Pixel Update Bulletin—August 2025Stay organized with collectionsSave and categorize content based on your preferences.

Published August 5, 20225 The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices Google devices. For Google devices, security patch levels of 2025-08-05 or later address all issues in this bulletin and all issues in the...

WordPress Ocean Social Sharing plugin <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by muhammad yudha in WordPress Plugin Ocean Social Sharing versions = 2.2.1...

CVE-2025-8516

A security vulnerability has been detected in Kingdee Cloud-Starry-Sky Enterprise Edition up to 8.2. This issue affects the function BaseServiceFactory.getFileUploadService.deleteFileAction of the file...

CVE-2025-8516 Kingdee Cloud-Starry-Sky Enterprise Edition IIS-K3CloudMiniApp FileUploadAction.class path traversal

A security vulnerability has been detected in Kingdee Cloud-Starry-Sky Enterprise Edition up to 8.2. This issue affects the function BaseServiceFactory.getFileUploadService.deleteFileAction of the file...

CVE-2025-8516 Kingdee Cloud-Starry-Sky Enterprise Edition IIS-K3CloudMiniApp FileUploadAction.class path traversal

A security vulnerability has been detected in Kingdee Cloud-Starry-Sky Enterprise Edition up to 8.2. This issue affects the function BaseServiceFactory.getFileUploadService.deleteFileAction of the file...

CVE-2025-8516

CVE-2025-8516 affects Kingdee Cloud-Starry-Sky Enterprise Edition up to 8.2. The vulnerability is in BaseServiceFactory.getFileUploadService.deleteFileAction within K3Cloud\BBCMallSite\WEB-INF\lib\Kingdee.K3.O2O.Base.WebApp.jar!kingdee\k3\o2o\base\webapp\action\FileUploadAction.class of the IIS-K...

CVE-2025-49832

A flaw was found in Asterisk. This vulnerability allows a remote attacker to trigger an application-level denial of service or potentially achieve remote code execution due to an unchecked resource consumption vulnerability in the Asterisk core. This condition is triggered by processing a special...

CVE-2025-53011

MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In version 1.39.2, when parsing shader nodes in a MTLX file, the MaterialXCore code accesses a potentially null pointer, which can lead to crashes with maliciously craft...

Grafana Infinity Datasource Plugin SSRF Vulnerability

Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints. If the plugin was configured to allow only certain URLs, an attacker could bypass this...

CVE-2025-20697

CVE-2025-20697 : In Power HAL (MediaTek), an out-of-bounds write caused by a missing bounds check could enable local escalation of privilege if the attacker already has System privileges. Exploitation requires no user interaction. A patch is available: ALPS09915681 (MSV-3795). Multiple feeds corr...

PT-2025-31836 · Unknown · Givanz Vvveb

Name of the Vulnerable Software and Affected Versions: givanz Vvveb version 1.0.5 Description: A critical issue exists in the Save function of the admin/controller/editor/code.php file within the Code Editor component. This manipulation can lead to code injection and may be launched remotely. The...

PT-2025-31821 · Unknown +1 · Iis-K3Cloudminiapp +1

Name of the Vulnerable Software and Affected Versions: Kingdee Cloud-Starry-Sky Enterprise Edition versions prior to 8.2 Description: A path traversal issue exists in the BaseServiceFactory.getFileUploadService.deleteFileAction function within the...

PT-2025-31850 · Dell · Dell Avamar

Name of the Vulnerable Software and Affected Versions: Dell Avamar versions prior to 19.12 with patch 338905 Dell Avamar version 19.10SP1 with patch 338904 is excluded. Description: Dell Avamar contains a Trusting HTTP Permission Methods on the Server-Side issue in Security. A low privileged...

RHEL 8 : kernel-rt (RHSA-2025:12753)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:12753 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism...

Linux Distros Unpatched Vulnerability : CVE-2019-17002

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If upgrade-insecure-requests was specified in the Content Security Policy, and a link was dragged and dropped from that page, the link was not upgraded to https...

Android Automotive OS Update Bulletin—August 2025Stay organized with collectionsSave and categorize content based on your preferences.

The Android Automotive OS AAOS Update Bulletin contains details of security vulnerabilities affecting the Android Automotive OS platform. The full AAOS update comprises the security patch level of 2025-08-05 or later from the August 2025 Android Security Bulletin in addition to all issues in this...

Wear OS Security Bulletin—August 2025Stay organized with collectionsSave and categorize content based on your preferences.

The Wear OS Security Bulletin contains details of security vulnerabilities affecting the Wear OS platform. The full Wear OS update comprises the security patch level of 2025-08-05 or later from the August 2025 Android Security Bulletin in addition to all issues in this bulletin. We encourage all...

CVE-2025-8510 Portabilis i-Educar educar_matricula_lst.php Gerar cross site scripting

A vulnerability classified as problematic has been found in Portabilis i-Educar 2.10. This affects the function Gerar of the file ieducar/intranet/educarmatriculalst.php. The manipulation of the argument refcodaluno leads to cross site scripting. It is possible to initiate the attack remotely. Th...

CVE-2025-52567

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 0.84 through 10.0.18, usage of RSS feeds or external calendars when planning is subject to SSRF exploit. The previous security patches provided...

CVE-2013-10034

An unrestricted file upload vulnerability exists in Kaseya KServer versions prior to 6.3.0.2. The uploadImage.asp endpoint allows unauthenticated users to upload files to arbitrary paths via a crafted filename parameter in a multipart/form-data POST request. Due to the lack of authentication and...