PT-2025-52501

Name of the Vulnerable Software and Affected Versions floooh sokol versions prior to 33e2271c431bf21de001e972f72da17a984da932 Description A security flaw exists in floooh sokol. The issue resides in the sg pipeline common init function within the sokol gfx.h library, leading to a heap-based buffe...

PT-2025-52408

Name of the Vulnerable Software and Affected Versions ABB T-MAC Plus version 4.0-24 Firebox affected versions not specified Description ABB T-MAC Plus is affected by improper neutralization of input during web page generation, which leads to cross-site scripting XSS, a condition where malicious...

Amazon S3 Encryption Client for .NET has a Key Commitment Issue

Summary S3 Encryption Client for .NET S3EC is an open-source client-side encryption library used to facilitate writing and reading encrypted records to S3. When the encrypted data key EDK is stored in an "Instruction File" instead of S3's metadata record, the EDK is exposed to an "Invisible...

EUVD-2025-204019

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.0, a vulnerability exists in FreeRDP’s certificate handling code on Windows platforms. The function freerdpcertificatedatahash uses the Microsoft-specific snprintf function to format certificate cache filenames...

CVE-2025-67493

Homarr is an open-source dashboard. Prior to version 1.45.3, it was possible to craft an input which allowed privilege escalation and getting access to groups of other users due to missing sanitization of inputs in ldap search query. The vulnerability could impact all instances using ldap...

CVE-2025-68115

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 8.6.1 and 9.1.0-alpha.3, a Reflected Cross-Site Scripting XSS vulnerability exists in Parse Server's password reset and email verification HTML pages. The patch, available ...

binutils: GNU Binutils Linker heap-based overflow

A head based buffer overflow flaw has been discovered in GNU bin utilities. The affected element is the function elfswapshdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally...

CVE-2025-64725 Weblate has improper validation upon invitation acceptance

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to accept an invitation opened by a different user. Version 5.15. contains a patch. As a workaround, avoid leaving one's Weblate sessions with an invitation opened unattended...

PT-2025-51315

Name of the Vulnerable Software and Affected Versions Weblate versions prior to 5.15 Description Weblate is a web-based localization tool. Versions prior to 5.15 allowed accepting an invitation opened by a different user. Recommendations Update to version 5.15 or later. As a workaround, avoid...

GCVE-1-2025-0038

creationtimestamp| type| source ---|---|--- 2025-12-13 10:33:29+00:00| patched| https://github.com/MISP/MISP/releases/tag/v2.5.30 2025-12-13 10:39:06+00:00| patched| https://www.misp-project.org/2025/12/13/misp.2.5.29-2.5.30.released.html/...

NeuVector OpenID Connect is vulnerable to man-in-the-middle (MITM)

Impact NeuVector supports login authentication through OpenID Connect. However, the TLS verification which verifies the remote server's authenticity and integrity for OpenID Connect is not enforced by default. As a result this may expose the system to man-in-the-middle MITM attacks. Starting from...

CVE-2025-14116

A vulnerability was detected in xerrors Yuxi-Know up to 0.4.0. This vulnerability affects the function OtherEmbedding.aencode of the file /src/models/embed.py. Performing manipulation of the argument healthurl results in server-side request forgery. The attack can be initiated remotely. The explo...

GHSA-F4CF-9RVR-2RCX Zitadel Discloses the Total Number of Instance Users

Summary Zitadel's User Service discloses the total number of instance users to unauthorized users. Impact The ZITADEL User Service exposes the total number of users within an instance to any authenticated user, regardless of their specific permissions. While this does not leak individual user dat...

ZITADEL Vulnerable to Account Takeover via DOM-Based XSS in Zitadel V2 Login

Summary A potential vulnerability exists in ZITADEL's logout endpoint in login V2. This endpoint accepts serval parameters including a postlogoutredirect. When this parameter is specified, users will be redirected to the site that is provided via this parameter. ZITADEL's login UI did not ensure...

EUVD-2025-201703

In affected versions, vulnerability-lookup did not track or limit failed One-Time Password OTP attempts during Two-Factor Authentication 2FA verification. An attacker who already knew or guessed a valid username and password could submit an arbitrary number of OTP codes without causing the accoun...

CVE-2025-66479

Anthropic Sandbox Runtime (sandbox-runtime) had a flaw where the network sandbox was not properly enforced if no allowed domains were configured, potentially allowing outbound network access from sandboxed processes prior to v0.0.16. A patch is available in v0.0.16; upgrade to 0.0.16 or later for...

CVE-2025-66479 Anthropic Sandbox Runtime Incorrectly Implemented Network Sandboxing

Anthropic Sandbox Runtime is a lightweight sandboxing tool for enforcing filesystem and network restrictions on arbitrary processes at the OS level, without requiring a container. Prior to 0.0.16, due to a bug in sandboxing logic, sandbox-runtime did not properly enforce a network sandbox if the...

PT-2025-49149

Name of the Vulnerable Software and Affected Versions Anthropic Sandbox Runtime versions prior to 0.0.16 Description Anthropic Sandbox Runtime is a sandboxing tool designed to enforce filesystem and network restrictions on processes. Prior to version 0.0.16, a flaw in the sandboxing logic allowed...

PT-2025-48639

Name of the Vulnerable Software and Affected Versions Modem affected versions not specified Description A flaw exists in Modem that could result in a system crash due to inadequate input validation. This could lead to a remote denial of service if a User Equipment UE connects to a malicious base...

AZL-71143 CVE-2025-58436 affecting package cups for versions less than 2.4.16-1

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a client that connects to cupsd but sends slow messages, e.g. only one byte per second, delays cupsd as a whole, such that it becomes unusable by other clients. This issue...