CVE-2025-47279

CVE-2025-47279 — Undici (Node.js HTTP/1.1 client) : A memory leak can occur in webhook-like usage when an attacker runs a server with an invalid TLS certificate and forces repeated webhook calls. The issue is fixed in Undici versions 5.29.0, 6.21.2, and 7.5.0. As a workaround, avoid calling a web...

Sulu vulnerable to XXE in SVG File upload Inspector

Impact A admin user can upload SVG which may load external data via XML DOM library, specially this can be used for eventually reference none secure XML External Entity References. Patches The problem has not been patched yet. Users should upgrade to patched versions once they become available...

GHSA-F6RX-HF55-4255 Sulu vulnerable to XXE in SVG File upload Inspector

Impact A admin user can upload SVG which may load external data via XML DOM library, specially this can be used for eventually reference none secure XML External Entity References. Patches The problem has not been patched yet. Users should upgrade to patched versions once they become available...

CVE-2025-22462

An authentication bypass in Ivanti Neurons for ITSM on-prem only before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system...

Security Bulletin: IBM MQ for HPE NonStop Server is affected by denial of service vulnerability (CVE-2025-23225)

Summary IBM MQ for HPE NonStop Server has addressed a denial of service vulnerability CVE-2025-23225, when a message without an MQXQH header is put to an XMITQ. Vulnerability Details CVEID:CVE-2025-23225 DESCRIPTION: IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user to...

WordPress TicketBAI Facturas para WooCommerce plugin <= 3.18 - Unauthenticated Arbitrary File Deletion vulnerability

Unauthenticated Arbitrary File Deletion vulnerability discovered by CVEhunter in WordPress Plugin TicketBAI Facturas para WooCommerce versions = 3.18...

PT-2025-21346 · Unknown · Campcodes Sales/Inventory System

Name of the Vulnerable Software and Affected Versions: Campcodes Sales and Inventory System version 1.0 Description: A critical issue has been found, affecting some unknown functionality of the file /pages/transaction.php. The manipulation of the cid argument leads to SQL injection. The attack ma...

PT-2025-21356 · Unknown · Campcodes Sales/Inventory System

Name of the Vulnerable Software and Affected Versions: Campcodes Sales and Inventory System version 1.0 Description: A critical issue has been discovered, affecting the /pages/account summary.php file. The manipulation of the cid argument leads to SQL injection. This issue can be exploited...

PT-2025-21275 · WordPress · Ticketbai Facturas Para Woocommerce

Name of the Vulnerable Software and Affected Versions: TicketBAI Facturas para WooCommerce plugin for WordPress versions up to, and including, 3.18 Description: The issue concerns arbitrary file deletion due to insufficient file path validation via the 'delpdf' action. This allows unauthenticated...

PT-2025-21272 · I O Data · I-O Data Hdl-T Series

Name of the Vulnerable Software and Affected Versions: I-O DATA HDL-T Series versions 1.21 and earlier Description: The issue is related to a lack of authentication for critical functions in the firmware. This could allow a remote unauthenticated attacker to modify the product's configuration...

PT-2025-21344 · Unknown · Rustaurius Front End Users

Name of the Vulnerable Software and Affected Versions: Rustaurius Front End Users versions 3.2.32 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions...

PT-2025-21291 · Unknown · Phpgurukul Vehicle Parking Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Vehicle Parking Management System version 1.13 Description: A critical issue was found in the PHPGurukul Vehicle Parking Management System. The problem is related to an unknown function of the file /admin/add-category.php, where th...

PT-2025-21582 · Unknown · Itsourcecode Placement Management System

Name of the Vulnerable Software and Affected Versions: itsourcecode Placement Management System version 1.0 Description: A critical issue has been discovered, affecting the /view student.php file, where manipulation of the ID argument leads to SQL injection. This can be initiated remotely...

PT-2025-21276 · Esignal · Esignal

Name of the Vulnerable Software and Affected Versions: eSigna versions 1.0 through 1.5 Description: The issue is related to an Insecure Direct Object Reference IDOR vulnerability in the eSignaViewer component. This vulnerability allows an unauthenticated attacker to access arbitrary files in the...

CVE-2025-31204

A flaw was found in WebKitGTK. Processing malicious web content can cause out-of-bounds memory access due to improper memory handling and result in memory corruption. Mitigation Do not process or load untrusted web content with WebKitGTK. In Red Hat Enterprise Linux 7, the following packages...

Security Bulletin: Vulnerability in Webpack and Rspack affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Webpack and Rspack has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

PYSEC-2025-39

motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed camera device path with the add/addcamera motionEye web API allows an attacker with motionEye admin user credentials to execute...

CVE-2025-47778

Sulu is an open-source PHP content management system based on the Symfony framework. Starting in versions 2.5.21, 2.6.5, and 3.0.0-alpha1, an admin user can upload SVG which may load external data via XML DOM library. This can be used for insecure XML External Entity References. The problem has...

CVE-2025-47778 Sulu vulnerable to XXE in SVG File upload Inspector

Sulu is an open-source PHP content management system based on the Symfony framework. Starting in versions 2.5.21, 2.6.5, and 3.0.0-alpha1, an admin user can upload SVG which may load external data via XML DOM library. This can be used for insecure XML External Entity References. The problem has...

CVE-2025-47777 5ire Client Vulnerable to Cross-Site Scripting (XSS) and Remote Code Execution (RCE)

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Versions prior to 0.11.1 are vulnerable to stored cross-site scripting in chatbot responses due to insufficient sanitization. This, in turn, can lead to Remote Code Execution RCE via unsafe...