Exploit for CVE-2025-59532

CVE-2025-59532 Docker Environment A Docker-based research env...

CVE-2025-68154

systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the fsSize function in systeminformation is vulnerable to OS command injection on Windows systems. The optional drive parameter is directly concatenated into a PowerShell command without...

Security Bulletin:Vulnerability in libtiff affects IBM Netezza Appliance

Summary The libtiff package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-9900, CVE-2025-8176 Vulnerability Details CVEID:CVE-2025-9900 DESCRIPTION: A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered...

PT-2025-51791

SIPGO is a library for writing SIP services in the GO language. Starting in version 0.3.0 and prior to version 1.0.0-alpha-1, a nil pointer dereference vulnerability is in the SIPGO library's NewResponseFromRequest function that affects all normal SIP operations. The vulnerability allows remote...

UBUNTU-CVE-2025-14607

A vulnerability was detected in OFFIS DCMTK up to 3.6.9. Affected by this issue is the function DcmByteString::makeDicomByteString of the file dcmdata/libsrc/dcbytstr.cc of the component dcmdata. The manipulation results in memory corruption. The attack can be launched remotely. Upgrading to...

Unity Linux 20.1070e Security Update: aide (UTSA-2025-991098)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991098 advisory. AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability in AIDE. An attacker can crash t...

Alibaba Cloud Linux 3 : 0190: cups (ALINUX3-SA-2025:0190)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2025:0190 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-58364: OpenPrinting CUPS is an open source...

CVE-2025-66223

OpenObserve is a cloud-native observability platform. Prior to version 0.16.0, organization invitation tokens do not expire once issued, remain valid even after the invited user is removed from the organization, and allow multiple invitations to the same email with different roles where all issue...

Anthropic Sandbox Runtime Incorrectly Implemented Network Sandboxing

Due to a bug in sandboxing logic, sandbox-runtime did not properly enforce a network sandbox if the sandbox policy did not configure any allowed domains. This could allow sandboxed code to make network requests outside of the sandbox. A patch for this was released in v0.0.16. Thank you to...

CVE-2025-66040

Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting XSS vulnerability in the OAuth callback server that allows for JavaScript injection through the unsanitized error parameter. Attackers can execute arbitrary JavaScript in the user's brows...

CVE-2025-66028 OneUptime is Vulnerable to Privilege Escalation via Login Response Manipulation

OneUptime is a solution for monitoring and managing online services. Prior to version 8.0.5567, OneUptime is vulnerable to privilege escalation via Login Response Manipulation. During the login process, the server response included a parameter called isMasterAdmin. By intercepting and modifying...

CVE-2025-65965

Grype is a vulnerability scanner for container images and filesystems. A credential disclosure vulnerability was found in Grype, affecting versions 0.68.0 through 0.104.0. If registry credentials are defined and the output of grype is written using the --file or --output json= option, the registr...

AZL-70918 CVE-2025-64505 affecting package openjpeg2 2.3.1-12

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's pngdoquantize function when processing PNG files with malformed palette...

CVE-2025-64761 OpenBao Privileged Operator Identity Group Root Escalation

OpenBao is an open source identity-based secrets management system. Prior to version 2.4.4, a privileged operator could use the identity group subsystem to add a root policy to a group identity group, escalating their or another user's permissions in the system. Specifically this is an issue when...

PT-2025-48091

Name of the Vulnerable Software and Affected Versions WebAssembly Micro Runtime WAMR versions prior to 2.4.4 Description WebAssembly Micro Runtime WAMR is a lightweight standalone WebAssembly Wasm runtime. Versions prior to 2.4.4 are susceptible to a segmentation fault in the v128.store...

CVE-2025-64751 OpenFGA Improper Policy Enforcement

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.4.0 to v1.11.0 openfga-0.1.34 = Helm chart = openfga-0.2.48, v.1.4.0 = docker = v.1.11.0 are vulnerable to improper policy enforcement when certain Check and...

TencentOS Server 4: python-werkzeug (TSSA-2025:0049)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0049 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

CVE-2025-65029 Rallly Has an IDOR Vulnerability in Participant Deletion Endpoint Allows Unauthorized Removal of Poll Participants

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an insecure direct object reference IDOR vulnerability allows any authenticated user to delete arbitrary participants from polls without ownership verification. The endpoint relies solely on a participant ID to...

Attackers Actively Exploiting Critical Vulnerability in Post SMTP Plugin

On October 11th, 2025, we received a submission for an Account Takeover via Email Log Disclosure vulnerability in Post SMTP, a WordPress plugin with more than 400,000 active installations. This vulnerability makes it possible for an unauthenticated attacker to view email logs, including password...

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2025-46836)

net-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Inn versions up to and including 2.10, the Linux network utilities like ifconfig from the net-tools package do not properly validate the structure of /proc files when...