NPM: Next.js has a Denial of Service in the Image Optimization API

NPM: Next.js has a Denial of Service in the Image Optimization API vulnerability discovered by ? in WordPress Npm next versions = 10.0.0, 15.5.16...

NPM: Next.js has a Middleware / Proxy bypass through dynamic route parameter injection

NPM: Next.js has a Middleware / Proxy bypass through dynamic route parameter injection vulnerability discovered by ? in WordPress Npm next versions = 15.4.0, 15.5.16...

CVE-2025-7007

NULL Pointer Dereference vulnerability in Avast Antivirus on MacOS, Avast Anitvirus on Linux when scanning a malformed Windows PE file causes the antivirus process to crash.This issue affects Antivirus: 16.0.0; Anitvirus: 3.0.3...

CVE-2025-7007

NULL Pointer Dereference vulnerability in Avast Antivirus on MacOS, Avast Anitvirus on Linux when scanning a malformed Windows PE file causes the antivirus process to crash.This issue affects Antivirus: 16.0.0; Anitvirus: 3.0.3...

EUVD-2025-200065

NULL Pointer Dereference vulnerability in Avast Antivirus on MacOS, Avast Anitvirus on Linux when scanning a malformed Windows PE file causes the antivirus process to crash.This issue affects Antivirus: 16.0.0; Anitvirus: 3.0.3...

CVE-2025-7007

CVE-2025-7007 describes a NULL pointer dereference in Avast Antivirus running on macOS (version 16.0.0) and Linux (version 3.0.3). The issue occurs when scanning malformed Windows PE files, causing the antivirus process to crash. Multiple connected sources confirm the affected versions and the ro...

Avast Antivirus 安全漏洞

Avast Antivirus is a suite of antivirus software from the Czech company Avast. A security vulnerability exists in Avast Antivirus version 16.0.0 MAC and 3.0.3 Linux, which originates from a null pointer dereference caused by scanning malformed Windows PE files, which may result in a process crash...

CVE-2025-58072

CVE-2025-58072 affects SS1 (DOS Co., Ltd.) SS1 Ver.16.0.0.10 and earlier and SS1 Media 16.0.0a and earlier. The vulnerability is a path traversal flaw caused by an improperly restricted pathname, allowing a remote unauthenticated attacker to view arbitrary files. Multiple connected sources (Red H...

PT-2025-34979

Name of the Vulnerable Software and Affected Versions: SS1 versions 16.0.0.10 and earlier SS1 Media versions 16.0.0.a and earlier Description: The use of a hard-coded password in SS1 allows a remote, unauthenticated attacker to view arbitrary files with root privileges. Recommendations: Versions...

CVE-2025-48953

Umbraco is an ASP.NET content management system CMS. Starting in version 14.0.0 and prior to versions 15.4.2 and 16.0.0, it's possible to upload a file that doesn't adhere with the configured allowable file extensions via a manipulated API request. The issue is patched in versions 15.4.2 and...

UBUNTU-CVE-2023-3424

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.3 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. A Regular Expression Denial of Service was possible via sending crafted payloads to the...

CVE-2023-2825

An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups...

Path traversal

An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups...

CVE-2023-2825

An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups...

CVE-2023-2825

GitLab CE/EE 16.0.0 is affected by CVE-2023-2825 due to a directory/path traversal flaw that lets an unauthenticated attacker read arbitrary server files when an attachment exists in a public project nested within at least five groups. Root cause: insufficient path validation in the attachment ha...

CVE-2021-39181

OpenOlat is a web-based learning management system LMS. Prior to version 15.3.18, 15.5.3, and 16.0.0, using a prepared import XML file e.g. a course any class on the Java classpath can be instantiated, including spring AOP bean factories. This can be used to execute code arbitrary code by the...

F5 BIG-IP LTM/CGNAT Security Vulnerability

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, and other functions from F5 Corporation. A security vulnerability exists in F5 BIG-IP LTM/CGNAT, which can be exploited by an attacker to trigger a denial of...

F5 Networks BIG-IP : iControl REST CSRF vulnerability (K20606443)

The version of F5 Networks BIG-IP installed on the remote host is prior to 12.1.5.2 / 13.1.3.4 / 14.1.2.7 / 15.1.0.5 / 16.0.0. It is, therefore, affected by a vulnerability as referenced in the K20606443 advisory. - In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3,...

PYSEC-2020-56

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times...

OpenStack Keystone has an unspecified vulnerability

OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration NASA in collaboration with Rackspace in the U.S. OpenStack Keystone is a module used in OpenStack to manage the authentication, service rules, and service token functions. A security...