CVE-2025-6283 xataio Xata Agent route.ts GET path traversal

A vulnerability was found in xataio Xata Agent up to 0.3.0. It has been classified as problematic. This affects the function GET of the file apps/dbagent/src/app/api/evals/route.ts. The manipulation of the argument passed leads to path traversal. Upgrading to version 0.3.1 is able to address this...

UBUNTU-CVE-2025-50200

RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in plaintext encoded in base64. When querying RabbitMQ api with HTTP/s with basic authentication it creates logs with all headers in request, including authorization headers which...

PowSyBl Core allows deserialization of untrusted SparseMatrix data

Impact What kind of vulnerability is it? Who is impacted? This is a disclosure for a security vulnerability in the SparseMatrix class. The vulnerability is a deserialization issue that can lead to a wide range of privilege escalations depending on the circumstances. The problematic area is the re...

CVE-2025-50200

CVE-2025-50200 affects RabbitMQ Server prior to 4.0.8, where the software logs HTTP Basic Auth headers in plaintext (base64-encoded user:pass) from requests to the management API. Affected: RabbitMQ Server versions

WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.27.8 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Post and Page Builder by BoldGrid versions = 1.27.8...

CVE-2025-52464 Meshtastic Repeated Public and Private Keypairs

Meshtastic is an open source mesh networking solution. In versions from 2.5.0 to before 2.6.11, the flashing procedure of several hardware vendors was resulting in duplicated public/private keys. Additionally, the Meshtastic was failing to properly initialize the internal randomness pool on some...

GHSA-6Q65-J4JW-9CG8 DotVVM allows path traversal when deployed in Debug mode

Description There is a path traversal vulnerability in any DotVVM application started in Debug mode, if at least one resource with the FileResourceLocation has been added. The vulnerability allows an attacker to read arbitrary files from the filesystem accessible by the web application i.e...

CVE-2025-49842

conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. Prior to version 2025.3.24, the condaforgewebservice Docker container executes commands without specifying a user. By default, Docker containers run as the root user, which increases the risk of privile...

Security Bulletin: Vulnerability in jetty-http affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0)[CVE-2023-36478]

Summary The jetty-http package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEsCVE-2023-36478 Vulnerability Details CVEID:CVE-2023-36478 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an integer overflow...

SUSE CVE-2022-50014

In the Linux kernel, the following vulnerability has been resolved: mm/gup: fix FOLLFORCE COW security issue and remove FOLLCOW Ever since the Dirty COW CVE-2016-5195 security issue happened, we know that FOLLFORCE can be possibly dangerous, especially if there are races that can be exploited by...

CVE-2025-50183

OpenList Frontend (OpenList Frontend) prior to 4.0.0-rc.4 contains a stored Cross‑Site Scripting (XSS) in the file preview/browsing feature. Files with a .py extension that contain JavaScript wrapped in [removed] tags may be interpreted as HTML in certain modes, allowing script execution in the b...

CVE-2025-50182 urllib3 does not control redirects in browsers and Node.js

urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means...

PT-2025-26229 · Ibm · Ibm Qradar Siem

Name of the Vulnerable Software and Affected Versions: IBM QRadar SIEM versions 7.5 through 7.5.0 Update Package 12 Description: The issue is related to an XML external entity injection XXE attack when processing XML data. A remote attacker could exploit this to expose sensitive information or...

CVE-2025-49590 CryptPad Dom-Based Cross-Site Scripting (XSS) Vulnerability

CryptPad is a collaboration suite. Prior to version 2025.3.0, the "Link Bouncer" functionality attempts to filter javascript URIs to prevent Cross-Site Scripting XSS, however this can be bypassed. There is an "early allow" code path that happens before the URI's protocol/scheme is checked, which ...

Security Bulletin: Vulnerability in cryptography affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2023-23931]

Summary The cryptography package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2023-23931 Vulnerability Details CVEID:CVE-2023-23931 DESCRIPTION: cryptography is a package designed to expose cryptographic primitives and...

CVE-2022-50224

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Treat NX as a valid SPTE bit for NPT Treat the NX bit as valid when using NPT, as KVM will set the NX bit when the NX huge page mitigation is enabled mindblowing and trigger the WARN that fires on reserved SPTE bits...

CVE-2022-50051

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: debug: Fix potential buffer overflow by snprintf snprintf returns the would-be-filled size when the string overflows the given buffer size, hence using this value may result in the buffer overflow although it's...

CVE-2022-49986

In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Remove WQMEMRECLAIM from storvscerrorwq storvscerrorwq workqueue should not be marked as WQMEMRECLAIM as it doesn't need to make forward progress under memory pressure. Marking this workqueue as WQMEMRECLAIM may...

CVE-2022-49966

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: add missing -finimicrocode interface for Sienna Cichlid To avoid any potential memory leak...

CVE-2022-50224

CVE-2022-50224 is a Linux kernel/KVM issue where NX is treated as a valid SPTE bit for NPT, enabling a mismatch that can trigger a WARN when reserved SPTE bits are set. Concrete details come from the Linux kernel KVM/mmu path, including a traceback and a mitigation involving NX handling when the ...