CVE-2025-24900 Concorde CSRF vulnerability due to insecure configuration of authentication cookie attributes

Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Due to a lack of CSRF countermeasures and improper settings of cookies for MediaProxy authentication, there is a vulnerability that allows MediaProxy authentication to be bypassed. In versions prior to...

PT-2025-3941 · Codezips · Codezips Gym Management System

Name of the Vulnerable Software and Affected Versions: Codezips Gym Management System version 1.0 Description: A critical vulnerability has been found in Codezips Gym Management System. This affects an unknown part of the file /dashboard/admin/edit mem submit.php. The manipulation of the argument...

PT-2025-2967 · Opexus · Opexus Foiaxpress Public Access Link

Name of the Vulnerable Software and Affected Versions: OPEXUS FOIAXPRESS PUBLIC ACCESS LINK version 11.1.0 Description: An issue in OPEXUS FOIAXPRESS PUBLIC ACCESS LINK allows attackers to bypass authentication via crafted web requests. Recommendations: For OPEXUS FOIAXPRESS PUBLIC ACCESS LINK...

PT-2025-2941 · Unknown · Graphics Ddk

Name of the Vulnerable Software and Affected Versions: Graphics DDK version = 24.2 RTM2 Description: Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to write data outside the Guest's virtualised GPU memory. Recommendations: For versions = 24....

CVE-2025-0282: Ivanti Connect Secure Zero-Day Exploited in the Wild

On Wednesday, January 8, 2025, Ivanti disclosed two CVEs affecting Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways. CVE-2025-0282 is a stack-based buffer overflow vulnerability that allows remote, unauthenticated attackers to execute code on the target device. CVE-2025-0283 is ...

PT-2025-3082 · Seacms · Seacms

Name of the Vulnerable Software and Affected Versions: SeaCMS version 13.1 Description: The issue is related to incorrect access control, allowing an attacker to exploit a logic flaw and enable any user to recharge members indefinitely. Recommendations: For SeaCMS version 13.1, consider restricti...

Security update for emacs

This update for emacs fixes the following issues: CVE-2024-53920: Fixed arbitrary code execution via Lisp macro expansion bsc1233894 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run th...

PT-2024-36533 · Unknown · Codeastro Complaint Management System

Name of the Vulnerable Software and Affected Versions: CodeAstro Complaint Management System version 1.0 Description: An issue in CodeAstro Complaint Management System allows a remote attacker to escalate privileges via the "mess-view.php" component. Recommendations: For CodeAstro Complaint...

CVE-2024-55877

XWiki Platform is a generic wiki platform. Starting in version 9.7-rc-1 and prior to versions 15.10.11, 16.4.1, and 16.5.0, any user with an account can perform arbitrary remote code execution by adding instances of XWiki.WikiMacroClass to any page. This compromises the confidentiality, integrity...

Security Advisory Ivanti Sentry (CVE-2024-8540)

Security Advisory Ivanti Sentry CVE-2024-8540 Summary Ivanti has released updates for Ivanti Sentry which addresses one high severity vulnerability. We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure. Vulnerability Details: CVE Number | Descriptio...

December 2024 Security Advisory Ivanti Application Control (CVE-2024-11598)

Summary Ivanti has released updates for Ivanti Application Control which address one high severity vulnerability. We are not aware of any customers being exploited by this vulnerability at the time of disclosure. Vulnerability Details: CVE Number| Description| CVSS Score Severity| CVSS Vector| CW...

December 2024 Security Advisory Ivanti Automation (CVE-2024-9845)

Summary Ivanti has released updates for Automation which addresses one high severity vulnerability. Successful exploitation could lead to local privilege escalation. We are not aware of any customers being exploited by this vulnerability at the time of disclosure. Vulnerability Details: CVE Numbe...

December 2024 Security Advisory Ivanti Workspace Control (IWC) (CVE-2024-8496)

Summary Ivanti has released updates for Workspace Control which addresses one high severity vulnerability. Successful exploitation could lead to local privilege escalation. We are not aware of any customers being exploited by this vulnerability at the time of disclosure. Vulnerability Details: CV...

PT-2024-36545 · Oring · Oring Iap-420

Name of the Vulnerable Software and Affected Versions: ORing IAP-420 versions 2.01e and earlier Description: The issue is caused by a lack of input validation in the web interface of ORing IAP-420, allowing Cross-Site Scripting XSS. Recommendations: For versions 2.01e and earlier, update to a...

PT-2024-20701 · Ibm · Ibm Cognos Controller

Name of the Vulnerable Software and Affected Versions: IBM Cognos Controller versions 11.0.0 through 11.0.1 Description: The issue concerns a malicious file upload vulnerability due to the lack of validation of the type of file uploaded to Journal entry attachments. Attackers can exploit this...

PT-2024-35763 · Seecms · Seecms

Name of the Vulnerable Software and Affected Versions: Seecms version 4.8 Description: A SQL injection issue was discovered in the SEMCMS SeoAndTag.php page. This issue allows for potential SQL injection attacks. Recommendations: For Seecms version 4.8, consider restricting access to the SEMCMS...

PT-2024-17271 · Unknown · Phpgurukul User Registration & Login/User Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul User Registration & Login and User Management System version 1.0 Description: A critical issue affects some unknown functionality of the file /admin/index.php. The manipulation of the username argument leads to SQL injection. The...

OESA-2024-2383 rubygem-actionmailer security update

Email on Rails. Compose, deliver, and test emails using the familiar controller/view pattern. First-class support for multipart email and attachments. Security Fixes: Action Mailer is a framework for designing email service layers. Starting in version 3.0.0 and prior to versions 6.1.7.9, 7.0.8.5,...

Fedora 37 : libmodsecurity (2022-90453044f3)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-90453044f3 advisory. Update to maintenance release 3.0.8 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has no...

PT-2024-31980 · Hathway · Hathway Skyworth Router Cm5100-511

Name of the Vulnerable Software and Affected Versions: Hathway Skyworth Router CM5100-511 version 4.1.1.24 Description: The issue concerns the storage of sensitive information about connected devices in plaintext. This affects devices connected via USB and Wifi. Recommendations: For version...