PT-2025-26516 · Unknown · Phpgurukul Art Gallery Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Art Gallery Management System version 1.1 Description: A critical vulnerability has been found in the PHPGurukul Art Gallery Management System. This issue affects an unknown part of the file /admin/changeimage1.php. The manipulatio...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in netty-handler (CVE-2025-24970)

Summary A vulnerability in Netty that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-24970 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Jinja (CVE-2025-27516)

Summary A vulnerability in Jinja that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-27516 DESCRIPTION: Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allow...

CVE-2025-25034 SugarCRM PHP Deserialization RCE

A PHP object injection vulnerability exists in SugarCRM versions prior to 6.5.24, 6.7.13, 7.5.2.5, 7.6.2.2, and 7.7.1.0 due to improper validation of PHP serialized input in the SugarRestSerialize.php script. The vulnerable code fails to sanitize the restdata parameter before passing it to the...

CVE-2025-25034 SugarCRM PHP Deserialization RCE

A PHP object injection vulnerability exists in SugarCRM versions prior to 6.5.24, 6.7.13, 7.5.2.5, 7.6.2.2, and 7.7.1.0 due to improper validation of PHP serialized input in the SugarRestSerialize.php script. The vulnerable code fails to sanitize the restdata parameter before passing it to the...

CVE-2025-48059

PowSyBl Core contains a polynomial Regular Expression Denial of Service (ReDoS) in the RegexCriterion class used by powsybl-iidm-criteria (versions 6.3.0–6.7.1 and powsybl-contingency-api 5.0.0–6.3.0). The vulnerability arises from unvalidated user-supplied regex patterns compiled and evaluated a...

SUSE-SU-2025:20429-1 Security update for afterburn

This update for afterburn fixes the following issues: Update to version 5.8.2: cargo: Afterburn release 5.8.2 docs/release-notes: update for release 5.8.2 cargo: update dependencies cargo: Afterburn release 5.8.1 cargo: Afterburn release 5.8.0 docs/release-notes: update for release 5.8.0 cargo:...

Security Bulletin: Vulnerability in jetty-server affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-6763, CVE-2024-8184]

Summary The jetty-server package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-6763, CVE-2024-8184 Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight, highly scalable, Java-based web...

Security Bulletin: Vulnerability in jetty-http affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-6763]

Summary The jetty-http package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-6763 Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet...

CVE-2022-50050

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf snprintf returns the would-be-filled size when the string overflows the given buffer size, hence using this value may result in the buffer overflow although it's...

Security Bulletin: Vulnerability in cryptography affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2023-49083]

Summary The cryptography package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2023-49083 Vulnerability Details CVEID:CVE-2023-49083 DESCRIPTION: Cryptography package for Python is vulnerable to a denial of service, caused b...

Security Bulletin: Erlang/OTP SFTP Packet Size Validation Vulnerability Allows Excessive Memory Allocation

Summary Erlang is a programming language and runtime system for building massively scalable soft real-time systems with requirements on high availability. OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang...

CVE-2025-47771

PowSyBl Power System Blocks is a framework to build power system oriented software. In versions 6.3.0 to 6.7.1, there is a deserialization issue in the read method of the SparseMatrix class that can lead to a wide range of privilege escalations depending on the circumstances. This method takes in...

PT-2025-26323 · Unknown · Code-Projects Online Shoe Store

Name of the Vulnerable Software and Affected Versions: code-projects Online Shoe Store version 1.0 Description: A critical vulnerability has been found in the code-projects Online Shoe Store, affecting an unknown functionality of the file /contactus.php. The manipulation of the email argument lea...

PT-2025-26443 · Unknown · Automated Voting System

Name of the Vulnerable Software and Affected Versions: code-projects Automated Voting System version 1.0 Description: A problematic vulnerability has been found in the Automated Voting System. It affects an unknown function of the file /vote.php in the Backend component. The manipulation leads to...

PT-2025-26474 · D Link · D-Link Dir-619L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-619L version 2.06B01 Description: A critical vulnerability was found in the function formWlanGuestSetup of the file /goform/formWlanGuestSetup. The manipulation of the argument curTime leads to a stack-based buffer overflow. The...

PT-2025-26456

Name of the Vulnerable Software and Affected Versions MiniDVBLinux versions prior to 5.4 Description An OS command injection issue exists in the web-based management interface of MiniDVBLinux. The system does not properly sanitize user-supplied input before passing it to operating system commands...

PT-2025-26466 · Unknown · Simple Pizza Ordering System

Name of the Vulnerable Software and Affected Versions: Simple Pizza Ordering System version 1.0 Description: A critical issue was found in the Simple Pizza Ordering System. The manipulation of the userid argument in the file /adds.php leads to SQL injection. This issue can be initiated remotely...

PT-2025-26399 · Unknown · Atakan Au Automatically Hierarchic Categories In Menu

Name of the Vulnerable Software and Affected Versions: Atakan Au Automatically Hierarchic Categories in Menu versions 2.0.9 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, which allows Stored XSS...

SUSE CVE-2025-50182

urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means...