jw-elektronik.de Cross Site Scripting vulnerability OBB-4047624

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

BIT-MEDIAWIKI-2025-32698 LogPager.php: Restriction enforcer functions do not correctly enforce suppression restrictions

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/logging/LogPager.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1...

CVE-2025-3246

CVE-2025-3246 targets GitHub Enterprise Server, specifically version 3.16.1, via an improper neutralization of input that enables cross-site scripting in GitHub Markdown using $$..$$ math blocks. The issue requires access to the target instance and privileged user interaction with the malicious e...

CVE-2025-3509 Pre-Receive Hook Remote Code Execution vulnerability was identified in GitHub Enterprise Server that allowing Privilege Escalation

A Remote Code Execution RCE vulnerability was identified in GitHub Enterprise Server that allowed attackers to execute arbitrary code by exploiting the pre-receive hook functionality, potentially leading to privilege escalation and system compromise. The vulnerability involves using dynamically...

CVE-2025-3509

CVE-2025-3509 affects GitHub Enterprise Server prior to 3.18 and is a Remote Code Execution in the pre-receive hook. The root cause involves using dynamically allocated ports that become temporarily available during specific operational conditions (e.g., hot patch upgrades), creating an exploitab...

[SECURITY] Fedora 41 Update: workrave-1.11.0~rc.1-1.fc41

Workrave is a program that assists in the recovery and prevention of Repetitive Strain Injury RSI. The program frequently alerts you to take micro-pauses, rest breaks and restricts you to your daily limit...

[SECURITY] Fedora 40 Update: workrave-1.11.0~rc.1-1.fc40

Workrave is a program that assists in the recovery and prevention of Repetitive Strain Injury RSI. The program frequently alerts you to take micro-pauses, rest breaks and restricts you to your daily limit...

WakaTime: user api key leaked

The user's API key was found exposed in an older URL while testing the WakaTime tool. The API key successfully authenticated requests to a restricted endpoint, indicating that it was valid and granted access to protected resources...

CVE-2025-31340

A improper control of filename for include/require statement in PHP program vulnerability in the retrieve course Information function of Wisdom Master Pro versions 5.0 through 5.2 allows remote attackers to perform arbitrary system commands by running a malicious file...

PT-2025-16928 · Unknown · Wisdom Master Pro

Name of the Vulnerable Software and Affected Versions: Wisdom Master Pro versions 5.0 through 5.2 Description: A vulnerability in the retrieve course Information function of Wisdom Master Pro allows remote attackers to perform arbitrary system commands by running a malicious file due to improper...

CVE-2025-32787 SoftEtherVPN Affected by NULL dereference in DeleteIPv6DefaultRouterInRA

SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. Versions 5.02.5184 to 5.02.5187 are vulnerable to NULL dereference in DeleteIPv6DefaultRouterInRA called by StorePacket. Before dereferencing, DeleteIPv6DefaultRouterInRA does not account for ParsePacket returning NULL,...

‘Stupid and Dangerous’: CISA Funding Chaos Threatens Essential Cybersecurity Program

The CVE Program is the primary way software vulnerabilities are tracked. Its long-term future remains in limbo even after a last-minute renewal of the US government contract that funds it...

CVE Program Stays Online as CISA Backs Temporary MITRE Extension

MITRE avoids CVE program shutdown with last-minute contract extension. Questions remain about long-term funding and the future of…...

6,000 WordPress Sites Affected by Arbitrary File Move Vulnerability in Drag and Drop Multiple File Upload for WooCommerce WordPress Plugin

📢Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

CVE Program Almost Unfunded

Mitre's CVE's program--which provides common naming and other informational resources about cybersecurity vulnerabilities--was about to be cancelled, as the US Department of Homeland Security failed to renew the contact. It was funded for eleven more months at the last minute. This is a big deal...

CVE-2025-22105

In the Linux kernel, the following vulnerability has been resolved: bonding: check xdp prog when set bond mode Following operations can trigger a warning1: ip netns add ns1 ip netns exec ns1 ip link add bond0 type bond mode balance-rr ip netns exec ns1 ip link set dev bond0 xdp obj afxdpkern.o se...

AZL-62642 CVE-2025-22105 affecting package kernel for versions less than 6.6.119.3-1

In the Linux kernel, the following vulnerability has been resolved: bonding: check xdp prog when set bond mode Following operations can trigger a warning1: ip netns add ns1 ip netns exec ns1 ip link add bond0 type bond mode balance-rr ip netns exec ns1 ip link set dev bond0 xdp obj afxdpkern.o se...

DEBIAN-CVE-2025-22105

In the Linux kernel, the following vulnerability has been resolved: bonding: check xdp prog when set bond mode Following operations can trigger a warning1: ip netns add ns1 ip netns exec ns1 ip link add bond0 type bond mode balance-rr ip netns exec ns1 ip link set dev bond0 xdp obj afxdpkern.o se...

AZL-69593 CVE-2025-22105 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: bonding: check xdp prog when set bond mode Following operations can trigger a warning1: ip netns add ns1 ip netns exec ns1 ip link add bond0 type bond mode balance-rr ip netns exec ns1 ip link set dev bond0 xdp obj afxdpkern.o se...

CVE-2025-22087

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix array bounds error with maygoto maygoto uses an additional 8 bytes on the stack, which causes the interpreters array to go out of bounds when calculating index by stacksize. 1. If a BPF program is rewritten, re-evaluate...