Linux Distros Unpatched Vulnerability : CVE-2020-25698

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. This could lead to them unenrolling...

CVE-2025-57759

Contao is an Open Source CMS. In versions starting from 5.3.0 and prior to 5.3.38 and 5.6.1, under certain conditions, back end users may be able to edit fields of pages and articles without having the necessary permissions. This issue has been patched in versions 5.3.38 and 5.6.1. There are no...

PT-2025-35104

Name of the Vulnerable Software and Affected Versions: Contao versions 5.0.0 through 5.3.37 Contao versions 5.6.0 through 5.6.0 Description: The table access voter in the back end does not verify if a user has permission to access the corresponding module. As a workaround, do not solely rely on t...

CVE-2025-54370

PhpOffice/PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to versions 1.30.0, 2.1.12, 2.4.0, 3.10.0, and 5.0.0, SSRF can occur when a processed HTML document is read and displayed in the browser. The vulnerability lies in the setPath method of the...

CVE-2025-54370 PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML document in the browser

PhpOffice/PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to versions 1.30.0, 2.1.12, 2.4.0, 3.10.0, and 5.0.0, SSRF can occur when a processed HTML document is read and displayed in the browser. The vulnerability lies in the setPath method of the...

Cisco Duo Authentication Proxy Information Disclosure Vulnerability

A vulnerability in the debug logging function of Cisco Duo Authentication Proxy could allow an authenticated, high-privileged, remote attacker to view sensitive information in a system log file. This vulnerability is due to insufficient masking of sensitive information before it is written to...

CVE-2025-55012 Zed AI Agent Remote Code Execution

Zed is a multiplayer code editor. Prior to version 0.197.3, in the Zed Agent Panel allowed for an AI agent to achieve Remote Code Execution RCE by bypassing user permission checks. An AI Agent could have exploited a permissions bypass vulnerability to create or modify a project-specific...

CVE-2025-54417

Craft is a platform for creating digital experiences. Versions 4.13.8 through 4.16.2 and 5.5.8 through 5.8.3 contain a vulnerability that can bypass CVE-2025-23209: "Craft CMS has a potential RCE with a compromised security key". To exploit this vulnerability, the project must meet these...

CVE-2025-20215

A vulnerability in the meeting-join functionality of Cisco Webex Meetings could have allowed an unauthenticated, network-proximate attacker to complete a meeting-join process in place of an intended targeted user, provided the requisite conditions were satisfied. Cisco has addressed this...

WordPress oik plugin <= 4.15.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin oik versions = 4.15.2...

WordPress Element Pack Addons for Elementor plugin <= 8.0.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via data-caption Attribute vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via data-caption Attribute vulnerability discovered by Webbernaut in WordPress Plugin Element Pack Elementor Addons versions 8.0.0...

CVE-2025-52904

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In version 2.32.0 of the web application, all users have a scope assigned, and they only have access to the files within that scope. The Command...

WordPress Everest Forms (Pro) plugin <= 1.9.4 - Unauthenticated Path Traversal to Arbitrary File Deletion vulnerability

Unauthenticated Path Traversal to Arbitrary File Deletion vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Everest Forms Pro versions = 1.9.4...

CVE-2025-52558

Changedetection.io prior to version 0.50.4 is affected by a cross-site scripting (XSS) vulnerability caused by errors in filters during page-change detection watches. The issue can allow an attacker to inject malicious scripts into a user’s browser. The vulnerability has been patched in version 0...

Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware

Apple has disclosed that a now-patched security flaw present in its Messages app was actively exploited in the wild to target civil society members in sophisticated cyber attacks. The vulnerability, tracked as CVE-2025-43200, was addressed on February 10, 2025, as part of iOS 18.3.1, iPadOS 18.3....

Exploit for Heap-based Buffer Overflow in Microsoft

CVE-2025-21333 Windows Hyper-V NT Kernel Integration VSP Eleva...

GHSA-J226-63J7-QRQH Laravel Translation Manager Vulnerable to Stored Cross-site Scripting

Impact The application is vulnerable to Cross-Site Scripting XSS attacks due to incorrect input validation and sanitization of user-input data. An attacker can inject arbitrary HTML code, including JavaScript scripts, into the page processed by the user's browser, allowing them to steal sensitive...

About Cross Site Scripting – Zimbra Collaboration (CVE-2024-27443) vulnerability

About Cross Site Scripting - Zimbra Collaboration CVE-2024-27443 vulnerability. Zimbra Collaboration is a collaboration software suite that includes a mail server and a web client. An attacker can send an email containing a specially crafted calendar header with an embedded payload. If the user...

CVE-2025-48383 Django-Select2 Vulnerable to Widget Instance Secret Cache Key Leaking

Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can leak secret access tokens across requests. This can allow users to access restricted query sets and restricted data...

CVE-2024-45537

Apache Druid allows users with certain permissions to read data from other database systems using JDBC. This functionality allows trusted users to set up Druid lookups or run ingestion tasks. Druid also allows administrators to configure a list of allowed properties that users are able to provide...