UBUNTU-CVE-2025-8869

When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python versi...

CVE-2025-8555

A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. Affected is an unknown function of the file /search. The manipulation of the argument keyword leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to...

CVE-2025-7207

A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scopenew of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locall...

PT-2025-25988 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the fixed version Description: A bug in the Linux kernel has been resolved, specifically in the bgmac module. The issue is triggered by wrong bytes compl and can cause a BUG ON when there is an RX interrupt...

CVE-2025-41233

CVE-2025-41233 affects VMware Avi Load Balancer. An authenticated attacker can trigger blind SQL injection in versions 30.1.1, 30.1.2, 30.2.1, and 30.2.2 due to improper input validation, enabling unauthorized DB access. Impact described as moderate (CVSSv3 base score up to 6.8). Remediation requ...

CWA-2025-006: wasmd's improper error handling may lead to IBC channel opening despite error

CWA-2025-006: Improper error handling may lead to IBC channel opening despite error Severity High Considerable + Likely^1 Affected versions: - wasmd 0.60.0 - wasmd = 0.51.0 0.55.1 Patched versions: - wasmd 0.60.1, 0.55.1, 0.54.1, 0.53.3 Description of the bug A contract erroring during IBC channe...

CVE-2025-49140 Pion Interceptor's improper RTP padding handling allows remote crash for SFU users (DoS)

Pion Interceptor is a framework for building RTP/RTCP communication software. Versions v0.1.36 through v0.1.38 contain a bug in a RTP packet factory that can be exploited to trigger a panic with Pion based SFU via crafted RTP packets, This only affect users that use pion/interceptor. Users should...

CVE-2025-5895

Summary of CVE-2025-5895 (Metabase) : Multiple sources describe a vulnerability in Metabase 54.10 affecting the function parseDataUri in frontend/src/metabase/lib/dom.js. The issue is described as inefficient regular-expression complexity (a redos-like condition) that can be triggered remotely. P...

GHSA-PGP9-G5Q8-J3WP FunAudioLLM InspireMusic deserialization vulnerability

A vulnerability was found in FunAudioLLM InspireMusic up to bf32364bcb0d136497ca69f9db622e9216b029dd. It has been classified as critical. Affected is the function loadstatedict of the file inspiremusic/cli/model.py of the component Pickle Data Handler. The manipulation leads to deserialization. A...

CVE-2024-8367

A vulnerability was found in HM Courts & Tribunals Service Probate Back Office up to c1afe0cdb2b2766d9e24872c4e827f8b82a6cd31. It has been classified as problematic. Affected is an unknown function of the file src/main/java/uk/gov/hmcts/probate/service/NotificationService.java of the component...

CVE-2023-28106

Pimcore is an open source data and experience management platform. Prior to version 10.5.19, an attacker can use cross-site scripting to send a malicious script to an unsuspecting user. Users may upgrade to version 10.5.19 to receive a patch or, as a workaround, apply the patch manually...

CVE-2022-4202

A vulnerability, which was classified as problematic, was found in GPAC 2.1-DEV-rev490-g68064e101-master. Affected is the function lsrtranslatecoords of the file laser/lsrdec.c. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The exploit has been disclose...

CVE-2022-4581

A vulnerability was found in 1j01 mind-map and classified as problematic. This issue affects some unknown processing of the file app.coffee. The manipulation of the argument html leads to cross site scripting. The attack may be initiated remotely. The name of the patch is...

CVE-2021-4275

A vulnerability, which was classified as problematic, was found in katlings pyambic-pentameter. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The name of the patch is 974f21aa1b2527ef39c8afe1a5060548217deca8. I...

CVE-2013-10009

A vulnerability was found in DrAzraelTod pyChao and classified as critical. Affected by this issue is the function klauen/lesen of the file modfun/init.py. The manipulation leads to sql injection. The patch is identified as 9d8adbc07c384ba51c2583ce0819c9abb77dc648. It is recommended to apply a...

CVE-2017-20161

A vulnerability classified as problematic has been found in rofl0r MacGeiger. Affected is the function dumpwlanat of the file macgeiger.c of the component ESSID Handler. The manipulation leads to injection. Access to the local network is required for this attack to succeed. The complexity of an...

CVE-2015-10041

UNSUPPORTED WHEN ASSIGNED A vulnerability classified as critical has been found in Dovgalyuk AIBattle. Affected is the function sendComments of the file site/procedures.php. The manipulation of the argument text leads to sql injection. The name of the patch is...

CVE-2015-10043

A vulnerability, which was classified as critical, was found in abreen Apollo. This affects an unknown part. The manipulation of the argument file leads to path traversal. The patch is named 6206406630780bbd074aff34f4683fb764faba71. It is recommended to apply a patch to fix this issue. The...

CVE-2015-10129

A vulnerability was found in planet-freo up to 20150116 and classified as problematic. Affected by this issue is some unknown functionality of the file admin/inc/auth.inc.php. The manipulation of the argument auth leads to incorrect comparison. The attack may be launched remotely. The complexity ...

CVE-2014-125050

A vulnerability was found in ScottTZhang voter-js and classified as critical. Affected by this issue is some unknown functionality of the file main.js. The manipulation leads to sql injection. The patch is identified as 6317c67a56061aeeaeed3cf9ec665fd9983d8044. It is recommended to apply a patch ...