2839 matches found
CVE-2025-53015
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0, infinite lines occur when writing during a specific XMP file conversion command. Version 7.1.2-0 fixes the issue...
CVE-2025-53641
Postiz is an AI social media scheduling tool. From 1.45.1 to 1.62.3, the Postiz frontend application allows an attacker to inject arbitrary HTTP headers into the middleware pipeline. This flaw enables a server-side request forgery SSRF condition, which can be exploited to initiate unauthorized...
CVE-2025-53628 cpp-httplib does not limit the length of a line
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.20.1, cpp-httplib does not have a limit for a unique line, permitting an attacker to explore this to allocate memory arbitrarily. This vulnerability is fixed in 0.20.1. NOTE: This vulnerability is related...
CVE-2025-27613 Gitk can create and truncate files in the user's home directory
Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must have been enabled...
PT-2025-29092 · Unknown · Allworx System
Name of the Vulnerable Software and Affected Versions: Allworx System Software version 9.1.9.12 Description: A cross-site scripting XSS issue exists in the Admin Login page. Attackers can execute arbitrary web scripts or HTML by injecting a crafted payload into the SessionID parameter at the...
LlamaIndex vulnerable to Path Traversal attack through its encode_image function
A path traversal vulnerability exists in run-llama/llamaindex versions 0.11.23 through 0.12.40, specifically within the encodeimage function in genericutils.py. This vulnerability allows an attacker to manipulate the imagepath input to read arbitrary files on the server, including sensitive syste...
LlamaIndex vulnerability in ArxivReader class can cause MD5 hash collisions
A vulnerability in the ArxivReader class of the run-llama/llamaindex repository allows for MD5 hash collisions when generating filenames for downloaded papers. This can lead to data loss as papers with identical titles but different contents may overwrite each other, preventing some papers from...
CVE-2025-6210 Hardlink-Based Path Traversal in run-llama/llama_index
A vulnerability in the ObsidianReader class of the run-llama/llamaindex repository, specifically in version 0.12.27, allows for hardlink-based path traversal. This flaw permits attackers to bypass path restrictions and access sensitive system files, such as /etc/passwd, by exploiting hardlinks. T...
PT-2025-28271 · Campcodes · Campcodes Advanced Online Voting System
Name of the Vulnerable Software and Affected Versions: Campcodes Advanced Online Voting System version 1.0 Description: A critical issue affects the processing of the file /admin/voters add.php, allowing unrestricted upload through the manipulation of the photo argument. This can be initiated...
CVE-2025-53489
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation Mediawiki - GoogleDocs4MW Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - GoogleDocs4MW Extension: from 1.42.X before 1.42.7, from 1.43.X before...
CVE-2025-52830
CVE-2025-52830 describes an SQL injection vulnerability in the WordPress plugin “bSecure – Your Universal Checkout” (versions affected: ≤ 1.7.9). The root cause is improper neutralization of special elements in SQL commands, enabling blind SQL injection. The CVSS 3.1 base score is 9.3 (CRITICAL):...
CVE-2025-24334
The Nokia Single RAN baseband software earlier than 23R2-SR 1.0 MP can be made to reveal the exact software release version by sending a specific HTTP POST request through the Mobile Network Operator MNO internal RAN management network...
PT-2025-27888 · Unknown · Gopiplus Iframe Images Gallery
Name of the Vulnerable Software and Affected Versions: gopiplus iFrame Images Gallery versions prior to 9.0 Description: The issue is related to the improper neutralization of special elements used in an SQL command, which allows for SQL injection. This is a problem where an attacker can inject...
CVE-2025-52497
Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtlspemreadbuffer and two mbedtlspkparse functions, via untrusted PEM input...
CVE-2025-24334 The Nokia Single RAN baseband reveals its software version through the MNO internal RAN management network
The Nokia Single RAN baseband software earlier than 23R2-SR 1.0 MP can be made to reveal the exact software release version by sending a specific HTTP POST request through the Mobile Network Operator MNO internal RAN management network...
CVE-2025-24334
The Nokia Single RAN baseband software before 23R2-SR 1.0 MP is affected. An attacker can reveal the exact software release version by sending a specific HTTP POST request through the MNO internal RAN management network, leading to information disclosure. Remediation: upgrade to 23R2-SR 1.0 MP or...
CVE-2025-24334 The Nokia Single RAN baseband reveals its software version through the MNO internal RAN management network
The Nokia Single RAN baseband software earlier than 23R2-SR 1.0 MP can be made to reveal the exact software release version by sending a specific HTTP POST request through the Mobile Network Operator MNO internal RAN management network...
CVE-2025-24328
Sending a crafted SOAP "set" operation message within the Mobile Network Operator MNO internal Radio Access Network RAN management network can cause Nokia Single RAN baseband OAM service component restart with software versions earlier than release 24R1-SR 1.0 MP. This issue has been corrected to...
CVE-2025-52997 File Browser Insecurely Handles Passwords
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.34.1, a missing password policy and brute-force protection makes the authentication process insecure. Attackers could mount a...
CVE-2025-53268
Cross-Site Request Forgery CSRF vulnerability in ryanpcmcquen Import external attachments import-external-attachments allows Cross Site Request Forgery.This issue affects Import external attachments: from n/a through = 1.5.12...