CVE-2025-49147 Umbraco.Cms Vulnerable to Disclosure of Configured Password Requirements

Umbraco, a free and open source .NET content management system, has a vulnerability in versions 10.0.0 through 10.8.10 and 13.0.0 through 13.9.1. Via a request to an anonymously authenticated endpoint it's possible to retrieve information about the configured password requirements. The informatio...

SUSE-RU-2025:02093-1 Recommended update for podman

This update for podman fixes the following issues: - Added patch to remove using rw as a default mount option bsc1239776...

CVE-2025-52566 llama.cpp tokenizer signed vs. unsigned heap overflow

llama.cpp is an inference of several LLM models in C/C++. Prior to version b5721, there is a signed vs. unsigned integer overflow in llama.cpp's tokenizer implementation llamavocab::tokenize src/llama-vocab.cpp:3036 resulting in unintended behavior in tokens copying size comparison. Allowing...

PT-2025-26756 · Realtek · Realtek Rtl8762E Ble Sdk

Name of the Vulnerable Software and Affected Versions: Realtek RTL8762E SDK version 1.4.0 Description: The issue allows attackers to cause a Denial of Service DoS via sending a crafted message before a pairing public key is received during a Bluetooth connection attempt. Recommendations: For...

GHSA-HWPG-X5HW-VPV9 ChangeDetection.io XSS in watch overview

Impact XSS - Errors in filters from website page change detection watches were not being filtered. Patches 0.50.4...

ChangeDetection.io XSS in watch overview

Impact XSS - Errors in filters from website page change detection watches were not being filtered. Patches 0.50.4...

SUSE-SU-2025:02073-1 Security update for the Linux Kernel RT (Live Patch 7 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506001023 fixes one issue. The following security issue was fixed: - CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inetcreate bsc1235231...

CVE-2025-52561

The CVE-2025-52561 issue affects HTMLSanitizer.jl (a whitelist-based HTML sanitizer). Before version 0.2.1, adding the style element to the whitelist caused content inside the tag to be unescaped and closing tags injected as content to be interpreted as real HTML, enabling tag injection and JavaS...

CVE-2025-49126

Visionatrix is affected by a Reflected XSS in versions 1.5.0–2.5.0 (fixed in 2.5.1) via the "/docs/flows" endpoint. The root cause is the use of FastAPI’s get_swagger_ui_html without encoding or sanitizing user-controlled arguments, which is used to render the swagger docs. The vulnerability enab...

WordPress Infility Global plugin <= 2.14.51 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 0xVenus in WordPress Plugin Infility Global versions = 2.14.51...

CVE-2025-52464

Meshtastic is an open source mesh networking solution. In versions from 2.5.0 to before 2.6.11, the flashing procedure of several hardware vendors was resulting in duplicated public/private keys. Additionally, the Meshtastic was failing to properly initialize the internal randomness pool on some...

WordPress Puca Theme <= 2.6.33 is vulnerable to Local File Inclusion

Software Puca Type Theme Vulnerable versions = 2.6.33 Fixed in 2.6.34 OWASP Top 10 A4: Insecure Design Classification Local File Inclusion CVE CVE-2025-30992 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 5c9cf9e5fa07 Credits Phat RiO - BlueRock Required privilege...

PT-2025-26633 · Unknown · Phpgurukul Pre-School Enrollment System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Pre-School Enrollment System Project version V1.0 Description: The issue concerns a Directory Traversal vulnerability in the update-teacher-pic.php file. This allows for potential unauthorized access to sensitive files and...

PT-2025-26535 · Unknown · Simple Online Hotel Reservation System

Name of the Vulnerable Software and Affected Versions: code-projects Simple Online Hotel Reservation System version 1.0 Description: A critical issue was found in the Simple Online Hotel Reservation System, affecting an unknown functionality of the file /admin/checkout query.php. The manipulation...

CVE-2025-52488 DNN.PLATFORM leaks NTLM hash via SMB Share Interaction with malicious user input

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted series of malicious interaction to potentially expose NTLM hashes to a third party SMB server. This issue has been...

CVE-2025-52487 DNN.PLATFORM possibly allows bypass of IP Filters

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In versions 7.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request or proxy to be created that could bypass the design of DNN Login IP Filters allowing login attempts from IP...

CVE-2025-52557

Summary: CVE-2025-52557 affects Mail-0’s Zero Email Solution, specifically version 0.8, due to improper sanitization in email handling which enables an attacker to craft an email that executes JavaScript and can cause session hijacking. Root cause: stored XSS stemming from insufficient sanitizati...

CVE-2025-6375

A vulnerability was found in poco up to 1.14.1. It has been rated as problematic. Affected by this issue is the function MultipartInputStream of the file Net/src/MultipartReader.cpp. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has bee...

CVE-2025-48059

PowSyBl Power System Blocks is a framework to build power system oriented software. In com.powsybl:powsybl-iidm-criteria versions 6.3.0 to before 6.7.2 and com.powsybl:powsybl-contingency-api versions 5.0.0 to before 6.3.0, there is a a potential polynomial Regular Expression Denial of Service...

CVE-2025-48058 PowSyBl Core contains Polynomial REDoS’es

PowSyBl Power System Blocks is a framework to build power system oriented software. Prior to version 6.7.2, there is a potential polynomial Regular Expression Denial of Service ReDoS vulnerability in the PowSyBl's DataSource mechanism. If successfully exploited, a malicious actor can cause...