PT-2025-25297 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns an information disclosure in the Apache HTTP Server. No specific details about the estimated number of potentially affected devices worldwide or real-world...

GHSA-PWJ7-5C7C-MWJC Drupal Admin Audit Trail Allocation of Resources Without Limits or Throttling vulnerability

Allocation of Resources Without Limits or Throttling vulnerability in Drupal Admin Audit Trail allows Excessive Allocation. This issue affects Admin Audit Trail: from 0.0.0 before 1.0.5...

Drupal Quick Node Block Missing Authorization vulnerability

Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing. This issue affects Quick Node Block: from 0.0.0 before 2.0.0...

GHSA-C424-HGG9-9C4W Drupal Quick Node Block Missing Authorization vulnerability

Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing. This issue affects Quick Node Block: from 0.0.0 before 2.0.0...

BIT-MARIADB-MIN-2023-52970

MariaDB Server 10.4 through 10.5., 10.6 through 10.6., 10.7 through 10.11., 11.0 through 11.0., and 11.1 through 11.4. crashes in Itemdirectviewref::derivedfieldtransformerforwhere...

BIT-MARIADB-MIN-2022-32089

MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component stselectlexunit::excludelevel...

BIT-MARIADB-MIN-2022-27386

MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sqlclass.cc...

CGA-J3H6-M585-9G87

Bulletin has no description...

BELL-CVE-2024-47081

Bulletin has no description...

BIT-JOOMLA-2024-40748 [20250102] - Core - XSS vector in the id attribute of menu lists

Lack of output escaping in the id attribute of menu lists...

WordPress 6Storage Rentals plugin <= 2.20.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by ghsinfosec in WordPress Plugin 6Storage Rentals versions = 2.20.1...

GO-2025-3731 Mattermost fails to properly invalidate personal access tokens upon user deactivation in github.com/mattermost/mattermost-server

Mattermost fails to properly invalidate personal access tokens upon user deactivation in github.com/mattermost/mattermost-server...

Code Bug at Compliance Firm Vanta Leaks Customer Data to Other Clients

Compliance automation provider Vanta confirms a software bug exposed private customer data to other users, impacting hundreds of…...

NetScaler-13.1-Mastool version in Secondary node is showed as 0.0-0.0

Mastool version in Secondary node is showed as 0.0-0.0. The command to check mastool version in NetScaler is as below. shellcat /var/mastools/version.txt 0.0-0.0...

NetScaler-13.1-Error "Not logged in" is displayed in console or SSH session to NetScaler

You may see error "Not logged in" displayed in the console session to NetScaler and you are not able to run any commands in this console session. Similar issue may also happen with SSH session to NetScaler...

CVE-2025-48387 tar-fs has issue where extract can write outside the specified dir with a specific tarball

tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir with a specific tarball. This has been patched in versions 3.0.9, 2.1.3, and 1.16.5. As a workaround, use the ignore option to ignore n...

Roundcube Webmail Vulnerable to Authenticated RCE via PHP Object Deserialization

Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization...

PUB-A-353958315

In nvtflashread of nt36xxx.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48479 FreeScout Has Business Logic Errors

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the laravel-translation-manager package does not correctly validate user input, enabling the deletion of any directory, given sufficient access rights. This issue has been patched in version 1.8.180...

CVE-2025-48475 FreeScout Vulnerable to Insufficient Authorization

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the System does not provide a check on which "clients" of the System an authorized user can view and edit, and which ones they cannot. As a result, an authorized user who does not have access to any of the...