EUVD-2025-199016

A Directory Traversal vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to write arbitrary files under certain conditions...

CVE-2025-54338

An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to disclose user hashes...

DEBIAN-CVE-2025-64506

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's pngwriteimage8bit function when processing 8-bit images through t...

UBUNTU-CVE-2025-65018

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function pngimagefinishread when processing...

PT-2025-47977

Sentry-Javascript is an official Sentry SDKs for JavaScript. From version 10.11.0 to before 10.27.0, when a Node.js application using the Sentry SDK has sendDefaultPii: true it is possible to inadvertently send certain sensitive HTTP headers, including the Cookie header, to Sentry. Those headers...

libpng 缓冲区错误漏洞

libpng is an open source PNG reference library from The PNG Development Group that enables the creation, reading and writing of PNG graphic files. A buffer error vulnerability exists in libpng version 1.6.0 through versions prior to 1.6.51, which stems from a heap buffer overflow in the...

EUVD-2025-199238

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's pngwriteimage8bit function when processing 8-bit images through t...

CVE-2025-54563

An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Incorrect Access Control, leading to Remote Information Disclosure...

CVE-2025-36150

IBM Concert 1.0.0 through 2.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

@asyncapi/server-api (>=0.16.0 <=0.16.23) potentially affected by unknown CVE via @asyncapi/java-template (=0.2.10)

@asyncapi/java-template NPM version =0.2.10 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/java-template and may be impacted: - @asyncapi/server-api =0.16.0, =0.16.23 Source cves: unknown CVE Source advisory:...

@localstack/localstack-mcp-server (>=0.2.0 <=0.4.0), @posthog/nuxt (>=0.0.5 <=1.2.8) +4 more potentially affected by unknown CVE via posthog-node (>=5.0.0 <=5.13.2)

posthog-node NPM version =5.0.0, =0.2.0, =0.0.5, =0.62.0, =20.7.1-alpha.134, =0.0.0-client-js-listmessages-agentid-fix-20251119175531, =1.0.0-beta.9 Source cves: unknown CVE Source advisory: SNYK:JS-POSTHOGNODE-14103346...

Desktop Alert PingAlert 安全漏洞

Desktop Alert PingAlert is a network status monitoring tool from Desktop Alert USA. A security vulnerability exists in Desktop Alert PingAlert versions 6.1.0.11 through 6.1.1.2, which originates from a directory traversal and could result in writing to arbitrary files...

Desktop Alert PingAlert 安全漏洞

Desktop Alert PingAlert is a network status monitoring tool from Desktop Alert USA. A security vulnerability exists in Desktop Alert PingAlert versions 6.1.0.11 through 6.1.1.2, which stems from the presence of hard-coded configuration values...

PT-2025-47971

Name of the Vulnerable Software and Affected Versions Desktop Alert PingAlert versions 6.1.0.11 through 6.1.1.2 Description A security issue exists in the Application Server component of the software due to hard-coded configuration values. Recommendations Update Desktop Alert PingAlert to a versi...

PT-2025-47968

Name of the Vulnerable Software and Affected Versions Desktop Alert PingAlert versions 6.1.0.11 through 6.1.1.2 Description A Directory Traversal issue exists in the Application Server of the software, allowing an attacker to write arbitrary files under certain conditions. The issue enables...

CVE-2025-36160

IBM Concert 1.0.0 through 2.0.0 could disclose sensitive server information from HTTP response headers that could aid in further attacks against the system...

CVE-2025-36149 IBM Concert Software clickjacking

IBM Concert Software 1.0.0 through 2.0.0 could allow a remote attacker to hijack the clicking action of the victim...

CVE-2025-64751 OpenFGA Improper Policy Enforcement

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.4.0 to v1.11.0 openfga-0.1.34 = Helm chart = openfga-0.2.48, v.1.4.0 = docker = v.1.11.0 are vulnerable to improper policy enforcement when certain Check and...

CVE-2025-64751 OpenFGA Improper Policy Enforcement

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.4.0 to v1.11.0 openfga-0.1.34 = Helm chart = openfga-0.2.48, v.1.4.0 = docker = v.1.11.0 are vulnerable to improper policy enforcement when certain Check and...

Wazuh 访问控制错误漏洞

Wazuh is a Wazuh open source application. It is used to collect, aggregate, index and analyze security data to help organizations detect intrusions, threats and behavioral anomalies. An Access Control Error vulnerability exists in Wazuh versions 4.9.0 through prior to 4.13.0, which stems from a...