CVE-2025-52557

Mail-0's Zero is an open-source email solution. In version 0.8 it's possible for an attacker to craft an email that executes javascript leading to session hijacking due to improper sanitization. This issue has been patched in version 0.81...

CVE-2025-52556

rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to version 1.0.3, there is a flaw in the timestamp response signature verification logic. In particular, chain verification is performed against the TSR's embedded certificates up to the trust...

CVE-2025-49591

CryptPad is a collaboration suite. Prior to version 2025.3.0, enforcement of Two-Factor Authentication 2FA in CryptPad can be trivially bypassed, due to weak implementation of access controls. An attacker that compromises a user's credentials can gain access to the victim's account, even if the...

Advisory ROSA-SA-2025-2897

Software: openssl 1.1.1k OS: ROSA Virtualization 2.1 packageevrstring: openssl-1.1.1.1k-14.0.1.rv3 CVE-ID: CVE-2019-1547 BDU-ID: 2019-04084 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the ecerr.c and eclib.c functions of the OpenSSL library is related to the lack of data encryption measures...

PT-2025-26644 · Unknown · Changedetection.Io

Name of the Vulnerable Software and Affected Versions: changedetection.io versions prior to 0.50.4 Description: The issue is related to a cross-site scripting XSS vulnerability due to errors in filters from website page change detection watches not being properly filtered. This vulnerability has...

PT-2025-26638 · Pyspur +1 · Pyspur +2

Name of the Vulnerable Software and Affected Versions: PySpur-Dev pyspur versions up to 0.1.18 Description: A critical issue was found in the function SingleLLMCallNode of the file backend/pyspur/nodes/llm/single llm call.py of the component Jinja2 Template Handler. The manipulation of the argume...

openSUSE Security Advisory (SUSE-SU-2025:02014-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2025-103)

The version of kernel installed on the remote host is prior to 5.4.294-212.419. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2025-103 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix WRITESAME No Data...

Security Bulletin: Vulnerability in jinja2 affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-34064]

Summary The jinja2 package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-34064 Vulnerability Details CVEID:CVE-2024-34064 DESCRIPTION: Jinja is vulnerable to cross-site scripting, caused by the acceptance of keys...

Security Bulletin: Vulnerability in jinja2 affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-22195]

Summary The jinja2 package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-22195 Vulnerability Details CVEID:CVE-2024-22195 DESCRIPTION: Jinja is an extensible templating engine. Special placeholders in the template allow...

PT-2025-26570 · Unknown +1 · Codemirror +1

Name of the Vulnerable Software and Affected Versions: CodeMirror versions up to 5.17.0 Description: A vulnerability was found in the Markdown Mode component, specifically in the file mode/markdown/markdown.js, leading to inefficient regular expression complexity. This issue can be exploited...

CVE-2022-50196

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: ocmem: Fix refcount leak in ofgetocmem ofparsephandle returns a node pointer with refcount incremented, we should use ofnodeput on it when not need anymore. Add missing ofnodeput to avoid refcount leak. ofnodeput will...

CVE-2025-38025

In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7606: check for NULL before calling swmodeconfig Check that the swmodeconfig function pointer is not NULL before calling it. Not all buses define this callback, which resulted in a NULL pointer dereference...

CVE-2025-52552

FastGPT is an AI Agent building platform. Prior to version 4.9.12, the LastRoute Parameter on login page is vulnerable to open redirect and DOM-based XSS. Improper validation and lack of sanitization of this parameter allows attackers execute malicious JavaScript or redirect them to...

CVE-2025-52487 DNN.PLATFORM possibly allows bypass of IP Filters

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In versions 7.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request or proxy to be created that could bypass the design of DNN Login IP Filters allowing login attempts from IP...

CVE-2025-52486

CVE-2025-52486 affects DNN.PLATFORM (DotNetNuke) prior to 10.0.1, where specially crafted URL content could be used with TokenReplace and not be sanitized by certain SkinObjects, enabling a reflected Cross-Site Scripting (XSS). Affected versions are 6.0.0 through before 10.0.1. The issue is fixed...

CVE-2025-52552 FastGPT LastRoute Parameter on Login Page Vulnerable to Open Redirect and DOM-based XSS

FastGPT is an AI Agent building platform. Prior to version 4.9.12, the LastRoute Parameter on login page is vulnerable to open redirect and DOM-based XSS. Improper validation and lack of sanitization of this parameter allows attackers execute malicious JavaScript or redirect them to...

CVE-2025-52552 FastGPT LastRoute Parameter on Login Page Vulnerable to Open Redirect and DOM-based XSS

FastGPT is an AI Agent building platform. Prior to version 4.9.12, the LastRoute Parameter on login page is vulnerable to open redirect and DOM-based XSS. Improper validation and lack of sanitization of this parameter allows attackers execute malicious JavaScript or redirect them to...

CVE-2025-52557 Mail-0 Zero Session Hijacking Via Email

Mail-0's Zero is an open-source email solution. In version 0.8 it's possible for an attacker to craft an email that executes javascript leading to session hijacking due to improper sanitization. This issue has been patched in version 0.81...

CVE-2025-52556

CVE-2025-52556 affects the Python library rfc3161-client. Prior to version 1.0.3, the timestamp response signature verification flaw arises because chain verification checks the TSR’s embedded certificates up to trusted roots but does not verify the TSR’s own signature against the timestamping le...