CVE-2024-2905 affecting package rpm-ostree for versions less than 2024.4-3

CVE-2024-2905 affecting package rpm-ostree for versions less than 2024.4-3. A patched version of the package is available...

CVE-2025-22872 affecting package kubernetes for versions less than 1.30.10-7

CVE-2025-22872 affecting package kubernetes for versions less than 1.30.10-7. A patched version of the package is available...

Argo CD allows cross-site scripting on repositories page

Impact This vulnerability allows an attacker to perform arbitrary actions on behalf of the victim via the API, such as creating, modifying, and deleting Kubernetes resources. Due to the improper filtering of URL protocols in the repository page, an attacker can achieve cross-site scripting with...

GHSA-965R-9CG9-G42P Valtimo backend libraries allows objects in the object-api to be accessed and modified by unauthorized users

Impact All objects for which an object-management configuration exists can be listed, viewed, edited, created or deleted by unauthorised users. If object-urls are exposed via other channels, the contents of these objects can be viewed independent of object-management configurations. Attack...

PT-2025-23099 · Traefik · Traefik

Name of the Vulnerable Software and Affected Versions: Traefik versions prior to 2.11.25 Traefik versions prior to 3.4.1 Description: There is a potential issue in Traefik when managing requests using a PathPrefix, Path or PathRegex matcher. If the URL contains a URL encoded string in its path,...

PT-2025-23199

Name of the Vulnerable Software and Affected Versions Esri Portal for ArcGIS versions 11.4 and prior Description The issue allows a remote, unauthenticated attacker to bypass the Portal’s Server Side Request Forgery SSRF protections. This enables the attacker to potentially exploit the system...

PT-2025-23117 · M2Soft · M2Soft Crownix Report & Ers

Name of the Vulnerable Software and Affected Versions: M2Soft CROWNIX Report & ERS versions 7.x through 7.4.3.599 M2Soft CROWNIX Report & ERS versions 8.x through 8.0.3.79 Description: The issue is related to incorrect access control, allowing unauthorized attackers to obtain Administrator accoun...

PT-2025-23085

Name of the Vulnerable Software and Affected Versions Apache Commons BeanUtils versions 1.x before 1.11.0 Apache Commons BeanUtils versions 2.x before 2.0.0-M2 Description The issue is related to improper access control in Apache Commons BeanUtils, where an attacker can access the enum's class...

SUSE: Security Advisory (SUSE-SU-2025:01705-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-32440

CVE-2025-32440 affects NetAlertX before version 25.4.14. An authentication bypass allows updating settings without authentication by crafting requests to /index.php, enabling exploitation of sensitive functions in util.php. The issue is confirmed as patched in version 25.4.14. Impact is described...

CVE-2025-32440 NetAlertX Vulnerable to Authentication Bypass

NetAlertX is a network, presence scanner and alert framework. Prior to version 25.4.14, it is possible to bypass the authentication mechanism of NetAlertX to update settings without authentication. An attacker can trigger sensitive functions within util.php by sending crafted requests to...

CVE-2025-32440 NetAlertX Vulnerable to Authentication Bypass

NetAlertX is a network, presence scanner and alert framework. Prior to version 25.4.14, it is possible to bypass the authentication mechanism of NetAlertX to update settings without authentication. An attacker can trigger sensitive functions within util.php by sending crafted requests to...

CVE-2025-5279

When the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, the driver skips the SSL certificate validation step for the Identity Provider. An insecure connection could allow an actor to intercept the token exchange process and retrieve an access...

CVE-2025-48383

The CVE-2025-48383 issue affects Django-Select2: HeavySelect2Mixin subclasses (notably ModelSelect2MultipleWidget and ModelSelect2Widget) can leak secret access tokens across requests, enabling access to restricted query sets/data. The vulnerability is mitigated in version 8.4.1 and later. No exp...

WordPress Exclusive Addons for Elementor plugin <= 2.7.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Timer Widget vulnerability discovered by Webbernaut in WordPress Plugin Exclusive Addons Elementor versions = 2.7.9.1...

PT-2025-23047 · Ibm · Ibm Security Guardium

Name of the Vulnerable Software and Affected Versions: IBM Security Guardium version 12.0 Description: The issue allows a privileged user to download any file on the system due to improper escaping of input. Recommendations: For IBM Security Guardium version 12.0, consider restricting file access...

PT-2025-22963 · Unknown · Phpgurukul Online Nurse Hiring System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Nurse Hiring System version 1.0 Description: A critical vulnerability has been found in the PHPGurukul Online Nurse Hiring System. This issue affects an unknown part of the file /admin/bwdates-report-details.php. The...

PT-2025-22998 · Gnu +1 · Gnu Binutils +1

Name of the Vulnerable Software and Affected Versions: GNU Binutils versions up to 2.44 Description: A critical issue was found in GNU Binutils, affecting the elf gc sweep function of the ld component. This issue leads to memory corruption and can be exploited locally. The exploit has been...

ABB M2M Gateway Integer Overflow in embedded Git (CVE-2022-23521)

Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a .gitattributes file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this...

Security Vulnerabilities fixed in Firefox 139 — Mozilla

A double-free could have occurred in vpxcodecencinitmulti after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash. Error handling for script execution was incorrectly isolated from web content, which could ha...