EUVD-2025-204335

A denial-of-service vulnerability exists in the omec-project UPF pfcpiface component in version upf-epc-pfcpiface:2.1.3-dev. When the UPF receives a PFCP Session Report Response that is missing the mandatory Cause Information Element, the session report handler dereferences a nil pointer instead ...

EUVD-2025-203828

To enhance security, the FileMaker Server 22.0.4 installer now includes an option to disable IIS short filename enumeration by setting NtfsDisable8dot3NameCreation in the Windows registry. This prevents attackers from using the tilde character to discover hidden files and directories. This...

CGA-7836-4M8G-RHMH

Bulletin has no description...

EUVD-2025-203423

A vulnerability was determined in vion707 DMadmin up to 3403cafdb42537a648c30bf8cbc8148ec60437d1. This impacts the function Add of the file Admin/Controller/AddonsController.class.php of the component Backend. Executing manipulation can lead to cross site scripting. The attack can be executed...

EUVD-2025-203424

Academy LMS 6.1 contains a file upload vulnerability that allows authenticated users to upload malicious SVG files with stored cross-site scripting payloads. Attackers can inject malicious scripts through the profile avatar upload feature by modifying file extensions and embedding executable...

EUVD-2025-203169

An out-of-bounds write vulnerability exists in the Grassroots DICOM library GDCM. The issue is triggered during parsing of a malformed DICOM file containing encapsulated PixelData fragments compressed image data stored as multiple fragments. This vulnerability leads to a segmentation fault caused...

MINI-P2RM-F2W8-R839

Bulletin has no description...

MINI-2X36-H5PG-C4FC

Bulletin has no description...

MINI-W89C-7R8F-4Q82

Bulletin has no description...

CGA-QWJ4-W5GW-QCCG

Bulletin has no description...

EUVD-2025-200995

In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.7, and 9.3.2411.116, a user who holds a role that contains the high privilege capability changeauthentication could enumerate internal IP addresses and network por...

EUVD-2025-198315

The fetch function in file thinkphp\library\think\Template.php in ThinkPHP 5.0.24 allows attackers to read arbitrary files via crafted file path in a template value...

EUVD-2025-198316

The read function in file thinkphp\library\think\template\driver\File.php in ThinkPHP 5.0.24 contains a remote code execution vulnerability...

EUVD-2025-198167

Server-Side Request Forgery SSRF vulnerability in Progress MOVEit Transfer.This issue affects MOVEit Transfer: before 2024.1.8, from 2025.0.0 before 2025.0.4...

EUVD-2025-198173

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 are impacted by obtaining an information vulnerability in the database plan cache implementation. A user with access to the database plan cache could see information they do not have authority to view...

EUVD-2025-198175

A stored cross-site scripting XSS vulnerability is found in the text sharing feature of FileCodeBox version 2.2 and earlier. Insufficient input validation allows attackers to inject arbitrary JavaScript code into shared text "codeboxes". The xss payload is automatically executed in the browsers o...

EUVD-2025-198215

Improper Control of Generation of Code 'Code Injection' vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JD...

MINI-R333-W3M3-WW4F

Bulletin has no description...

EUVD-2025-99096

A vulnerability has been identified in Altair Grid Engine All versions V2026.0.0. Affected products do not properly handle error messages and discloses sensitive password hash information when processing user authentication requests. This could allow a local attacker to extract password hashes fo...

EUVD-2025-99083

A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too...