EUVD-2025-204568

A vulnerability was found in Open5GS up to 2.7.5. Affected by this vulnerability is the function ogspfcphandlecreatepdr in the library lib/pfcp/handler.c of the component PFCP. The manipulation results in improper initialization. It is possible to launch the attack remotely. This attack is...

CVE-2025-14955 Open5GS PFCP handler.c ogs_pfcp_handle_create_pdr initialization

A vulnerability was found in Open5GS up to 2.7.5. Affected by this vulnerability is the function ogspfcphandlecreatepdr in the library lib/pfcp/handler.c of the component PFCP. The manipulation results in improper initialization. It is possible to launch the attack remotely. This attack is...

CVE-2025-14954

A vulnerability has been found in Open5GS up to 2.7.6. Affected is the function ogspfcppdrfindoradd/ogspfcpfarfindoradd/ogspfcpurrfindoradd/ogspfcpqerfindoradd in the library lib/pfcp/context.c of the component QER/FAR/URR/PDR. The manipulation leads to reachable assertion. It is possible to...

CVE-2025-12969 affecting package fluent-bit for versions less than 3.1.10-3

CVE-2025-12969 affecting package fluent-bit for versions less than 3.1.10-3. A patched version of the package is available...

CVE-2025-68434

Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. Starting in version 3.4.0 and prior to version 3.4.2, a Cross-Site Request Forgery CSRF vulnerability exists in the application's filter configuration. The CSRF protection...

CVE-2025-68274

SIPGO is a library for writing SIP services in the GO language. Starting in version 0.3.0 and prior to version 1.0.0-alpha-1, a nil pointer dereference vulnerability is in the SIPGO library's NewResponseFromRequest function that affects all normal SIP operations. The vulnerability allows remote...

CVE-2025-67876 ChurchCRM has Stored XSS in Group Role Name Leading to Admin Session Hijacking

ChurchCRM is an open-source church management system. A stored cross-site scripting XSS vulnerability exists in ChurchCRM versions 6.4.0 and prior that allows a low-privilege user with the “Manage Groups” permission to inject persistent JavaScript into group role names. The payload is saved in th...

Critical vulnerabilities in Fortinet CVE-2025-59718, CVE-2025-59719, CVE-2026-24858 exploited in the wild

Overview Update for CVE-2026-24858: On January 27, 2026, Fortinet disclosedCVE-2026-24858 , a critical unauthenticated vulnerability allowing authentication bypass via Fortinet’s cloud SSO. Confirmed as a net-new vulnerability rather than a patch bypass, it has beenobserved under active zero-day...

Linux Distros Unpatched Vulnerability : CVE-2025-68314

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/msm: make sure lastfence is always updated Update lastfence in the vm-bind path instead of kernel managed path. lastfence is used to wait for work to finish...

CVE-2025-10158 affecting package rsync for versions less than 3.4.1-2

CVE-2025-10158 affecting package rsync for versions less than 3.4.1-2. A patched version of the package is available...

CVE-2025-8277 affecting package libssh for versions less than 0.10.6-5

CVE-2025-8277 affecting package libssh for versions less than 0.10.6-5. A patched version of the package is available...

Security Bulletin: Vulnerability in netty-handler affects IBM Netezza Appliance

Summary The netty-handler package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-24970 Vulnerability Details CVEID:CVE-2025-24970 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in...

CVE-2025-66449

ConvertXis a self-hosted online file converter. In versions prior to 0.16.0, the endpoint /upload allows an authenticated user to write arbitrary files on the system, overwriting binaries and allowing code execution. The upload function takes file.name directly from user supplied data without doi...

Linux Distros Unpatched Vulnerability : CVE-2025-68178

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - blk-cgroup: fix possible deadlock while configuring policy Following deadlock can be triggered easily by lockdep: WARNING: possible circular locking dependency...

GHSA-M6HQ-F4W9-QRJJ Weblate has improper validation upon invitation acceptance

Impact It was possible to accept an invitation opened by a different Weblate user. Patches https://github.com/WeblateOrg/weblate/pull/16913 Workarounds Users should avoid leaving Weblate sessions with an unattended opened invitation. References Thanks to Nahid0x for responsibly disclosing this...

CVE-2025-8114 affecting package libssh for versions less than 0.10.6-5

CVE-2025-8114 affecting package libssh for versions less than 0.10.6-5. A patched version of the package is available...

CVE-2025-7424 affecting package libxslt for versions less than 1.1.43-3

CVE-2025-7424 affecting package libxslt for versions less than 1.1.43-3. A patched version of the package is available...

CVE-2025-13193 affecting package libvirt for versions less than 10.0.0-6

CVE-2025-13193 affecting package libvirt for versions less than 10.0.0-6. A patched version of the package is available...

CVE-2025-12464 affecting package qemu for versions less than 8.2.0-25

CVE-2025-12464 affecting package qemu for versions less than 8.2.0-25. A patched version of the package is available...

CVE-2025-22103 affecting package kernel for versions less than 6.6.117.1-1

CVE-2025-22103 affecting package kernel for versions less than 6.6.117.1-1. A patched version of the package is available...