CVE-2025-27791 Collabora Online Vulnerable to Arbitrary File Write

Collabora Online is a collaborative online office suite based on LibreOffice technology. In versions prior to 24.04.12.4, 23.05.19, and 22.05.25, there is a path traversal flaw in handling the CheckFileInfo BaseFileName field returned from WOPI servers. This allows for a file to be written anywhe...

CVE-2025-32776 OpenRazer Vulnerable to Out of Bounds Read

OpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. By writing specially crafted data to the matrixcustomframe file, an attacker can cause the custom kernel driver to read more bytes than provided by user space. This data will...

Security Bulletin: IBM App Connect Enterprise Certified Container DesigneAuthoring operands are vulnerable to cross-site scripting [CVE-2024-11831]

Summary Node.js module serialize-javascript is used by IBM App Connect Enterprise Certified Container DesignerAuthoring operands. IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to cross-site scripting. This bulletin provides patch information to address t...

Security Bulletin: IBM InfoSphere DataStage Flow Designer is affected by a path traversal vulnerability (CVE-2024-52363)

Summary A path traversal vulnerability in IBM InfoSphere DataStage Flow Designer was addressed. Vulnerability Details CVEID:CVE-2024-52363 DESCRIPTION: IBM InfoSphere Information Server could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted...

PT-2025-16331 · Reichertbrothers · Reichertbrothers Simplyrets Real Estate Idx

Name of the Vulnerable Software and Affected Versions: ReichertBrothers SimplyRETS Real Estate IDX versions n/a through 3.0.3 Description: The issue affects ReichertBrothers SimplyRETS Real Estate IDX, allowing Reflected XSS due to improper neutralization of input during web page generation. This...

PT-2025-16562 · Totolink · Totolink A3700R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3700R version 9.1.2u.5822 B20200513 Description: A critical issue affects the setL2tpServerCfg function of the file /cgi-bin/cstecgi.cgi, leading to improper access controls. The attack can be launched remotely. The exploit has been...

PT-2025-16436 · Oracle · Oracle Database Server

Name of the Vulnerable Software and Affected Versions: Oracle Database Server versions 19.3 through 19.26 Description: The issue affects the Fleet Patching and Provisioning component of Oracle Database Server, allowing an unauthenticated attacker with network access via HTTP to compromise it...

PT-2025-16321 · Unknown · Vw Themes Industrial Lite

Name of the Vulnerable Software and Affected Versions: VW Themes Industrial Lite versions 1.0.0 through 1.0.8 Description: The issue is related to a Missing Authorization vulnerability, which allows the exploitation of incorrectly configured access control security levels. Recommendations: For...

KLA82698 Multiple vulnerabilities in Oracle Java

Multiple vulnerabilities were found in Oracle Java. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. Information disclosure vulnerability in JSSE can be exploited to...

PT-2025-16425

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 21.0.6 through 24 Oracle GraalVM for JDK versions 21.0.6 through 24 Description The issue allows an unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, resulting in...

Incomplete Patch Leaves NVIDIA and Docker Users at Risk

NVIDIA's incomplete security patch, combined with a Docker vulnerability, creates a serious threat for organizations using containerized environments. This article explains the risks and mitigation strategies...

CVE-2024-49707

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS Cross-site Scripting attacks. An attacker might trick a user into filling a form designed for resetting user's password with a malicious script, what causes the script to run in user's context. This...

CVE-2024-10088

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS Cross-site Scripting attacks. An attacker might trick a user into filling a login form with a malicious script, what causes the script to run in user's context. This vulnerability has been patched in...

CVE-2024-10087

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS Cross-site Scripting attacks. An attacker might craft a link containing a malicious script, which then gets directly embedded in references to other resources, what causes the script to run in user's context...

CVE-2024-49707 XSS in iKSORIS

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS Cross-site Scripting attacks. An attacker might trick a user into filling a form designed for resetting user's password with a malicious script, what causes the script to run in user's context. This...

CVE-2024-13597 XSS in iKSORIS

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS Cross-site Scripting attacks. An attacker might trick a user into filling a form sent to login panel at /softcom/ with a malicious script, what causes the script to run in user's context. This vulnerability ha...

CVE-2024-13597 XSS in iKSORIS

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS Cross-site Scripting attacks. An attacker might trick a user into filling a form sent to login panel at /softcom/ with a malicious script, what causes the script to run in user's context. This vulnerability ha...

CVE-2024-10090

CVE-2024-10090 affects Internet Starter, a module of SoftCOM iKSORIS. The flaw is a Reflected XSS in the user-creation form, allowing injected scripts to run in the victim’s browser context. The entry provides a standard CVSSv3.1 base score of 6.1 (MEDIUM) with network attack vector, no privilege...

CVE-2024-10089

Technical details about CVE-2024-10089 are not publicly available in the provided documents. No specifics on affected components, root cause, exploit info, or fixes beyond the brief description are provided.

CLSA-2025-1744628190 Fix CVE(s): CVE-2019-14846

SECURITY UPDATE: security vulnerability in logging credentials at DEBUG level - debian/patches/CVE-2019-14846.patch: Fix plugins leaking boto credentials to logs by switching logging level to INFO - CVE-2019-14846...