CVE-2025-54584

GitProxy (versions ≤ 1.19.1) is vulnerable to a packfile parsing exploit due to the parsePush.ts PACK signature detection. An attacker can craft a malicious Git packfile that embeds a misleading PACK signature within commit content and manipulates the packet structure, causing the parser to treat...

CVE-2025-54575 ImageSharp Triggers an Infinite Loop in its GIF Decoder When Skipping Malformed Comment Extension Blocks

ImageSharp is a 2D graphics library. In versions below 2.1.11 and 3.0.0 through 3.1.10, a specially crafted GIF file containing a malformed comment extension block with a missing block terminator can cause the ImageSharp GIF decoder to enter an infinite loop while attempting to skip the block. Th...

CVE-2024-48916 Ceph is vulnerable to authentication bypass through RadosGW

Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has "none" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As of time of publication, a kno...

WordPress Product Configurator for WooCommerce Plugin plugin <= 1.4.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Product Configurator for WooCommerce versions = 1.4.4...

CVE-2025-54433

Bugsink suffers from a Path Traversal vulnerability (CVE-2025-54433) where ingestion paths are constructed from unvalidated event_id input. Affected versions include 1.4.2 and earlier, 1.5.0–1.5.4, 1.6.0–1.6.3, and 1.7.0–1.7.3. An attacker with a valid DSN can craft an event_id to cause file writ...

CVE-2025-53944 AutoGPT Platform Exposes Graph Execution Results via Authorization Gap

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents. In v0.6.15 and below, the external API's getgraphexecutionresults endpoint has an authorization bypass vulnerability. While it correctly validates user access to the graphid, it fails ...

CVE-2025-52567

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 0.84 through 10.0.18, usage of RSS feeds or external calendars when planning is subject to SSRF exploit. The previous security patches provided...

CVE-2025-52567 GLPI has overly permissive URL verification

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 0.84 through 10.0.18, usage of RSS feeds or external calendars when planning is subject to SSRF exploit. The previous security patches provided...

CVE-2025-52567 GLPI has overly permissive URL verification

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 0.84 through 10.0.18, usage of RSS feeds or external calendars when planning is subject to SSRF exploit. The previous security patches provided...

Keycloak Privilege Escalation Vulnerability in Admin Console (FGAPv2 Enabled)

A Privilege Escalation vulnerability was identified in the Keycloak identity and access management solution, specifically when FGAPv2 is enabled in version 26.2.x. The flaw lies in the admin permission enforcement logic, where a user with manage-users privileges can self-assign realm-admin rights...

RHSA-2025:12044 Red Hat Security Advisory: firefox security update

Bulletin has no description...

CGA-6GF6-VG3P-J4RQ

Bulletin has no description...

CVE-2025-31278

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption...

CVE-2025-43213

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash...

PT-2025-31384 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions 0.84 through 10.0.18 Description: GLPI is an Asset and IT Management Software package. Versions 0.84 through 10.0.18 are susceptible to a Server-Side Request Forgery SSRF exploit when using RSS feeds or external calendars for...

PT-2025-31440 · Sixlabors · Imagesharp

Name of the Vulnerable Software and Affected Versions: ImageSharp versions prior to 2.1.11 ImageSharp versions 3.0.0 through 3.1.10 Description: ImageSharp is a 2D graphics library susceptible to a denial of service. A specially crafted GIF file containing a malformed comment extension block,...

Apple MacOSX Security Update (HT124149)

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-43237

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.6. An app may be able to cause unexpected system termination...

CVE-2025-43230

CVE-2025-43230 affects Apple platforms (iPadOS, iOS, macOS Sequoia, watchOS, visionOS, tvOS) with an issue that could allow an app to access user-sensitive data. The vulnerability is addressed by fixes in iPadOS 17.7.9, iPadOS 18.6, iOS 18.6, macOS Sequoia 15.6, tvOS 18.6, watchOS 11.6, and visio...

CVE-2025-43227

This issue was addressed through improved state management. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may disclose sensitive user information...