CVE-2025-43190

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, visionOS 26, watchOS 26. An app may be able to access sensitive user data...

CVE-2025-43298

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to gain root privileges...

CVE-2025-43298

The CVE-2025-43298 issue is a parsing problem in how macOS handles directory paths. Affected: macOS Sonoma 14.8 and macOS Sequoia 15.7. Impact: an app may gain root privileges due to improved path validation fixes. Remediation: apply the macOS updates (Sonoma 14.8, Sequoia 15.7). Exploitation sta...

CVE-2025-43298

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. An app may be able to gain root privileges...

CVE-2025-43190

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, visionOS 26, watchOS 26. An app may be able to access sensitive user data...

CVE-2025-43190

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. An app may be able to access sensitive user data...

CVE-2025-43190

CVE-2025-43190 describes a parsing issue in how directory paths are handled, addressed by improved path validation. The fixed products and versions listed in public records include watchOS 26, macOS Sonoma 14.8, iOS 26, iPadOS 26, visionOS 26, and macOS Sequoia 15.7. The vulnerability could enabl...

CVE-2025-43314

The CVE-2025-43314 issue is a parsing/validation flaw in handling directory paths that could allow an app to access sensitive user data. Public details confirm fixes are in macOS Sonoma 14.8 and macOS Sequoia 15.7 (with related references listing StorageKit path validation improvements). The root...

CVE-2025-43314

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access sensitive user data...

CVE-2025-43314

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access sensitive user data...

GHSA-99PG-HQVX-R4GF Flowise has an Arbitrary File Read

Summary An arbitrary file read vulnerability in the chatId parameter supplied to both the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints allows unauthenticated users to read unintended files on the local filesystem. In the default Flowise configuration this allows...

CVE-2025-57176

On Ceragon Networks / Siklu Communication EtherHaul and MultiHaul Series microwave antennas before 2026-03-10, the rfpiped service on TCP port 555 allows unauthenticated file uploads to any writable location on the device. File upload packets use weak encryption metadata only with file contents...

PT-2025-37819

Name of the Vulnerable Software and Affected Versions: macOS versions prior to Sequoia 15.7 macOS versions prior to Sonoma 14.8 macOS versions prior to Tahoe 26 Description: A parsing issue in the handling of directory paths exists. This issue could allow an application to access sensitive user...

PT-2025-37807

Name of the Vulnerable Software and Affected Versions: macOS versions prior to Sequoia 15.7 macOS versions prior to Sonoma 14.8 macOS versions prior to Tahoe 26 Description: A parsing issue in the handling of directory paths exists. Improved path validation addresses this issue. An application ma...

CVE-2025-57176

On Ceragon Networks / Siklu Communication EtherHaul and MultiHaul Series microwave antennas before 2026-03-10, the rfpiped service on TCP port 555 allows unauthenticated file uploads to any writable location on the device. File upload packets use weak encryption metadata only with file contents...

PT-2025-37787

Name of the Vulnerable Software and Affected Versions: macOS versions prior to Sonoma 14.8 macOS versions prior to Sequoia 15.7 visionOS versions prior to 26 watchOS versions prior to 26 macOS versions prior to Tahoe 26 iOS versions prior to 26 iPadOS versions prior to 26 Description: A parsing...

CVE-2025-8575

The LWS Cleaner plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'lwscldeletefile' function in all versions up to, and including, 2.4.1.3. This makes it possible for authenticated attackers, with Administrator-level access and above, to...

CVE-2025-10176

The The Hack Repair Guy's Plugin Archiver plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the prepareitems function in all versions up to, and including, 2.0.4. This makes it possible for authenticated attackers, with Administrator-level...

CVE-2025-10176 The Hack Repair Guy's Plugin Archiver <= 2.0.4 - Authenticated (Administrator+) Arbitrary File Deletion

The The Hack Repair Guy's Plugin Archiver plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the prepareitems function in all versions up to, and including, 2.0.4. This makes it possible for authenticated attackers, with Administrator-level...

OESA-2025-2259 buildah security update

The package provides a command line tool which can be used to create a working container from scratch or create a working container from an image as a starting point mount/umount a working container's root file system for manipulation save container's root file system layer to create a new image...