Best Salon Management System 1.0 Cross Site Scripting

Best Salon Management System version 1.0 suffers from a persistent cross site scripting vulnerability...

PT-2025-34935 · D Link · Dcs-825L

Name of the Vulnerable Software and Affected Versions: D-Link DCS-825L firmware versions prior to 1.09.02 Description: The D-Link DCS-825L firmware contains a flaw in the watchdog script mydlink-watch-dog.sh. This script blindly respawns binaries, including dcp and signalc, without verifying thei...

Linux Distros Unpatched Vulnerability : CVE-2021-39866

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A business logic error in the project deletion process in GitLab 13.6 and later allows persistent access via project access tokens. CVE-2021-39866 Note that...

CVE-2025-5352

A critical stored Cross-Site Scripting XSS vulnerability exists in the Analytics component of lunary-ai/lunary versions up to 1.9.23, where the NEXTPUBLICCUSTOMSCRIPT environment variable is directly injected into the DOM using dangerouslySetInnerHTML without any sanitization or validation. This...

Linux Distros Unpatched Vulnerability : CVE-2016-6622

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service DoS attack by forcing persistent connections when phpMyAdm...

D-Link DCS-825L 安全漏洞

The D-Link DCS-825L is a wireless webcam from China AUO D-Link. A security vulnerability exists in the D-Link DCS-825L version 1.08.01 and earlier, which stems from the mydlink-watch-dog.sh script that does not verify binary integrity, which could lead to persistent arbitrary code execution...

CVE-2025-49810 Thread summarization allows persistent access to channel

Mattermost versions 10.5.x = 10.5.8 fail to validate access controls at time of access which allows user to read a thread via AI posts...

CVE-2025-49810 Thread summarization allows persistent access to channel

Mattermost versions 10.5.x = 10.5.8 fail to validate access controls at time of access which allows user to read a thread via AI posts...

Linux Distros Unpatched Vulnerability : CVE-2021-4091

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests,...

Linux Distros Unpatched Vulnerability : CVE-2020-15675

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. This vulnerability...

MAL-2025-29077 Malicious code in persistent-socket (npm)

The package persistent-socket was found to contain malicious code...

Malicious code in persistent-socket (npm)

The package persistent-socket was found to contain malicious code...

CVE-2025-55194 Part-DB Persistent Denial of Service via Uncaught Exception from Misleading File Extension in Avatar Upload

Part-DB is an open source inventory management system for electronic components. Prior to version 1.17.3, any authenticated user can upload a profile picture with a misleading file extension e.g., .jpg.txt, resulting in a persistent 500 Internal Server Error when attempting to view or edit that...

CVE-2025-55194 Part-DB Persistent Denial of Service via Uncaught Exception from Misleading File Extension in Avatar Upload

Part-DB is an open source inventory management system for electronic components. Prior to version 1.17.3, any authenticated user can upload a profile picture with a misleading file extension e.g., .jpg.txt, resulting in a persistent 500 Internal Server Error when attempting to view or edit that...

CVE-2011-10011

WeBid 1.0.2 contains a remote code injection vulnerability in the converter.php script, where unsanitized input in the to parameter of a POST request is written directly into includes/currencies.php. This allows unauthenticated attackers to inject arbitrary PHP code, resulting in persistent remot...

PT-2025-33080 · Webid · Webid

Name of the Vulnerable Software and Affected Versions: WeBid version 1.0.2 Description: WeBid version 1.0.2 contains a remote code injection issue in the convert.php script. Unsanitized input from the to parameter in a POST request is directly written to the includes/currencies.php file. This...

Intel Optane PMem Management Software Advisory - Lenovo Support US

No description provided...

New Ransomware Charon Uses Earth Baxia APT Techniques To Target Enterprises

We uncovered Charon, a new ransomware strainfamily that uses advanced APT-style techniques, including DLL sideloading, process injection, and anti-EDR capabilities, to target organizations with customized ransom demands...

Linux Distros Unpatched Vulnerability : CVE-2025-6425

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between...

Linux Distros Unpatched Vulnerability : CVE-2025-23155

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: stmmac: Fix accessing freed irq affinityhint In stmmacrequestirqmultimsi, a pointer to the stack variable cpumask is passed to irqsetaffinityhint. This val...