer.When we call...

PT-2025-32505 · Unknown · Openharmony

Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 5.0.4 Description: The software contains a use-after-free flaw in the trusted computing base tcb component that could allow a local attacker to execute arbitrary code. Recommendations: Update to version 5.0.4 or...

PT-2025-32420

Name of the Vulnerable Software and Affected Versions Fedify versions prior to 1.3.20 Fedify versions 1.4.0-dev.585 through 1.4.12 Fedify versions 1.5.0-dev.636 through 1.5.4 Fedify versions 1.6.0-dev.754 through 1.6.7 Fedify versions 1.7.0-pr.251.885 through 1.7.8 Fedify versions 1.8.0-dev.909...

BIT-PYTHON-MIN-2024-12718 Bypass extraction filter to modify file metadata outside extraction directory

Allows modifying some file metadata e.g. last modified with filter="data" or file permissions chmod with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

Microsoft Office Multiple Remote Code Execution Vulnerabilities (Jun 2025) - Mac OS X

This host is missing an important security update for Microsoft Office on Mac OSX according to Microsoft security update June 2025 SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2025-4330

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

Mozilla Firefox Security Update (mfsa_2025-42) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

CVE-2025-32022

Finit provides fast init for Linux systems. Finit's urandom plugin has a heap buffer overwrite vulnerability at boot which leads to it overwriting other parts of the heap, possibly causing random instabilities and undefined behavior. The urandom plugin is enabled by default, so this bug affects...

CVE-2025-0632

Local File Inclusion LFI vulnerability in a Render function of Formulatrix Rock Maker Web RMW allows a remote attacker to obtain sensitive data via arbitrary code execution. A malicious actor could execute malicious scripts to automatically download configuration files in known locations to...

CVE-2025-32931

DevDojo Voyager 1.4.0 through 1.8.0, when Laravel 8 or later is used, allows authenticated administrators to execute arbitrary OS commands via a specific php artisan command...

LibreOffice Multiple Vulnerabilities (Jan 2025) - Mac OS X

LibreOffice is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:libreoffice:libreoffice";...

CVE-2024-41123

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, and . The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities...

PT-2024-33160 · WordPress · Wordpress Rss Aggregator

Name of the Vulnerable Software and Affected Versions: WordPress RSS Aggregator versions prior to 4.23.9 Description: The issue is related to a Cross-Site Scripting XSS vulnerability. This vulnerability is caused by the lack of sanitization of the notice id GET parameter. Recommendations: For...