PT-2025-27294

Name of the Vulnerable Software and Affected Versions: HDF5 version 1.14.6 Description: A vulnerability was found in HDF5, affecting the function H5O fsinfo encode of the file /src/H5Ofsinfo.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local...

WordPress BeeTeam368 Extensions plugin <= 2.3.4 - Authenticated (Subscriber+) Directory Traversal to Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Directory Traversal to Arbitrary File Deletion vulnerability discovered by Tonn in WordPress Plugin BeeTeam368 Extensions versions = 2.3.4...

CVE-2025-6775

A vulnerability classified as critical has been found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This affects the function createuser of the file /app/api/v1/openvpn.py of the component User Creation Endpoint. The manipulation of the argument Username leads to command injection. It is possible ...

CVE-2025-52480

Registrator is a GitHub app that automates creation of registration pull requests for julia packages to the General registry. Prior to version 1.9.5, if the clone URL returned by GitHub is malicious or can be injected using upstream vulnerabilities, an argument injection is possible in the...

CVE-2025-52479

HTTP.jl provides HTTP client and server functionality for Julia, and URIs.jl parses and works with Uniform Resource Identifiers URIs. URIs.jl prior to version 1.6.0 and HTTP.jl prior to version 1.10.17 allows the construction of URIs containing CR/LF characters. If user input was not otherwise...

CVE-2025-50178

GitForge.jl is a unified interface for interacting with Git "forges." Versions prior to 0.4.3 lack input validation for user provided values in certain functions. In the GitForge.getrepo function for GitHub, the user can provide any string for the owner and repo fields. These inputs are not...

WordPress Image Cleanup plugin <= 1.9.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Thi Huyen Trang - Skalucy in WordPress Plugin Image Cleanup versions = 1.9.2...

CVE-2025-48991

Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a vulnerability present in Tuleap Community Edition prior to version 16.8.99.1748845907 and Tuleap Enterprise Edition prior to versions 16.8-3 and 16.7-5 to trick victims into...

Security Bulletin: IBM Maximo Application Suite - Manage Component uses cookie-0.4.1.tgz which is vulnerable to CVE-2024-47764

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses cookie-0.4.1.tgz which is vulnerable to CVE-2024-47764. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-47764 DESCRIPTION: cookie is a basic HTTP...

PT-2025-27252 · Unknown · Hkuds Lightrag

Name of the Vulnerable Software and Affected Versions: HKUDS LightRAG versions up to 1.3.8 Description: A critical vulnerability was found in the File Upload component of HKUDS LightRAG. The issue affects the upload to input dir function in the file lightrag/api/routers/document routes.py. The...

PT-2025-27251

Name of the Vulnerable Software and Affected Versions: eosphoros-ai db-gpt versions up to 0.7.2 Description: A critical issue has been found, affecting the import flow function of the file /api/v2/serve/awel/flow/import. The manipulation of the File argument leads to path traversal, allowing for...

PT-2025-27230 · D Link · D-Link Dir-823-Pro

Name of the Vulnerable Software and Affected Versions: D-Link DIR-823-Pro version 1.02 Description: The issue is related to improper permission control, which allows unauthorized users to turn on and access Telnet services. Recommendations: For D-Link DIR-823-Pro version 1.02, consider disabling...

PT-2025-27127 · Unknown · Realtyelite

Name of the Vulnerable Software and Affected Versions: RealtyElite versions n/a through 1.0.0 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File Inclusion in...

PT-2025-27243 · Realtek · Realtek Rtl8762E Ble Sdk

Name of the Vulnerable Software and Affected Versions: Realtek RTL8762E BLE SDK version 1.4.0 Description: The issue in the Bluetooth Low Energy BLE stack allows attackers within Bluetooth range to cause a Denial of Service DoS via sending a specific sequence of crafted control packets...

RabbitMQ < 3.13.8 (GHSA-gh3x-4x42-fvq8)

RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in plaintext encoded in base64. When querying RabbitMQ api with HTTP/s with basic authentication it creates logs with all headers in request, including authorization headers which...

Oracle Linux 10 : libvpx (ELSA-2025-9120)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-9120 advisory. 1.14.1-3 - Add patch for double free Resolves: RHEL-93905 Tenable has extracted the preceding description block directly from the Oracle Linux security advisor...

SUSE SLES15 Security Update : helm (SUSE-SU-2025:01596-2)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:01596-2 advisory. help was updated to version 3.17.3: Helm v3.17.3 is a security patch release. Users are strongly recommended to update to this release...

UBUNTU-CVE-2025-52555

Ceph is a distributed object, block, and file storage platform. In versions 17.2.7, 18.2.1 through 18.2.4, and 19.0.0 through 19.2.2, an unprivileged user can escalate to root privileges in a ceph-fuse mounted CephFS by chmod 777 a directory owned by root to gain access. The result of this is tha...

CVE-2025-52555

Ceph is a distributed object, block, and file storage platform. In versions 17.2.7, 18.2.1 through 18.2.4, and 19.0.0 through 19.2.2, an unprivileged user can escalate to root privileges in a ceph-fuse mounted CephFS by chmod 777 a directory owned by root to gain access. The result of this is tha...

CVE-2025-52555 CephFS Permission Escalation Vulnerability in Ceph Fuse mounted FS

Ceph is a distributed object, block, and file storage platform. In versions 17.2.7, 18.2.1 through 18.2.4, and 19.0.0 through 19.2.2, an unprivileged user can escalate to root privileges in a ceph-fuse mounted CephFS by chmod 777 a directory owned by root to gain access. The result of this is tha...