CVE-2025-67505 Race condition in the Okta Java SDK

Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another...

GHSA-WRVC-X3WF-J5F5 1Panel contains a cross-site request forgery (CSRF) vulnerability in the web port configuration functionality

1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery CSRF vulnerability in the web port configuration functionality. The port-change endpoint lacks CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that submits a...

appscanstandard-integration:ibm-security-appscanstandard-scanner (>=1.0 <=2.8), au.com.versent.jenkins.plugins:ignore-committer-strategy (>=55.v51410e712e0c <=57.v0756db_b_f6926) +623 more potentially affected by CVE-2025-67635 via org.jenkins-ci.main:cli (>=2.0 <=2.528.2)

org.jenkins-ci.main:cli MAVEN version =2.0, =1.0, =55.v51410e712e0c, =4.1.0.506.v619d63bec9d8, =66.v12c841920f7d, =109.v2c51a117a7b4, =1.155.v3d884c1bdee1, =1.281.v331e3f5a05a9, =4050.v8ba69b587c39, =4050.v8ba69b587c39, =1.0.5, =2.0.0, =2.0, =1.0.2, =1.0.0, =1.0.6 and more Source cves: CVE-20...

CVE-2025-34429 1Panel CSRF Web Port Configuration Change

1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery CSRF vulnerability in the web port configuration functionality. The port-change endpoint lacks CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that submits a...

CVE-2025-34429

1Panel CSRF in web port configuration affects versions 1.10.33–2.0.15. The port-change endpoint lacks anti-CSRF defenses (no anti-CSRF tokens; no Origin/Referer checks). An attacker can lure an authenticated user to submit a crafted request, causing the web service to listen on a new port and pot...

CVE-2025-34410 1Panel CSRF in Change Username Functionality Allows Account Lockout

1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery CSRF vulnerability in the Change Username functionality available from the settings panel /settings/panel. The endpoint does not implement CSRF protections such as anti-CSRF tokens or Origin/Referer validation. An attacker can...

CVE-2025-67507

CVE-2025-67507 affects Filament versions 4.0.0 through 4.3.0. The vulnerability arises in the handling of app-based multi-factor authentication recovery codes, allowing the same recovery code to be reused indefinitely when recovery codes are enabled (email-based MFA is unaffected). Root cause: im...

1Panel 跨站请求伪造漏洞

1Panel is an open source Linux server operation and maintenance management panel from China's 1Panel community. A cross-site request forgery vulnerability exists in 1Panel versions 110.33 through 2.0.15, which stems from a lack of CSRF protection implemented in the panel name management feature,...

PT-2025-50493

Name of the Vulnerable Software and Affected Versions Pega Platform versions 7.1.0 through Infinity 25.1.0 Description Pega Platform is affected by a User Enumeration issue. A remote unauthenticated user could determine the validity of a username by observing differences in response times during...

1Panel 跨站请求伪造漏洞

1Panel is an open source Linux server operation and management panel from China's 1Panel community. A cross-site request forgery vulnerability exists in 1Panel versions 1.10.33 through 2.0.15. The vulnerability stems from the change username feature not implementing CSRF protection, which could...

Apache HTTP Server Security Bypass Vulnerability (CNVD-2025-3083394)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A security bypass vulnerability exists in Apache HTTP Server versions 2.4.0 through 2.4.65 due to incorrect neutralization of...

CVE-2025-67495

ZITADEL is an open-source identity infrastructure tool. Versions 4.0.0-rc.1 through 4.7.0 are vulnerable to DOM-Based XSS through the Zitadel V2 logout endpoint. The /logout endpoint insecurely routes to a value that is supplied in the postlogoutredirect GET parameter. As a result, unauthenticate...

CVE-2025-36437

IBM Planning Analytics Local 2.1.0 - 2.1.15 could disclose sensitive information about server architecture that could aid in further attacks against the system...

CVE-2025-36437 IBM Planning Analytics Local is vulnerable to disclosing sensitive information

IBM Planning Analytics Local 2.1.0 - 2.1.15 could disclose sensitive information about server architecture that could aid in further attacks against the system...

acherion (>=0.2.0 <=0.7.2), aesp (=2025.9.12) +205 more potentially affected by CVE-2025-66645 via nicegui (>=3.0.4 <=3.3.1)

nicegui PYPI version =3.0.4, =0.2.0, =1.0.0, =0.4.0, =0.1.0, =0.2.200, =0.3.0, =0.0.0, =0.4.14, =1.0.0, =0.4.4, =0.4.9 and more Source cves: CVE-2025-66645 Source advisory: SNYK:PYTHON-NICEGUI-14236612...

BIT-APACHE-2025-65082 Apache HTTP Server: CGI environment variable override

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...

EUVD-2025-201832

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.18 could disclose sensitive user credentials in log files...

elysia 安全漏洞

elysia is a framework of elysia open source. A security vulnerability exists in elysia versions 1.4.0 through 1.4.16, which stems from a prototype contamination in the mergeDeep function that could lead to remote code execution...

n8n 安全漏洞

n8n is a scalable workflow automation tool from n8n open source. A security vulnerability exists in n8n versions 0.123.1 through 1.119.1, which stems from a lack of adequate protection for project pre-commit hooks and could lead to remote code execution...

Unity Linux 20.1070e Security Update: aide (UTSA-2025-991098)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991098 advisory. AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability in AIDE. An attacker can crash t...