GHSA-Q8JQ-4RM5-4HM5 @alizeait/unflatto Prototype Pollution

Impact alizeait unflatto = 1.0.2 was discovered to contain a prototype pollution via the method exports.unflatto at /dist/index.js. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties. Patches The problem has been patch...

Rancher: Restricted Administrator can change Administrator's passwords

Impact A vulnerability has been identified within Rancher where a Restricted Administrator can change the password of Administrators and take over their accounts. A Restricted Administrator should be not allowed to change the password of more privileged users unless it contains the Manage Users...

WordPress SimplyRETS Real Estate IDX plugin <= 3.1.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Psai in WordPress Plugin SimplyRETS Real Estate IDX versions = 3.1.1...

ats.nethire.com Cross Site Scripting vulnerability OBB-4041548

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Important: ghostscript

Issue Overview: The calculation of the buffer size was being done with int values, and overflowing that data type. The bug has existed since the creation of the file contrib/japanese/gdevnpdl.c The calculation of the buffer size was being done with int values, and overflowing that data type. By...

Apple MacOSX Security Update (HT122373)

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2025-14167 · Woocommerce · Gift Cards For Woocommerce

Name of the Vulnerable Software and Affected Versions: ahmadshyk Gift Cards for WooCommerce versions 1.5.8 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows the exploitation of incorrectly configured access control security levels. Recommendation...

PT-2025-14213 · Themeglow · Themeglow Jobboard Job Listing

Name of the Vulnerable Software and Affected Versions: themeglow JobBoard Job listing versions 1.2.7 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploitation of incorrectly configured access control security levels. Recommendations: For...

PT-2025-14060 · Wpquads · Wpquads

Name of the Vulnerable Software and Affected Versions: Ads by WPQuads versions prior to 2.0.87.1 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for unauthorized access. Recommendations: For...

EulerOS 2.0 SP13 : binutils (EulerOS-SA-2025-1329)

According to the versions of the binutils package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : https://www.gnu.org/software/binutils/ nm =2.43 is affected by: Incorrect Access Control. The type of exploitation is: local. The component is: n...

sudo -- privilege escalation vulnerability through host and chroot options

Todd C. Miller reports, crediting Rich Mirch from Stratascale Cyber Research Unit CRU: Sudo 1.9.17p1: Fixed CVE-2025-32462. Sudo's -h --host option could be specified when running a command or editing a file. This could enable a local privilege escalation attack if the sudoers file allows the use...

CVE-2025-24257

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, watchOS 11.4. An app may be able to cause unexpected system termination or write kernel memory...

AWS SAM CLI Path Traversal allows file copy to build container

Summary The AWS Serverless Application Model Command Line Interface AWS SAM CLI is an open-source CLI tool that helps Lambda developers to build and develop Lambda applications locally on their computers using Docker. When running the AWS SAM CLI build process with Docker and symlinks are include...

Directory Traversal

Overview aws-sam-cli is an AWS SAM CLI is a CLI tool for local development and testing of Serverless applications Affected versions of this package are vulnerable to Directory Traversal due to the handling of symlinks during the build process. An attacker can access and copy restricted files to a...

CVE-2024-40864

CVE-2024-40864 affects macOS Ventura 13.7.5 and macOS Sonoma 14.7.5. The issue stems from improved handling of protocols, enabling an attacker in a privileged network position to track a user’s activity. Apple’s security content lists this under AppleAccount with the described impact; fixed updat...

CVE-2025-30456

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to gain root privileges...

CVE-2025-30457

This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app may be able to create symlinks to protected regions of the disk...

UBUNTU-CVE-2025-3016

A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function Assimp::MDLImporter::ParseTextureColorData of the file code/AssetLib/MDL/MDLMaterialLoader.cpp of the component MDL File Handler. The manipulation of the argument...

CVE-2025-31124

Zitadel is open-source identity infrastructure software. ZITADEL administrators can enable a setting called "Ignoring unknown usernames" which helps mitigate attacks that try to guess/enumerate usernames. If enabled, ZITADEL will show the password prompt even if the user doesn't exist and report...

CVE-2025-31124 Zitadel allows User Enumeration by loginname attribute normalization

Zitadel is open-source identity infrastructure software. ZITADEL administrators can enable a setting called "Ignoring unknown usernames" which helps mitigate attacks that try to guess/enumerate usernames. If enabled, ZITADEL will show the password prompt even if the user doesn't exist and report...