PYSEC-2025-119

Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Prior to version 5.31.0, an arbitrary file copy vulnerability in Gradio's flagging feature allows unauthenticated attackers to copy a...

CVE-2025-48492 GetSimple CMS RCE in Edit component

GetSimple CMS is a content management system. In versions starting from 3.3.16 to 3.3.21, an authenticated user with access to the Edit component can inject arbitrary PHP into a component file and execute it via a crafted query string, resulting in Remote Code Execution RCE. This issue is set to ...

CVE-2025-48492 GetSimple CMS RCE in Edit component

GetSimple CMS is a content management system. In versions starting from 3.3.16 to 3.3.21, an authenticated user with access to the Edit component can inject arbitrary PHP into a component file and execute it via a crafted query string, resulting in Remote Code Execution RCE. This issue is set to ...

CVE-2025-48490 Laravel Rest Api has a Search Validation Bypass

Laravel Rest Api is an API generator. Prior to version 2.13.0, a validation bypass vulnerability was discovered where multiple validations defined for the same attribute could be silently overridden. Due to how the framework merged validation rules across multiple contexts such as index, store, a...

CVE-2025-48881 Valtimo backend libraries allows objects in the object-api to be accessed and modified by unauthorized users

Valtimo is a platform for Business Process Automation. In versions starting from 11.0.0.RELEASE to 11.3.3.RELEASE and 12.0.0.RELEASE to 12.12.0.RELEASE, all objects for which an object-management configuration exists can be listed, viewed, edited, created or deleted by unauthorised users. If...

CVE-2025-48484

CVE-2025-48484 affects FreeScout before version 1.8.178, where XSS is possible due to improper input validation and sanitization in the conversation POST data body. The issue is documented in multiple sources (NVD/Red Hat/ CNVD, etc.) and is stated to be patched in 1.8.178. Affected component is ...

CVE-2025-48478 FreeScout Has Business Logic Errors

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, insufficient input validation during user creation has resulted in a mass assignment vulnerability, allowing an attacker to manipulate all fields of the object, which are enumerated in the $fillable array the...

CVE-2025-48477 FreeScout Has Business Logic Errors

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application's logic requires the user to perform a correct sequence of actions to implement a functional capability, but the application allows access to the functional capability without correctly...

CVE-2025-48491

Project AI is a platform designed to create AI agents. Prior to the pre-beta version, a hardcoded API key was present in the source code. This issue has been patched in the pre-beta version...

CVE-2025-48491 Project AI API Key Exposure in Source Code

Project AI is a platform designed to create AI agents. Prior to the pre-beta version, a hardcoded API key was present in the source code. This issue has been patched in the pre-beta version...

CVE-2025-48068 Information exposure in Next.js dev server due to lack of origin verification

Next.js is a React framework for building full-stack web applications. In versions starting from 13.0 to before 14.2.30 and 15.0.0 to before 15.2.2, Next.js may have allowed limited source code exposure when the dev server was running with the App Router enabled. The vulnerability only affects...

PT-2025-23320 · Unknown · Freefloat Ftp Server

Name of the Vulnerable Software and Affected Versions: FreeFloat FTP Server version 1.0 Description: A critical vulnerability was found in the PWD Command Handler component of FreeFloat FTP Server, leading to a buffer overflow. The attack can be launched remotely, and the exploit has been disclos...

PT-2025-23298

Name of the Vulnerable Software and Affected Versions City Referential Manager versions 3DEXPERIENCE R2025x Description A stored Cross-site Scripting XSS issue affects City Discover within City Referential Manager. Exploitation allows an attacker to execute arbitrary script code within a user's...

Tenable Nessus Network Monitor < 6.5.1 Multiple Vulnerabilities (TNS-2025-10)

Tenable Nessus Network Monitor is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

PT-2025-23268 · WordPress · The Featured Image Plus – Quick & Bulk Edit With Unsplash

Name of the Vulnerable Software and Affected Versions: The Featured Image Plus – Quick & Bulk Edit with Unsplash plugin for WordPress versions up to, and including, 1.6.3 Description: The issue allows authenticated attackers with Subscriber-level access and above to update the featured image of a...

PT-2025-23332 · Unknown · Phpgurukul/Campcodes Cyber Cafe Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul/Campcodes Cyber Cafe Management System version 1.0 Description: A critical issue affects some unknown functionality of the file /bwdates-reports-details.php. The manipulation of the fromdate and todate arguments leads to SQL...

PT-2025-23274 · Binary Carpenter · Binarycarpenter Woo Slider Pro

Name of the Vulnerable Software and Affected Versions: BinaryCarpenter Woo Slider Pro versions 1.12 and earlier Description: The issue is related to a lack of authorization in BinaryCarpenter Woo Slider Pro, which allows the exploitation of incorrectly configured access control security levels. T...

CVE-2025-30466

CVE-2025-30466 concerns a bypass of the Same Origin Policy in Apple web/OS components. The issue is addressed through improved state management and is fixed in Safari 18.4, iOS 18.4, iPadOS 18.4, visionOS 2.4, and macOS Sequoia 15.4. The CVE entry lists network as the attack vector, with no user ...

CVE-2025-31263

CVE-2025-31263 affects macOS Sequoia prior to 15.4 where an application may corrupt coprocessor memory due to an improved memory handling fix being implemented in macOS Sequoia 15.4. The entry lists the vulnerability as high impact with a CVSS 3.1 base score of 9.1 (I:H, A:H) and network attack v...

CVE-2025-47288 Discourse Policy plugin private group members visible

Discourse Policy plugin gives the ability to confirm users have seen or done something. Prior to version 0.1.1, if there was a policy posted to a public topic that was tied to a private group then the group members could be shown to non-group members. This issue has been patched in version 0.1.1....