📄 iDempiere WebUI 12.0.0.202508171158 Session Fixation

iDempiere WebUI version 12.0.0.202508171158 suffers from a session fixation vulnerability. The application does not issue a new session identifier JSESSIONID after successful authentication. An attacker who can set or predict a victim’s session ID prior to login may hijack the victim’s...

KLA86791 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, cause denial of service, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Uninitialized memory vulnerability in t...

KLA86790 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, cause denial of service, spoof user interface. Below is a complete list of vulnerabilities: 1. Memory corruption vulnerability in...

CVE-2025-55299

VaulTLS is a modern solution for managing mTLS mutual TLS certificates. Prior to 0.9.1, user accounts created through the User web UI have an empty but not NULL password set, attackers can use this to login with an empty password. This is combined with that fact, that previously disabling the...

CVE-2025-55299 VaulTLS has a password-based login exploit in additional user accounts

VaulTLS is a modern solution for managing mTLS mutual TLS certificates. Prior to 0.9.1, user accounts created through the User web UI have an empty but not NULL password set, attackers can use this to login with an empty password. This is combined with that fact, that previously disabling the...

CVE-2025-55299 VaulTLS has a password-based login exploit in additional user accounts

VaulTLS is a modern solution for managing mTLS mutual TLS certificates. Prior to 0.9.1, user accounts created through the User web UI have an empty but not NULL password set, attackers can use this to login with an empty password. This is combined with that fact, that previously disabling the...

CVE-2025-55288

CVE-2025-55288 affects Genealogy (a PHP-based family tree application). The vulnerability is an authenticated reflected XSS in versions prior to 4.4.0, enabling an attacker with valid credentials to execute arbitrary JavaScript in another user’s session, potentially causing session hijacking, dat...

CVE-2025-55287 Genealogy has a stored XSS vulnerability

Genealogy is a family tree PHP application. Prior to 4.4.0, Authenticated Stored Cross-Site Scripting XSS vulnerability was identified in the Genealogy application. Authenticated attackers could run arbitrary JavaScript in another user’s session, leading to session hijacking, data theft, and UI...

CVE-2025-55287 Genealogy has a stored XSS vulnerability

Genealogy is a family tree PHP application. Prior to 4.4.0, Authenticated Stored Cross-Site Scripting XSS vulnerability was identified in the Genealogy application. Authenticated attackers could run arbitrary JavaScript in another user’s session, leading to session hijacking, data theft, and UI...

CVE-2025-9108

Affected is an unknown function of the component Login Page. The manipulation leads to improper restriction of rendered ui layers. It is possible to launch the attack remotely...

CVE-2025-9108 Portabilis i-Diario Login Page ui layer

Affected is an unknown function of the component Login Page. The manipulation leads to improper restriction of rendered ui layers. It is possible to launch the attack remotely...

CVE-2025-9108 Portabilis i-Diario Login Page ui layer

Affected is an unknown function of the component Login Page. The manipulation leads to improper restriction of rendered ui layers. It is possible to launch the attack remotely...

PT-2025-33675 · Genealogy · Genealogy

Name of the Vulnerable Software and Affected Versions: Genealogy versions prior to 4.4.0 Description: Genealogy is a family tree PHP application susceptible to an authenticated reflected cross-site scripting XSS issue. An attacker with valid credentials can execute arbitrary JavaScript code withi...

PT-2025-33679 · Vaultls · Vaultls

Name of the Vulnerable Software and Affected Versions: VaulTLS versions prior to 0.9.1 Description: VaulTLS is a solution for managing mTLS mutual TLS certificates. User accounts created through the User web UI have an empty password set, allowing attackers to log in with a blank password...

PT-2025-33637 · Portabilis · I-Diario

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: The component Login Page contains an issue with improper restriction of rendered UI layers due to manipulation of an unknown function. This issue can be...

PT-2025-33674 · Genealogy · Genealogy

Name of the Vulnerable Software and Affected Versions: Genealogy versions prior to 4.4.0 Description: Genealogy is a family tree PHP application susceptible to an authenticated stored cross-site scripting XSS issue. Attackers with valid credentials can execute arbitrary JavaScript code within...

Linux Distros Unpatched Vulnerability : CVE-2018-6070

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension...

Linux Distros Unpatched Vulnerability : CVE-2020-11054

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In qutebrowser versions less than 1.11.1, reloading a page with certificate errors shows a green URL. After a certificate error was overridden by the user,...

Linux Distros Unpatched Vulnerability : CVE-2020-13311

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Wiki was vulnerable to a parser attack that prohibits anyone from accessing...

Linux Distros Unpatched Vulnerability : CVE-2024-3958

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. An issue was found that allow...