PT-2025-45474

Name of the Vulnerable Software and Affected Versions SourceCodester User Account Generator version 1.0 Description A Cross-Site Scripting XSS issue exists in SourceCodester User Account Generator version 1.0. This allows remote attackers to execute arbitrary JavaScript code within a user’s brows...

CVE-2025-63714

Cross-Site Scripting XSS vulnerability in SourceCodester User Account Generator 1.0 allows remote attackers to execute arbitrary JavaScript code in the context of the user's browser session via crafted input in the Username Prefix field. The vulnerability exists due to improper sanitization of...

CVE-2025-63714

SourceCodester User Account Generator 1.0 contains a Cross‑Site Scripting (XSS) vulnerability in the Username Prefix field. The root cause is improper sanitization of user input when rendering generated account data to the DOM, allowing persistent injection of malicious HTML elements that execute...

GHSA-QW6Q-3PGR-5CWQ KubeVirt Arbitrary Container File Read

Summary Short summary of the problem. Make the impact and severity as clear as possible. Mounting a user-controlled PVC disk within a VM allows an attacker to read any file present in the virt-launcher pod. This is due to erroneous handling of symlinks defined within a PVC. Details Give all detai...

kernel: pstore/ram: Check start of empty przs during init

An out of bounds array vulnerability exists in the linux kernel, such that a missing check on the start field of a PRZ persistent ram zone during initialization leads to damage to the availability and integrity of the system...

PT-2025-45511

Name of the Vulnerable Software and Affected Versions KubeVirt versions prior to 1.5.3 KubeVirt versions prior to 1.6.1 Description KubeVirt, a virtual machine management add-on for Kubernetes, contains a flaw that permits a virtual machine VM to read arbitrary files from the virt-launcher pod's...

Pi-hole Web Interface < 6.3 Multiple Vulnerabilities

The Pi-hole Web Interface previously AdminLTE is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

About Remote Code Execution – Windows LNK File (CVE-2025-9491) vulnerability

About Remote Code Execution - Windows LNK File CVE-2025-9491 vulnerability. A vulnerability in the Microsoft Windows shortcut .LNK handling mechanism allows malicious command-line arguments to be hidden in the Target field using whitespace characters, making them invisible to standard tools...

CVE-2025-43454

This issue was addressed through improved state management. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. A device may persistently fail to lock...

CVE-2025-34501

Deck Mate 2 is distributed with static, hard-coded credentials for the root shell and web user interface, while multiple management services SSH, HTTP, Telnet, SMB, X11 are enabled by default. If an attacker can reach these interfaces - most often through local or near-local access such as...

CVE-2025-43454

This issue was addressed through improved state management. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. A device may persistently fail to lock...

CVE-2025-43454

This issue was addressed through improved state management. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. A device may persistently fail to lock...

Malicious code in monoblast (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d77da2ba877fe8f60939aa31a965bd4b4f0a4265edff812ebd8817aa008c674 The package monoblast was found to contain malicious code. Source: ghsa-malware 528645f69305646755172e18341eb5b57038d4f5f46faa93b040fc361e85fedf Any...

ASD Warns of Ongoing BADCANDY Attacks Exploiting Cisco IOS XE Vulnerability

The Australian Signals Directorate ASD has issued a bulletin about ongoing cyber attacks targeting unpatched Cisco IOS XE devices in the country with a previously undocumented implant known as BADCANDY. The activity, per the intelligence agency, involves the exploitation of CVE-2023-20198 CVSS...

Astra Linux – Vulnerability in Firefox, Thunderbird

An attacker who enumerated resources from the WebCompat extension could obtain a persistent UUID that identified the browser. This UUID could be used to switch between container-based modes and normal/private browsing mode, but not profiles. This vulnerability has been fixed in Firefox 140, Firef...

EUVD-2025-37224

Nagios Fusion versions prior to R2.1 contain a vulnerability due to the application not requiring re-authentication or session rotation when a user has enabled two-factor authentication 2FA. As a result, an adversary who has obtained a valid session could continue using the active session after t...

GO-2025-4076 Constellation has insecure LUKS2 persistent storage partitions which may be opened and used in github.com/edgelesssys/constellation

Constellation has insecure LUKS2 persistent storage partitions which may be opened and used in github.com/edgelesssys/constellation...

Revive Adserver: Stored-XSS in Banner Name field

Version: ==revive-adserver 6.0.0== Summary: A stored Cross-Site Scripting XSS vulnerability exists in the Banner → Name field. An attacker can create or edit a banner with a malicious payload in the Name field; that payload is stored and later executed in the browser of users who were added to th...

MAL-2025-49017 Malicious code in labelbox-custom-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 620f8e1935cc780dbeb838d123c1a770b38e6db7bca472c4afc955229d09fafe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ing-web-es (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a7cea7c30f8d070d425cd30f9b983aebec3169313c6ae647f53073d7dc60f2c5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...