CVE-2023-48795 affecting package terraform for versions less than 1.3.2-25

CVE-2023-48795 affecting package terraform for versions less than 1.3.2-25. A patched version of the package is available...

CVE-2025-31492 mod_auth_openidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data

modauthopenidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Prior to 2.4.16.11, a bug in a modauthopenidc results in disclosure of protected content to unauthenticated users. The...

CVE-2025-30204 affecting package telegraf for versions less than 1.29.4-13

CVE-2025-30204 affecting package telegraf for versions less than 1.29.4-13. A patched version of the package is available...

CVE-2024-26687 affecting package kernel for versions less than 5.15.176.3-3

CVE-2024-26687 affecting package kernel for versions less than 5.15.176.3-3. A patched version of the package is available...

CVE-2025-29789

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.3.0 are vulnerable to Directory Traversal in the Load Code feature. Version 7.3.0 contains a patch for the issue...

CVE-2025-30217

Frappe is a full-stack web application framework. Prior to versions 14.93.2 and 15.55.0, a SQL Injection vulnerability has been identified in Frappe Framework which could allow a malicious actor to access sensitive information. Versions 14.93.2 and 15.55.0 contain a patch for the issue. No known...

CVE-2025-30351 Suspended Directus user can continue to use session token to access API

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 10.10.0 and prior to version 11.5.0, a suspended user can use the token generated in session auth mode to access the API despite their status. This happens because there is a check missing in...

CVE-2025-30217 Frappe has possibility of SQL injection due to improper validations

Frappe is a full-stack web application framework. Prior to versions 14.93.2 and 15.55.0, a SQL Injection vulnerability has been identified in Frappe Framework which could allow a malicious actor to access sensitive information. Versions 14.93.2 and 15.55.0 contain a patch for the issue. No known...

CVE-2025-24972

Discourse is an open-source discussion platform. Prior to versions 3.3.4 on the stable branch and 3.4.0.beta5 on the beta branch, in specific circumstances, users could be added to group direct messages despite disabling direct messaging in their preferences. Versions 3.3.4 and 3.4.0.beta5 contai...

DEBIAN-CVE-2025-23203

Icinga Director is an Icinga config deployment tool. A Security vulnerability has been found starting in version 1.0.0 and prior to 1.10.4 and 1.11.4 on several director endpoints of REST API. To reproduce this vulnerability an authenticated user with permission to access the Director is required...

CVE-2025-29789

CVE-2025-29789 – OpenEMR is affected by a Directory Traversal in the Load Code feature prior to version 7.3.0. The issue enables traversal of directories and is mitigated by the 7.3.0 patch referenced in multiple sources. The vulnerability affects OpenEMR’s load code functionality and has been ad...

CVE-2024-28863 affecting package reaper for versions less than 3.1.1-17

CVE-2024-28863 affecting package reaper for versions less than 3.1.1-17. A patched version of the package is available...

CVE-2025-29778

Kyverno (policy engine for cloud-native platforms) contains a vulnerability prior to version 1.14.0-alpha.1 where artifact verification in keyless mode ignores subjectRegExp and IssuerRegExp, allowing deployment of Kubernetes resources signed with an unexpected certificate and potentially full cl...

CVE-2025-23204 GraphQl securityAfterResolver not called

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Starting in version 3.3.8, a security check that gets called after GraphQl resolvers is always replaced by another one as there's no break in a clause. As this falls back to security, the impact is there only when...

GHSA-V63M-X9R9-8GQP AWS CDK CLI prints AWS credentials retrieved by custom credential plugins

Summary The AWS Cloud Development Kit AWS CDK 1 is an open-source software development framework for defining cloud infrastructure in code and provisioning it through AWS CloudFormation. The AWS CDK CLI 2 is a command line tool for interacting with CDK applications. Customers can use the CDK CLI ...

CVE-2025-1802 HT Mega – Absolute Addons For Elementor <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘markertitle’, 'notificationcontent', and 'sttbuttontext' parameters in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping. This...

CVE-2025-27794

Flarum is open-source forum software. A session hijacking vulnerability exists in versions prior to 1.8.10 when an attacker-controlled authoritative subdomain under a parent domain e.g., subdomain.host.com sets cookies scoped to the parent domain .host.com. This allows session token replacement f...

CVE-2025-29782

WeGIA is Web manager for charitable institutions A Stored Cross-Site Scripting XSS vulnerability was identified in the adicionartipodocsatendido.php endpoint in versions of the WeGIA application prior to 3.2.17. This vulnerability allows attackers to inject malicious scripts into the tipo...

CVE-2025-29771

HtmlSanitizer is a client-side HTML Sanitizer. Versions prior to 2.0.3 have a cross-site scripting vulnerability when the sanitizer is used with a contentEditable element to set the elements innerHTML to a sanitized string produced by the package. If the code is particularly crafted to abuse the...

CVE-2025-0633 affecting package iniparser for versions less than 4.1-8

CVE-2025-0633 affecting package iniparser for versions less than 4.1-8. A patched version of the package is available...