CVE-2025-32958

Adept is a language for general purpose programming. Prior to commit a1a41b7, the remoteBuild.yml workflow file uses actions/upload-artifact@v4 to upload the mac-standalone artifact. This artifact is a zip of the current directory, which includes the automatically generated .git/config file...

CVE-2025-32956 ManageWiki has SQL injection vulnerability in NamespaceMigrationJob

ManageWiki is a MediaWiki extension allowing users to manage wikis. Versions before commit f504ed8, are vulnerable to SQL injection when renaming a namespace in Special:ManageWiki/namespaces when using a page prefix namespace name, which is the current namespace you are renaming with an injection...

CVE-2025-32958 Adept exposed the GITHUB_TOKEN in workflow run artifact

Adept is a language for general purpose programming. Prior to commit a1a41b7, the remoteBuild.yml workflow file uses actions/upload-artifact@v4 to upload the mac-standalone artifact. This artifact is a zip of the current directory, which includes the automatically generated .git/config file...

CVE-2025-32958 Adept exposed the GITHUB_TOKEN in workflow run artifact

Adept is a language for general purpose programming. Prior to commit a1a41b7, the remoteBuild.yml workflow file uses actions/upload-artifact@v4 to upload the mac-standalone artifact. This artifact is a zip of the current directory, which includes the automatically generated .git/config file...

In Cilium, packets from terminating endpoints may not be encrypted in Wireguard-enabled clusters

Impact When using Wireguard transparent encryption in a Cilium cluster, packets that originate from a terminating endpoint can leave the source node without encryption due to a race condition in how traffic is processed by Cilium. Patches This issue has been patched in...

GHSA-5VXX-C285-PCQ4 In Cilium, packets from terminating endpoints may not be encrypted in Wireguard-enabled clusters

Impact When using Wireguard transparent encryption in a Cilium cluster, packets that originate from a terminating endpoint can leave the source node without encryption due to a race condition in how traffic is processed by Cilium. Patches This issue has been patched in...

GHSA-6P68-W45G-48J7 Traefik has a possible vulnerability with its path matchers

Impact There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path, if the URL contains a /../ in its path, it’s possible to target a backend,...

CVE-2025-32793

CVE-2025-32793 affects Cilium’s eBPF dataplane when WireGuard transparent encryption is enabled. Versions 1.15.0–1.15.15, 1.16.0–1.16.8, and 1.17.0–1.17.2 are vulnerable to a race condition where packets from a terminating endpoint may leave the source node unencrypted. The issue is fixed in 1.15...

CVE-2025-32431 Traefik has a possible vulnerability with the path matchers

Traefik pronounced traffic is an HTTP reverse proxy and load balancer. In versions prior to 2.11.24, 3.3.6, and 3.4.0-rc2. There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backe...

[R1] Stand-alone Security Patch Available for Tenable Security Center version 6.5.1: SC-202504.3

R1 Stand-alone Security Patch Available for Tenable Security Center version 6.5.1: SC-202504.3 Arnie Cabral Mon, 04/21/2025 - 11:03 Security Center leverages third-party software to help provide underlying functionality. One of the third-party components postgresql was found to contain...

PT-2025-17464 · Mediawiki · Managewiki

Name of the Vulnerable Software and Affected Versions: ManageWiki versions before commit f504ed8 Description: The issue is related to SQL injection when renaming a namespace in Special:ManageWiki/namespaces, specifically when using a page prefix with an injection payload. This occurs in ManageWik...

PT-2025-17436 · Opentext · Opentext Content Server

Name of the Vulnerable Software and Affected Versions: OpenText Content Server versions 20.2 through 24.4 Description: The issue is related to an Incorrect Authorization vulnerability in the OpenText Content Server REST API, allowing users without the appropriate permissions to remove external...

PT-2025-22306 · Unknown · Fw-Wgs-804Hpt

Name of the Vulnerable Software and Affected Versions: FW-WGS-804HPT version 1.305b241111 Description: A stack overflow issue was discovered via the bytftp srvip parameter in the web tool upgradeManager post function. Recommendations: For FW-WGS-804HPT version 1.305b241111, consider disabling the...

WordPress MapPress Maps for WordPress plugin < 2.94.10 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin MapPress Maps for WordPress versions 2.94.10...

PT-2025-17383 · Dazhouda · Lecms

Name of the Vulnerable Software and Affected Versions: dazhouda lecms versions up to 3.0.3 Description: A problematic issue has been found in the affected software, impacting some unknown functionality of the file /admin of the component Edit Profile Handler. This issue leads to cross site...

PT-2025-17396 · Ssl.Com · Ssl.Com

Name of the Vulnerable Software and Affected Versions: SSL.com versions prior to 2025-04-19 Description: The issue arises when domain validation method 3.2.2.4.14 is used, allowing a trusted TLS certificate to be issued for the domain name of a requester's email address, even if the requester doe...

CVE-2025-32377 Rasa Pro Missing Authentication For Voice Connector APIs

Rasa Pro is a framework for building scalable, dynamic conversational AI assistants that integrate large language models LLMs. A vulnerability has been identified in Rasa Pro where voice connectors in Rasa Pro do not properly implement authentication even when a token is configured in the...

GHSA-3WQC-MWFX-672P Traefik affected by Go oauth2/jws Improper Validation of Syntactic Correctness of Input vulnerability

Summary We have encountered a security vulnerability being reported by our scanners for Traefik 2.11.22. - https://security.snyk.io/vuln/SNYK-CHAINGUARDLATEST-TRAEFIK33-9403297 Details It seems to target oauth2/jws library. PoC No steps to replicate this vulnerability Impact We have a strict...

CVE-2025-32792

SES safely executes third-party JavaScript 'strict' mode programs in compartments that have no excess authority in their global scope. Prior to version 1.12.0, web pages and web extensions using ses and the Compartment API to evaluate third-party code in an isolated execution environment that hav...

CVE-2025-32795 Dify Allows Insecure User Role Access Control for APP Editing

Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users are improperly granted permissions to edit APP names, descriptions and icons. This access control flaw allows non-admin users to modify app details, despite...