SUSE: Security Advisory (SUSE-SU-2025:02592-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Advisory ROSA-SA-2025-2911

software: postgresql 12.22 WASP: ROSA-CHROME unaffected versions = postgresql-9.5.2 affected versions postgresql-9.5.2 CVE-ID: CVE-2016-2193 BDU-ID: 2016-00974 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the PostgreSQL database management system is related to errors in security settings...

CVE-2025-53113

GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 0.65 through 10.0.18, a technician can use the external links feature to fetch...

CVE-2025-54132 Cursor's Mermaid Diagram Tool is Vulnerable to an Arbitrary Image Fetch

Cursor is a code editor built for programming with AI. In versions below 1.3, Mermaid which is used to render diagrams allows embedding images which then get rendered by Cursor in the chat box. An attacker can use this to exfiltrate sensitive information to a third-party attacker controlled serve...

CVE-2025-54595 Pearcleaner's unauthenticated access to privileged XPC helper allows root command execution

Pearcleaner is a free, source-available and fair-code licensed mac app cleaner. The PearcleanerHelper is a privileged helper tool bundled with the Pearcleaner application. It is registered and activated only after the user approves a system prompt to allow privileged operations. Upon approval, th...

CVE-2025-48074

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, applications trust unvalidated dataWindow size values from file headers, which can lead to excessive memory allocation and performance...

CVE-2025-6060

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in DECE Software Geodi allows Cross-Site Scripting XSS. This issue affects Geodi: before GEODI Setup 9.0.146...

PT-2025-31672 · Materialx · Materialx

Name of the Vulnerable Software and Affected Versions: MaterialX version 1.39.2 Description: MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. Nested imports of MaterialX files can lead to a crash due to stack memory...

CVE-2025-54585 GitProxy is vulnerable to a new branch approval exploit

GitProxy is an application that stands between developers and a Git remote endpoint. In versions 1.19.1 and below, attackers can exploit the way GitProxy handles new branch creation to bypass the approval of prior commits on the parent branch. The vulnerability impacts all users or organizations...

PT-2025-31238 · Tp Link · Tp-Link Tl-Wr841N

Name of the Vulnerable Software and Affected Versions: TP-Link TL-WR841N version V11 Description: A vulnerability exists in the /userRpm/WzdWlanSiteSurveyRpm AP.htm file due to missing input parameter validation, which may lead to a buffer overflow. This can cause a crash of the web service and...

CVE-2025-54529

In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration...

PT-2025-31105 · Unknown · Marbella Kr8S Dashcam

Name of the Vulnerable Software and Affected Versions: Marbella KR8s Dashcam FF version 2.0.8 Description: An issue exists where the existing password is written in cleartext onto a newly inserted SD card. An attacker with temporary physical access to the device can steal the password by swapping...

CVE-2025-54385

XWiki Platform contains a SQL injection vulnerability in the searchDocuments API. Affected versions are 17.0.0-rc1 through 17.2.2 and 16.10.5 and earlier. The issue arises because queries are passed directly to Hibernate without adequate sanitization, allowing injection of malicious SQL (e.g., vi...

CVE-2025-54558

OpenAI Codex CLI before 0.9.0 auto-approves ripgrep aka rg execution even with the --pre or --hostname-bin or --search-zip or -z flag...

Open Source MANO 安全漏洞

Open Source MANO OSM is an open source software for managing and coordinating future networks from Open Source MANO, Inc. A security vulnerability exists in Open Source MANO OSM versions 14.x and 15.x, which originates in the /osm/admin/v1/users component could lead to elevation of privilege...

CVE-2025-22165

This Medium severity ACE Arbitrary Code Execution vulnerability was introduced in version 4.2.8 of Sourcetree for Mac. This ACE Arbitrary Code Execution vulnerability, with a CVSS Score of 5.9, allows a locally authenticated attacker to execute arbitrary code which has high impact to...

CVE-2025-54451

Improper Control of Generation of Code 'Code Injection' vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0...

CVE-2025-54138 LibreNMS has Authenticated Local File Inclusion in ajax_form.php that Allows RCE

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. LibreNMS versions 25.6.0 and below contain an architectural vulnerability in the ajaxform.php endpoint that permits Remote File Inclusion base...

PT-2025-30509 · Tenda · Tenda Ac23

Name of the Vulnerable Software and Affected Versions: Tenda AC23 version 16.03.07.52 Description: A critical vulnerability exists in the Tenda AC23. The vulnerability is located in the httpd component, specifically within the sub 46C940 function of the /goform/setMacFilterCfg file. Manipulation ...

PT-2025-30310 · Drupal · Drupal Block Attributes

Name of the Vulnerable Software and Affected Versions: Drupal Block Attributes versions 0.0.0 through 1.0.9 Drupal Block Attributes versions 2.0.0 through 2.0.0 Description: A flaw exists in Drupal Block Attributes that allows for Cross-Site Scripting XSS. This issue is due to improper...