CVE-2025-50055

Cross-site scripting XSS vulnerability in the SAML Authentication module in OpenVPN Access Server version 2.14.0 through 2.14.3 allows configured remote SAML Assertion Consumer Service ACS endpoint servers to inject arbitrary web script or HTML via the RelayState parameter...

OpenVPN Access Server 安全漏洞

OpenVPN Access Server is a web-based VPN management interface from OpenVPN, Inc. A security vulnerability exists in OpenVPN Access Server versions 2.14.0 through 2.14.3, which stems from the RelayState parameter in the SAML Authentication module not being filtered correctly, which could lead to...

CVE-2025-61099

FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the opaqueinfodetail function at ospfopaque.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted LS Update packet...

CVE-2025-55757

A unauthenticated reflected XSS exists in VirtueMart versions 1.0.0 through 4.4.10 for Joomla. The issue arises from an input-output handling flaw that allows script injection and execution in the context of the victim’s browser when viewing vulnerable pages. Affected component: VirtueMart core p...

CVE-2025-55757 Extension - virtuemart.net - XSS in VirtueMart component 1.0.0 - 4.4.10 for Joomla

A unauthenticated reflected XSS vulnerability in VirtueMart 1.0.0-4.4.10 for Joomla was discovered...

CVE-2025-62711 Wasmtime vulnerable to segfault when using component resources

Wasmtime is a runtime for WebAssembly. In versions from 38.0.0 to before 38.0.3, the implementation of component-model related host-to-wasm trampolines in Wasmtime contained a bug where it's possible to carefully craft a component, which when called in a specific way, would crash the host with a...

EulerOS 2.0 SP13 : glibc (EulerOS-SA-2025-2290)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be...

CVE-2025-12100

Incorrect Default Permissions vulnerability in MongoDB BI Connector ODBC driver allows Privilege Escalation.This issue affects BI Connector ODBC driver: from 1.0.0 through 1.4.6...

CVE-2025-12100 MongoDB BI Connector ODBC driver installation via MSI may leave ACLs unset on custom installation directories

Incorrect Default Permissions vulnerability in MongoDB BI Connector ODBC driver allows Privilege Escalation.This issue affects BI Connector ODBC driver: from 1.0.0 through 1.4.6...

Vulnerabilities fixed in Oracle JD Edwards EnterpriseOne Tools

Oracle has fixed vulnerabilities in JD Edwards EnterpriseOne Tools Specifically for versions 9.2.0.0 to 9.2.9.4. The vulnerabilities in JD Edwards EnterpriseOne Tools allow unauthenticated attackers to compromise the system via HTTP, which can lead to unauthorized access and modification of...

EUVD-2025-35627

Liferay Portal and DXP are Missing Authorization in Collection Provider...

CVE-2025-53072

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite component: Marketing Administration. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing...

CVE-2025-62610 Hono Improperly Authorizes JWT Audience Validation

Hono is a Web application framework that provides support for any JavaScript runtime. In versions from 1.1.0 to before 4.10.2, Hono’s JWT Auth Middleware does not provide a built-in aud Audience verification option, which can cause confused-deputy / token-mix-up issues: an API may accept a valid...

agent-runtime-server (>=0.0.8 <=0.1.0), ai-application-gateway (>=0.1.1 <=0.1.5) +125 more potentially affected by CVE-2025-62611 via aiomysql (>=0.0.11 <=0.2.0)

aiomysql PYPI version =0.0.11, =0.0.8, =0.1.1, =0.0.1, =1.9.0, =2.10.0, =0.1.0, =0.0.2, =1.0.5, =0.0.154, =0.1.0, =0.1.0, =1.1.1, =3.13.4 and more Source cves: CVE-2025-62611 Source advisory: OSV:GHSA-R397-FF8C-WV2G...

agentengine (>=0.1.5 <=0.1.8), deepmost (=0.5.2) +13 more potentially affected by CVE-2025-11844 via smolagents (>=0.1.3 <=1.21.1)

smolagents PYPI version =0.1.3, =0.1.5, =0.1.0, =0.1.1, =0.1.1, =0.1.0, =0.16.0, =2.4.0, =0.0.1.dev0, =0.0.1, =0.3.0, =0.3.7 Source cves: CVE-2025-11844 Source advisory: OSV:GHSA-8MF9-RMGW-33QC...

CVE-2025-11965

In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, allowing unauthorized users to retrieve files within them e.g. '.git/config'...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in urllib3-2.3.0-py3-none-any.whl

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in urllib3-2.3.0-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-50182 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3...

CVE-2025-53045

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

UBUNTU-CVE-2025-53045

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

Security Bulletin: A vulnerability in form-data affects IBM Robotic Process Automation and may result in HTTP Parameter Polution (CVE-2025-7783)

Summary A vulnerability in form-data affects IBM Robotic Process Automation and may result in HTTP Parameter Polution . form-data is used by IBM Robotic Process Automation as part of the UI framework. This bulletin identifies the fixes required to address this vulnerability. Vulnerability Details...