CVE-2026-33215 NATS is vulnerable to MQTT hijacking via Client ID

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client interface. Prior to versions 2.11.15 and 2.12.5, Sessions and Messages can by hijacked via MQTT Client ID malfeasance. Versions 2.11.15 and 2.12.5 patch the issu...

CVE-2025-66415

fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Prior to 12.5.0, by crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from. This vulnerability is...

CVE-2025-66415

CVE-2025-66415 affects the Fastify plugin @fastify/reply-from . Affected versions allow bypassing route restrictions by crafting a malicious URL, enabling access to routes that should be disallowed when using reply.from. The vulnerability is described across multiple sources as a bypass of reply ...

Linux Distros Unpatched Vulnerability : CVE-2019-19257

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab Community Edition CE and Enterprise Edition EE through 12.5 has Incorrect Access Control issue 1 of 2. CVE-2019-19257 Note that Nessus relies on the...

Security update for open-vm-tools

This update for open-vm-tools fixes the following issues: Updated to 12.5.2: CVE-2025-22247: Fixed Insecure file handling bsc1243106 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run th...

CVE-2025-48054 Radashi Vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Radashi is a TypeScript utility toolkit. Prior to version 12.5.1, the set function within the Radashi library is vulnerable to prototype pollution. If an attacker can control parts of the path argument to the set function, they could potentially modify the prototype of all objects in the JavaScri...

CVE-2022-32894

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively...

Apple macOS Monterey Security Vulnerability

Apple macOS is a proprietary operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in Apple macOS Monterey version 12.5, which stems from the handling of maliciously crafted tiff files that could lead to arbitrary code execution...

CVE-2022-32948

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges...

Opencast 输入验证错误漏洞

Opencast is a live video support software for large-scale automated video capture, management and distribution from the Opencast organization. An input validation error vulnerability exists in versions of Opencast prior to 12.5. An attacker could exploit this vulnerability to redirect users to a...

PT-2022-26189 · Opencast · Opencast

Name of the Vulnerable Software and Affected Versions: Opencast versions prior to 12.5 Description: The vulnerability in Opencast's Paella authentication page allows attackers to redirect authenticated users to arbitrary URLs, potentially facilitating phishing attacks or other security issues. Th...

PT-2022-21524 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 12.5 Description: An out-of-bounds read issue was addressed with improved input validation. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory...

PT-2022-26593 · Apple · Macos Monterey +3

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 15.6 iPadOS versions prior to 15.6 macOS Monterey versions prior to 12.5 Description: An integer overflow issue was addressed through improved input validation, potentially allowing an app to execute arbitrary code with...

Zoho Corporation ManageEngine OPManager 跨站脚本漏洞

Zoho Corporation ManageEngine OpManager is a comprehensive network monitoring software from Zoho Corporation, USA. It is used to manage routers, firewalls, servers, switches and printers. A cross-site scripting vulnerability exists in ManageEngine OPManager =12.5.174, which stems from an API key...

SUSE-SU-2020:3463-1 Security update for postgresql12

This update for postgresql12 fixes the following issues: - Upgrade to version 12.5: CVE-2020-25695, bsc1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. CVE-2020-25694, bsc1178667: a Fix usage of complex...

UBUNTU-CVE-2019-19257

GitLab Community Edition CE and Enterprise Edition EE through 12.5 has Incorrect Access Control issue 1 of 2...

CVE-2018-3046

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications subcomponent: Core module. Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0, 14.0.0 and 14.1.0. Difficult to exploit vulnerability allows low privileged attacker with network...

DEBIAN-CVE-2016-7587

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of...