PT-2025-23884 · Aerc · Aerc

Name of the Vulnerable Software and Affected Versions: aerc versions before 93bec0d Description: The issue allows directory traversal in the commands/msgview/open.go file due to direct path concatenation of the name of an attachment part. This is caused by the lack of proper validation of...

CVE-2024-8652

A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific path on the site. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor https://netcat.ru/ https://netcat.ru/ . Versions 6.4.0.24248 and o...

CVE-2023-39963

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 20.0.0 and prior to versions 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, a missing password confirmation allowed an attacker, after successfully steali...

PT-2025-22671 · Unknown · Quantumcloud Kbx Pro Ultimate

Name of the Vulnerable Software and Affected Versions: quantumcloud KBx Pro Ultimate versions n/a through 7.9.8 Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as 'Path Traversal'. This allows for Path Traversal in quantumcloud KBx P...

CVE-2025-46836

net-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Inn versions up to and including 2.10, the Linux network utilities like ifconfig from the net-tools package do not properly validate the structure of /proc files when...

Security Advisory Ivanti Endpoint Manager Mobile (EPMM) May 2025 (CVE-2025-4427 and CVE-2025-4428)

Ivanti has released updates for Endpoint Manager Mobile EPMM which addresses one medium and one high severity vulnerability. When chained together, successful exploitation could lead to unauthenticated remote code execution. We are aware of a very limited number of customers whose solution has be...

PT-2025-20384 · Slims · Slims

Name of the Vulnerable Software and Affected Versions: Slims Senayan Library Management Systems version 9.6.1 Description: The issue is related to SQL Injection in the admin/modules/bibliography/pop author edit.php file. This allows for potential exploitation. No information is provided about the...

PT-2025-20386 · Slims · Slims

Name of the Vulnerable Software and Affected Versions: Slims Senayan Library Management Systems version 9.6.1 Description: The issue is related to SQL Injection in the admin/modules/master file/item status.php file. This allows for potential exploitation. No information is provided about the...

PT-2025-18734 · Ibm · Ibm Concert

Name of the Vulnerable Software and Affected Versions: IBM Concert Software versions 1.0.0 through 1.0.5 Description: The issue allows a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view...

PT-2025-18086 · Unknown · Phpgurukul Nipah Virus Testing Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Nipah Virus Testing Management System version 1.0 Description: A critical issue has been found in the processing of the file /profile.php. The manipulation of the adminname argument leads to SQL injection. The attack may be initiat...

CVE-2025-32968 org.xwiki.platform:xwiki-platform-oldcore allows SQL injection in short form select requests through the script query API

XWiki is a generic wiki platform. In versions starting from 1.6-milestone-1 to before 15.10.16, 16.4.6, and 16.10.1, it is possible for a user with SCRIPT right to escape from the HQL execution context and perform a blind SQL injection to execute arbitrary SQL statements on the database backend...

CVE-2025-22375 Authentication Bypass in CyberAudit-Web

An authentication bypass vulnerability was found in Videx's CyberAudit-Web. Through the exploitation of a logic flaw, an attacker could create a valid session without any credentials. This vulnerability has been patched in versions later than 9.5 and a patch has been made available to all instanc...

GHSA-68WV-G3FW-PQ7Q Shopware Broken ACL on Document retrieval to access other customers documents

Impact It's possible to guess the deepLinkCode of an Document to open documents of other customers Patches Update to Shopware 6.6.10.3 or 6.5.8.17 Workarounds For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend...

PT-2025-15342

Name of the Vulnerable Software and Affected Versions: InputManager version SMR Apr-2025 Release 1 Description: The issue is related to improper access control in InputManager, allowing local attackers to access the scancode of a specific input device. Recommendations: For InputManager version SM...

PT-2025-15233 · Unknown · Phpgurukul Men Salon Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Men Salon Management System version 1.0 Description: A critical issue has been discovered, affecting an unknown part of the file /admin/admin-profile.php. The manipulation of the contactnumber argument leads to SQL injection. It is...

Ivanti Connect Secure CVE-2025-22457 exploited in the wild

On Thursday, April 3, 2025, Ivanti disclosed a critical severity vulnerability affecting Ivanti Connect Secure, Pulse Connect Secure, Policy Secure, and ZTA Gateways. CVE-2025-22457 is a stack-based buffer overflow vulnerability that allows remote, unauthenticated attackers to execute code on the...

PT-2025-14876 · Tenda · Tenda Fh1202

Name of the Vulnerable Software and Affected Versions: Tenda FH1202 version 1.2.0.14408 Description: A critical issue affects the processing of the file /goform/wrlwpsset, leading to improper access controls. The attack may be initiated remotely. Recommendations: For Tenda FH1202 version...

GHSA-5VMP-M5V2-HX47 tough root metadata version is not checked for sequential versioning

Summary When updating the root role, a TUF client must establish a trusted line of continuity to the latest set of keys. While sequentially downloading new versions of the root metadata file, tough will not check that the root object version it received was the next sequential version from the...

CVE-2022-3162 affecting package kube-vip-cloud-provider for versions less than 0.0.2-21

CVE-2022-3162 affecting package kube-vip-cloud-provider for versions less than 0.0.2-21. A patched version of the package is available...

hostapd vulnerable to improper processing of RADIUS packets

Overview hostapd provided by Jouni Malinen fails to process crafted RADIUS packets properly CWE-826. KUSABA Takeshi of Internet Initiative Japan Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When...