CVE-2025-12615 PHPGurukul News Portal settings.py hard-coded key

A security vulnerability has been detected in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /onps/settings.py. Such manipulation of the argument SECRETKEY leads to use of hard-coded cryptographic key . The attack may be performed from remote. The attack...

SQLite <= 3.50 DoS Vulnerability

SQLite is prone to a denial of service DoS vulnerability. Note: This VT has been deprecated as the attached CVE has been rejected as a duplicate of CVE-2025-29088. This older CVE is already covered in the VT SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from ...

PT-2025-44755

Name of the Vulnerable Software and Affected Versions fushengqian fuint affected versions not specified Description A flaw exists in fushengqian fuint related to the Authentication Token Handler component, specifically within the file...

CVE-2025-12605 itsourcecode Online Loan Management System manage_loan.php sql injection

A vulnerability was found in itsourcecode Online Loan Management System 1.0. This vulnerability affects unknown code of the file /manageloan.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used...

CVE-2025-12596

A security vulnerability has been detected in Tenda AC23 16.03.07.52. Affected is the function saveParentControlInfo of the file /goform/saveParentControlInfo. Such manipulation of the argument Time leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-12595

A weakness has been identified in Tenda AC23 16.03.07.52. This impacts the function formSetVirtualSer of the file /goform/SetVirtualServerCfg. This manipulation of the argument list causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the...

PT-2025-44738

Name of the Vulnerable Software and Affected Versions itsourcecode Online Loan Management System version 1.0 Description A flaw exists in itsourcecode Online Loan Management System that allows for SQL injection. This issue affects an unspecified part of the /load fields.php file. The loan id...

Astra Linux – Vulnerability in Chromium

The use of “after free” in Aura in Google Chrome before version 139.0.7258.127 allowed a remote attacker who convinced a user to perform certain UI gestures to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: Medium...

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in Mojo in Google Chrome on Android, Linux, and ChromeOS before version 140.0.7339.127 allowed a remote attacker to bypass site isolation through a crafted HTML page. Chromium security severity: High...

SUSE CVE-2025-6176

Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of...

Liferay Portal and DXP do not check permissions of images in a blog entry

Blogs in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions does not check permission of images in a blog entry, which allows remote attackers ...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty affect IBM InfoSphere Information Server

Summary There are multiple vulnerabilities in IBM® WebSphere Application Server Liberty that is used by IBM InfoSphere Information Server. These are addressed. Vulnerability Details CVEID:CVE-2025-36047 DESCRIPTION: IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable ...

CVE-2025-12547

A vulnerability was identified in LogicalDOC Community Edition up to 9.2.1. This vulnerability affects unknown code of the file /login.jsp of the component Admin Login Page. Such manipulation leads to improper restriction of excessive authentication attempts. The attack can be executed remotely...

CVE-2025-12547

CVE-2025-12547 affects LogicalDOC Community Edition up to 9.2.1, targeting the Admin Login Page via the file /login.jsp . The root cause is an improper restriction of excessive authentication attempts, enabling remote brute‑force style access. The issue is described as high complexity with a publ...

CVE-2025-62266

By default, Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions is vulnerable to DNS rebinding attacks, which allow...

CVE-2025-3355

IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

CVE-2025-62257

Password enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows remote attackers t...

ROS-20251030-03

A vulnerability in the MongoDB database management system is related to misconfiguration of the lsid field. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

CVE-2025-11200 MLflow Weak Password Requirements Authentication Bypass Vulnerability

MLflow Weak Password Requirements Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords...

PT-2025-44366

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.119 Liferay DXP versions 2023.Q3.1 through 2023.Q4.10 and 2024.Q1.1 through 2024.Q1.5 Liferay Portal 7.4 GA through update 92 Older unsupported versions Description A flaw exists that allows remote...