CVE-2025-24969

CVE-2025-24969 affects iTop, a web-based IT service management tool. The vulnerability is present in versions prior to 3.2.1, where a portal user can view other contacts’ pictures by changing the picture ID in the URL. Version 3.2.1 includes a patch for this issue. The documented impact is privac...

CVE-2025-24969 iTop portal user can see any other contact's picture

iTop is an web based IT Service Management tool. Prior to version 3.2.1, a portal user can see any other contacts picture by changing the picture ID in the URL. Version 3.2.1 contains a patch for the issue...

CVE-2025-24026 iTop Inefficient Regular Expression Complexity vulnerability

iTop is an web based IT Service Management tool. Versions prior to 3.2.1 are vulnerable to regular expression denial of service ReDoS that may, under some circumstances, affect iTop server. Version 3.2.1 doesn't use the affected variable in the regular expression. As a workaround, if iTop...

CVE-2023-53146 media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer()

In the Linux kernel, the following vulnerability has been resolved: media: dw2102: Fix null-ptr-deref in dw2102i2ctransfer In dw2102i2ctransfer, msg is controlled by user. When msgi.buf is null and msgi.len is zero, former checks on msgi.buf would be passed. Malicious data finally reach...

CVE-2025-46729

julmud/phpDVDProfiler is an adoption of the defunct phpDVDProfiler project, which allows users to display on the web their DVD collections maintained with Invelos's DVDProfiler software. Starting in v20230807 and prior to v20250511, cross-site scripting in the search function. v20250511 contains ...

Security Bulletin: Vulnerability in [All] linux (Kernel) affects IBM Integrated Analytics System (Sailfish) [CVE-2024-26906, CVE-2024-26982].

Summary The All linux Kernel package is used by IBM Integrated Analytics System . IBM Integrated Analytics System has addressed the applicable CVE CVE-2024-26906, CVE-2024-26982. Vulnerability Details CVEID:CVE-2024-26906 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a...

PT-2025-21224 · Peergos · Peergos

Name of the Vulnerable Software and Affected Versions: Peergos versions through 1.1.0 Description: The issue is related to an improper restriction of XML external entity reference in the getDocumentBuilder method of the WebDav servlet in Peergos. This allows for potential exploitation...

PT-2025-21181 · Samsung · Exynos

Name of the Vulnerable Software and Affected Versions: Samsung Mobile Processor, Wearable Processor, and Modem Exynos versions 980 through 9825, versions 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400 Description: An issue...

Alibaba Cloud Linux 3 : 0276: pcs (ALINUX3-SA-2024:0276)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0276 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-21510: Versions of the package sinatra fro...

PT-2025-21249 · Intel · Intel Gaudi

Name of the Vulnerable Software and Affected Versions: IntelR GaudiR software versions prior to 1.18 Description: The issue is related to incorrect default permissions in some IntelR GaudiR software installers, which may allow an authenticated user to potentially enable escalation of privilege vi...

PT-2025-21251 · Unknown · Label Studio

Name of the Vulnerable Software and Affected Versions: Label Studio versions prior to 1.18.0 Description: A vulnerability in Label Studio allows an attacker to inject a malicious script into the context of a web page, which can lead to data theft, session hijacking, unauthorized actions on behalf...

PT-2025-21144 · Ezd Rp · Ezd Rp

Name of the Vulnerable Software and Affected Versions: EZD RP versions prior to 20.19 Description: The issue allows unauthorized access to the "/api/Token/gettoken" endpoint in EZD RP, enabling file manipulation. Recommendations: For versions prior to 20.19, update to version 20.19 or later to...

PT-2025-21924 · V-Sft · V-Sft

Name of the Vulnerable Software and Affected Versions: V-SFT versions 6.2.5.0 and earlier Description: The issue is related to a stack-based buffer overflow in the VS6ComFile!CV7BaseMap::WriteV7DataToRom function. Opening specially crafted V7 or V8 files can lead to a crash, information disclosur...

Alibaba Cloud Linux 3 : 0001: opensc (ALINUX3-SA-2024:0001)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0001 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-2977: A vulnerbility was found in OpenSC...

OPKSSH Vulnerable to Authentication Bypass

Impact Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. As OPKSSH depends on the OpenPubkey library for authentication, this vulnerability in OpenPubkey also applies to OPKSSH versions prior to 0.5....

Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow

Impact The 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workflow configured vulnerable, as it allows sending the message from a trusted system and address potentially bypassing spam and email client security systems...

Kirby vulnerable to path traversal in the router for PHP's built-in server

TL;DR This vulnerability affects all Kirby setups that use PHP's built-in server. Such setups are commonly only used during local development. Sites that use other server software such as Apache, nginx or Caddy are not affected. ---- Introduction For use with PHP's built-in web server, Kirby...

GHSA-9P3P-W5JF-8XXG Kirby vulnerable to path traversal in the router for PHP's built-in server

TL;DR This vulnerability affects all Kirby setups that use PHP's built-in server. Such setups are commonly only used during local development. Sites that use other server software such as Apache, nginx or Caddy are not affected. ---- Introduction For use with PHP's built-in web server, Kirby...

CVE-2025-47280 Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow

Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior to versions 13.4.2 and 15.1.2, the 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workfl...

CVE-2025-47280

Umbrao Forms HTML injection : The Send email workflow in Umbraco Forms (versions 7.x through just before 13.4.2 and 15.1.2) does not HTML-encode user-provided field values, allowing potential email spoofing or bypass of security checks. Affected forms can patch by updating to 13.4.2 or 15.1.2, or...