AZL-68285 CVE-2025-46818 affecting package redis for versions less than 6.2.20-1

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user. The problem exists in all versions o...

SourceCodester Pet Grooming Management Software 跨站脚本漏洞

SourceCodester Pet Grooming Management Software is an open source pet grooming management system from SourceCodester. A cross-site scripting vulnerability exists in SourceCodester Pet Grooming Management Software version 1.0, which stems from unverified input in the customer name field of the...

CVE-2025-59936 get-jwks poisoned JWKS cache allows post-fetch issuer validation bypass

get-jwks contains fetch utils for JWKS keys. In versions prior to 11.0.2, a vulnerability in get-jwks can lead to cache poisoning in the JWKS key-fetching mechanism. When the iss issuer claim is validated only after keys are retrieved from the cache, it is possible for cached keys from an...

CVE-2025-10828

A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown part of the file /admin/edit.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly an...

PT-2025-38706

Name of the Vulnerable Software and Affected Versions code-projects E-Commerce Website version 1.0 Description A flaw exists in code-projects E-Commerce Website 1.0 where manipulation of the user id argument in the file '/pages/admin account delete.php' can lead to SQL injection. This issue is...

CVE-2025-59270

psPAS PowerShell module does not explicitly enforce TLS 1.2 within the 'Get-PASSAMLResponse' function during the SAML authentication process. An unauthenticated attacker in a 'Man-in-the-Middle' position could manipulate the TLS handshake and downgrade TLS to a deprecated protocol. Fixed in 7.0.2...

CVE-2025-10428

A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. Affected is an unknown function of the file /admin/seosetting.php of the component Setting Handler. The manipulation of the argument websiteimage leads to unrestricted upload. The attack can be...

CVE-2025-56562

CVE-2025-56562 affects Signify Wiz Connected v1.9.1. The issue is an incorrect API that enables remote denial of service on Wiz devices with only the MAC address, per multiple sources (NVD, Red Hat, CVE listing). The CVSS 3.1 vector indicates Network attack, low complexity, no privileges, with Av...

CVE-2025-10402 PHPGurukul Beauty Parlour Management System readenq.php sql injection

A flaw has been found in PHPGurukul Beauty Parlour Management System 1.1. The impacted element is an unknown function of the file /admin/readenq.php. Executing manipulation of the argument delid can lead to sql injection. The attack can be executed remotely. The exploit has been published and may...

CVE-2025-10083

A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/profile.php. Executing manipulation can lead to unrestricted upload. The attack may be performed from remote. The exploit has been publicl...

SUSE SLES15 Security Update : kernel RT (Live Patch 6 for SLE 15 SP6) (SUSE-SU-2025:03100-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03100-1 advisory. This update for the Linux Kernel 6.4.0-1506001020 fixes several issues. The following security issues were fixed: - CVE-2025-38087: net/sched:...

Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.

Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.0.0 Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cer...

Avigilon ACM 安全漏洞

Avigilon ACM is a physical access control system from Avigilon USA. A security vulnerability exists in Avigilon ACM version v7.10.0.20, which originates from host header injection and could lead to the execution of arbitrary code...

CVE-2025-6785

Securing externally available CAN wires can easily allow physical access to the CAN bus, allowing possible injection of specially formed CAN messages to control remote start functions of the vehicle. Testing completed on Tesla Model 3 vehicles with software version v11.1 2023.20.9 ee6de92ddac5...

CVE-2025-21040

Improper verification of intent by ExternalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information...

Ruijie RG-ES Series 安全漏洞

Ruijie RG-ES Series is a series of switches from Ruijie China. A security vulnerability exists in Ruijie RG-ES Series ESW1.01B1P39 version, which stems from a complete bypass of the authentication mechanism and could lead to device control...

CVE-2025-33082

IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CampCodes Online Learning Management System 安全漏洞

CampCodes Online Learning Management System is an online learning management system from CampCodes Philippines, Inc. A security vulnerability exists in CampCodes Online Learning Management System version 1.0, which is caused by a SQL injection due to incorrect manipulation of the parameter Userna...

CVE-2025-9702

A vulnerability was identified in SourceCodester Simple Cafe Billing System 1.0. This affects an unknown function of the file /salesreport.php. The manipulation of the argument month leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used...

CVE-2025-54762

SS1 Ver.16.0.0.10 and earlier Media version:16.0.0a and earlier allows a remote unauthenticated attacker to upload arbitrary files and execute OS commands with SYSTEM privileges...