PT-2025-54434

Missing Authorization vulnerability in merkulove Criptopayer for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Criptopayer for Elementor: from n/a through 1.0.1...

PT-2025-54371

Name of the Vulnerable Software and Affected Versions Aum Watcharapon Featured Image Generator versions through 1.3.3 Description An authorization issue exists in Aum Watcharapon Featured Image Generator due to incorrectly configured access control security levels. This allows for an authorizatio...

CVE-2025-69256

CVE-2025-69256 : The Serverless Framework MCP Server vulnerability enables command injection via unsanitized user input in the list-projects tool. The issue arises when building shell commands with workspaceRoots (user-controlled) and calling child_process.exec without proper sanitization, allowi...

Temporal 安全漏洞

Temporal is a persistent execution platform open-sourced by temporal.io. A security vulnerability exists in Temporal versions 1.24.0 through 1.29.1, which stems from improper namespace validation and could lead to bypassing restrictions or policies...

CVE-2025-36230

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

CVE-2025-64645

IBM Concert 1.0.0 through 2.1.0 could allow a local user to escalate their privileges due to a race condition of a symbolic link...

EUVD-2025-205439

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

EUVD-2025-205440

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 could allow authenticated users to enumerate sensitive information of data due by enumerating package identifiers...

CVE-2025-1721

IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory...

EUVD-2025-205434

IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory...

CVE-2025-1721

CVE-2025-1721 — IBM Concert heap memory clearing vulnerability Summary: IBM Concert 1.0.0–2.1.0 may allow a remote attacker to read sensitive information from allocated memory due to improper clearing of heap memory. Affected products/versions: IBM Concert Software 1.0.0 through 2.1.0. Root cause...

IBM Concert 缓冲区错误漏洞

IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. A buffer error vulnerability exists in IBM Concert versions 1.0.0 through 2.1.0 that stems from improper boundary checking and could lead to the...

IBM Concert 安全漏洞

IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform, announced by IBM in May 2024 at the IBMThink conference in Boston, USA. IBM Concert suffers from an improper heap memory cleanup vulnerability that can be...

CVE-2025-32096

The CVE-2025-32096 entry affects Pexip Infinity software versions 33.0 through 37.0 (before 37.1). The vulnerability stems from improper input validation in signaling, which can cause an attacker to trigger a software abort and result in a denial of service. Remediation is to upgrade to Pexip Inf...

Pexip Infinity 安全漏洞

Pexip Infinity Pexip Video Conferencing Cloud Collaboration Platform is a video conferencing cloud collaboration platform from the Norwegian company Pexip. The product provides high quality and secure cloud conferencing capabilities. A security vulnerability exists in Pexip Infinity versions 32.0...

CVE-2025-36154

CVE-2025-36154 affects IBM Concert Software versions 1.0.0 through 2.1.0. Multiple connected sources confirm a cleartext information disclosure during recursive docker builds, enabling a local user to obtain sensitive data. The vulnerability stems from plaintext storage within docker build contex...

CVE-2025-36154 IBM Concert Software Cleartext Storage in a File or on Disk.

IBM Concert 1.0.0 through 2.1.0 stores sensitive information in cleartext during recursive docker builds which could be obtained by a local user...

EUVD-2025-205274

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in brownbagmarketing Greenhouse Job Board greenhouse-job-board allows DOM-Based XSS.This issue affects Greenhouse Job Board: from n/a through = 2.7.3...

CVE-2025-66445 Authorization bypass vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer

Authorization bypass vulnerability in Hitachi Infrastructure Analytics Advisor Data Center Analytics component and Hitachi Ops Center Analyzer Hitachi Ops Center Analyzer detail view component.This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-0...

OpenXRechnungToolbox 代码问题漏洞

OpenXRechnungToolbox is a graphical user interface for visualizing and validating electronic invoices by Dr. Jan C. Thiele Personal Developer. A code issue vulnerability exists in OpenXRechnungToolbox version 2024-10-05-3.0.0 up to and including 6c50e89, which stems from the disallow-doctype-decl...