Important: Red Hat Security Advisory: perl-FCGI security update

An update for perl-FCGI is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CVE-2025-49131

FastGPT is an open-source project that provides a platform for building, deploying, and operating AI-driven workflows and conversational agents. The Sandbox container fastgpt-sandbox is a specialized, isolated environment used by FastGPT to safely execute user-submitted or dynamically generated...

CVE-2025-49131 FastGPT Sandbox Vulnerable to Sandbox Bypass

FastGPT is an open-source project that provides a platform for building, deploying, and operating AI-driven workflows and conversational agents. The Sandbox container fastgpt-sandbox is a specialized, isolated environment used by FastGPT to safely execute user-submitted or dynamically generated...

CVE-2025-48877 Discourse vulnerable to auto-executing of third-party code in embedded CodePen iframe

Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, Codepen is present in the default allowediframes site setting, and it can potentially auto-run arbitrary JS...

CVE-2025-48877 Discourse vulnerable to auto-executing of third-party code in embedded CodePen iframe

Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, Codepen is present in the default allowediframes site setting, and it can potentially auto-run arbitrary JS...

CVE-2025-48062 Discourse vulnerable to HTML injection when inviting to topic via email

Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, certain invites via email may result in HTML injection in the email body if the topic title includes HTML...

Security Bulletin: IBM Rhapsody Systems Engineering is using next-14.2.12.tgz which is vulnerable to CVE-2024-51479

Summary A security vulnerability was identified in the Next.js package used in our product. We have resolved the issue by updating to a non-vulnerable patched version to ensure the continued security and reliability of our application. Vulnerability Details CVEID:CVE-2024-51479 DESCRIPTION: Next....

Exploit for Missing Authentication for Critical Function in Erlang Erlang\/Otp

CVE-2025-32433 Erlang SSH Library Exploit 🛑 Description: E...

PT-2025-24391 · Unknown · Phpgurukul Bp Monitoring Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul BP Monitoring Management System version 1.0 Description: A critical issue has been found in the /registration.php file, where the manipulation of the emailid argument leads to SQL injection. This issue can be exploited remotely. Th...

libxslt security update

1.1.32-6.2.0.1 - Added libxslt-oracle-enterprise.patch and replaced doc/redhat.gif in tarball 1.1.32-6.2 - Fix CVE-2023-40403 aka 2022-4909 RHEL-89374...

Updated php-adodb packages fix security vulnerability

ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Prior to version 5.22.9, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and...

PT-2025-24343 · Unknown · Phpgurukul Employee Record Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Employee Record Management System version 1.3 Description: A critical issue has been found in the PHPGurukul Employee Record Management System. The problem affects an unknown function of the file /admin/allemployees.php. Manipulati...

PT-2025-24604 · Totolink · Totolink Ex1200T

Name of the Vulnerable Software and Affected Versions: TOTOLINK EX1200T version 4.1.2cu.5232 B20210713 Description: A critical issue has been detected in the HTTP POST Request Handler component, specifically affecting an unknown functionality of the file /boafrm/formWsc. The manipulation of this...

GHSA-CVX7-X8PJ-X2GW CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification

Summary A Denial of Service DoS vulnerability was discovered in the CoreDNS DNS-over-QUIC DoQ server implementation. The server previously created a new goroutine for every incoming QUIC stream without imposing any limits on the number of concurrent streams or goroutines. A remote, unauthenticate...

CVE-2025-31134

FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, an attacker can gain additional information about the server by checking if certain directories exist. An attacker can, for example, check if older PHP versions are installed or if certain software is installed on the server...

CVE-2025-47950 CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification

CoreDNS is a DNS server that chains plugins. In versions prior to 1.12.2, a Denial of Service DoS vulnerability exists in the CoreDNS DNS-over-QUIC DoQ server implementation. The server previously created a new goroutine for every incoming QUIC stream without imposing any limits on the number of...

CVE-2025-29885

CVE-2025-29885 refers to an improper certificate validation vulnerability affecting QNAP File Station 5 . The issue allows remote attackers who already have user access to potentially compromise system security. Technical details in the connected PT-2025-24304 entry specify affected versions: Fil...

CVE-2025-29871 File Station 5

An out-of-bounds read vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later...

SUSE-SU-2025:01569-1 Security update for libraw

This update for libraw fixes the following issues: - CVE-2025-43961: Fixed out-of-bounds read in the Fujifilm 0xf00c tag parser in metadata/tiff.cpp bsc1241643 - CVE-2025-43962: Fixed out-of-bounds read when tag 0x412 processing in phaseonecorrect function bsc1241585 - CVE-2025-43963: Fixed...

PT-2025-24035 · WordPress · Wp Email Debug

Name of the Vulnerable Software and Affected Versions: WP Email Debug plugin for WordPress versions 1.0 to 1.1.0 Description: The issue is related to a missing capability check on the WPMDBUG handle settings function. This allows unauthenticated attackers to enable debugging, send all emails to a...