Amazon Linux 2023 : python3.12, python3.12-devel, python3.12-idle (ALAS2023-2025-1294)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1294 advisory. If the value passed to os.path.expandvars is user-controlled aperformance degradation is possible when expanding environmentvariables. CVE-2025-6075 Tenable has extracted the preceding description bloc...

Updated apache packages fix security vulnerabilities

Apache HTTP Server: modmd ACME, unintended retry intervals. CVE-2025-55753 Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives. CVE-2025-58098 Apache HTTP Server: CGI environment...

IBM Controller 安全漏洞

IBM Controller is a Web-based financial consolidation tool from International Business Machines IBM. A security vulnerability exists in IBM Controller versions 11.1.0 through 11.1.1 that originates from storing unencrypted sensitive information in environment variable files, which could lead to...

Apache HTTP Server: CGI environment variable override

...

CVE-2025-13894

The CSV Sumotto plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2025-13894

CVE-2025-13894 refers to a Reflected Cross-Site Scripting vulnerability in the WordPress CSV Sumotto plugin (versions ≤ 1.0). The root cause is insufficient input sanitization and output escaping for the PHP_SELF server variable, allowing unauthenticated attackers to inject scripts into pages tha...

CVE-2025-13894 CSV Sumotto <= 1.0 - Reflected Cross-Site Scripting

The CSV Sumotto plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

SUSE CVE-2025-65082

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...

CVE-2025-14051

A flaw has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function getById/updateAddress/deleteAddress of the file /mall-ums/app-api/v1/addresses/. Executing manipulation can lead to improper control of dynamically-identified variables. The attack can be executed remotely. The...

CVE-2025-14085

A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. This impacts an unknown function of the file /app-api/v1/orders/. The manipulation of the argument orderId leads to improper control of dynamically-identified variables. Remote exploitation of the attack is possible. The exploi...

CVE-2025-65082

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...

CVE-2025-65082

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...

CVE-2025-65082 Apache HTTP Server: CGI environment variable override

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...

CVE-2025-13515 Nouri.sh Newsletter <= 1.0.1.3 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']

The Nouri.sh Newsletter plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 1.0.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2025-13512 CoSign Single Signon <= 0.3.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']

The CoSign Single Signon plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 0.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

Apache HTTP Server 安全漏洞

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A security bypass vulnerability exists in Apache HTTP Server versions 2.4.0 through 2.4.65 due to incorrect neutralization of...

PT-2025-49243

Name of the Vulnerable Software and Affected Versions youlaitech youlai-mall versions 1.0.0 through 2.0.0 Description A flaw exists in youlaitech youlai-mall that involves improper control of dynamically-identified variables. The issue is located within an unknown function of the...

CVE-2025-14051

CVE-2025-14051 affects youlaitech youlai-mall versions 1.0.0 through 2.0.0. The vulnerability resides in the functions getById(), updateAddress(), and deleteAddress() in the file /mall-ums/app-api/v1/addresses/. Exploitation can be performed remotely, and public exploits have been published. Reme...

USN-7909-2 linux-intel-iot-realtime, linux-realtime vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S39...

Linux Distros Unpatched Vulnerability : CVE-2025-65082

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration...