CVE-2025-11011 BehaviorTree json_export.cpp fromJson null pointer dereference

A vulnerability was found in BehaviorTree up to 4.7.0. Affected by this issue is the function JsonExporter::fromJson of the file /src/jsonexport.cpp. Performing manipulation of the argument Source results in null pointer dereference. The attack needs to be approached locally. The exploit has been...

PT-2025-39632

Name of the Vulnerable Software and Affected Versions BehaviorTree versions prior to 4.7.0 Description A flaw exists in BehaviorTree due to a null pointer dereference in the JsonExporter::fromJson function located in /src/json export.cpp. Manipulation of the Source argument triggers this issue. T...

Slackware Linux 15.0 / current expat Vulnerability (SSA:2025-268-01)

The version of expat installed on the remote host is prior to 2.7.3. It is, therefore, affected by a vulnerability as referenced in the SSA:2025-268-01 advisory. New expat packages are available for Slackware 15.0 and -current to fix a security issue. Tenable has extracted the preceding descripti...

Linux Distros Unpatched Vulnerability : CVE-2025-9905

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Keras Model.loadmodel method can be exploited to achieve arbitrary code execution, even with safemode=True. One can create a specially crafted .h5/.hdf5 mod...

Linux Distros Unpatched Vulnerability : CVE-2025-39887

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix null-ptr-deref in bitmapparselist A crash was observed with the...

CVE-2025-48867 Horilla Stored Cross-Site Scripting (XSS) Vulnerability in Project and Task Modules

Horilla is a free and open source Human Resource Management System HRMS. A stored cross-site scripting XSS vulnerability in Horilla HRM 1.3.0 allows authenticated admin or privileged users to inject malicious JavaScript payloads into multiple fields in the Project and Task modules. These payloads...

WordPress SureForms plugin < 1.9.1 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin SureForms versions 1.9.1...

CVE-2025-10548 Missing Certificate Validation in CleverControl Installer Allows Remote Code Execution

The CleverControl employee monitoring software v11.5.1041.6 fails to validate TLS server certificates during the installation process. The installer downloads and executes external components using curl.exe --insecure, enabling a man-in-the-middle attacker to deliver malicious files that are...

SUSE CVE-2023-35927

NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until...

WordPress Developer Plugin <= 1.2.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nabil Irawan in WordPress Plugin Developer versions = 1.2.6...

WordPress Ultimate Watermark Plugin <= 1.1 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Nabil Irawan in WordPress Plugin Ultimate Watermark versions = 1.1...

WordPress Mail Subscribe List Plugin <= 2.1.10 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin Mail Subscribe List versions = 2.1.10...

Linux Distros Unpatched Vulnerability : CVE-2023-53393

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/mlx5: Fix mlx5ibgethwstats when used for device Currently, when mlx5ibgethwstats is used for device portnum = 0, there is a special handling in order to us...

Linux Distros Unpatched Vulnerability : CVE-2023-53384

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: mwifiex: avoid possible NULL skb pointer dereference In 'mwifiexhandleuaprxforward', always check the value returned by 'skbcopy' to avoid potential NULL...

SUSE CVE-2025-58767

REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches to fix these...

Dragonfly doesn't have authentication enabled for some Manager’s endpoints

Impact The /api/v1/jobs and /preheats endpoints in Manager web UI are accessible without authentication. Any user with network access to the Manager can create, delete, and modify jobs, and create preheat jobs. An unauthenticated adversary with network access to a Manager web UI uses /api/v1/jobs...

Linux Distros Unpatched Vulnerability : CVE-2022-50300

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - btrfs: fix extent map use-after-free when handling missing device in readonechunk Store the error code before freeing the extentmap. Though it's reference count...

Linux Distros Unpatched Vulnerability : CVE-2022-50247

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: usb: xhci-mtk: fix leakage of shared hcd when fail to set wakeup irq Can not set the...

Linux Distros Unpatched Vulnerability : CVE-2022-50293

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - btrfs: do not BUGON on ENOMEM when dropping extent items for a range If we get -ENOMEM while dropping file extent items in a given range, at btrfsdropextents, d...

Linux Distros Unpatched Vulnerability : CVE-2023-53186

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: skbuff: Fix a race between coalescing and releasing SKBs Commit 1effe8ca4e34 skbuff: fix...