CVE-2025-61735

Server-Side Request Forgery SSRF vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are fine as long as the Kylin's system and project admin access is well protected. Users are recommended to upgrade to version 5.0.3, which fixes the issue...

CVE-2025-61735 Apache Kylin: Server-Side Request Forgery

Server-Side Request Forgery SSRF vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are fine as long as the Kylin's system and project admin access is well protected. Users are recommended to upgrade to version 5.0.3, which fixes the issue...

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo

Vulnerability Overview CVE-2025-32463 affects Sudo versions 1.9...

CVE-2025-54875 FreshRSS: Unauthorized creation of admin user when registration is enabled

FreshRSS is a free, self-hostable RSS aggregator. In versions 1.16.0 and above through 1.26.3, an unprivileged attacker can create a new admin user when registration is enabled through the use of a hidden field used only in the user management admin page, newuserisadmin. This is fixed in version...

CVE-2025-36351 IBM License Metric Tool bypass security

IBM License Metric Tool 9.2.0 through 9.2.40 could allow an authenticated user to bypass access controls in the REST API interface and perform unauthorized actions...

FreshRSS 访问控制错误漏洞

FreshRSS is a free, self-hosted RSS aggregator from FreshRSS Open Source. An access control error vulnerability exists in FreshRSS versions 1.16.0 through 1.26.3, which stems from an unauthorized attacker can create an administrator account using hidden fields when the registration feature is...

PT-2025-39837

Name of the Vulnerable Software and Affected Versions Mongoose versions 7.5 through 7.17 Description An integer overflow exists in the WebSocket component. Sending a specially crafted WebSocket request can cause the application to crash. Improper integration by downstream vendors may lead to a...

PT-2025-39829

Name of the Vulnerable Software and Affected Versions IBM License Metric Tool versions 9.2.0 through 9.2.40 Description An authenticated user can bypass access controls within the REST API interface, potentially leading to unauthorized actions. The issue relates to access control within the REST...

Apache Solr 6.6.x < 9.8.0 Relative Path Traversal

Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the 'configset upload' API. Commonly known as a 'zipslip', maliciously constructed ZIP files can use relative filepaths t...

CVE-2025-60140

Insertion of Sensitive Information Into Sent Data vulnerability in thetechtribe The Tribal the-tech-tribe allows Retrieve Embedded Sensitive Data.This issue affects The Tribal: from n/a through = 1.3.3...

CVE-2025-36274 IBM Aspera HTTP Gateway information disclosure

IBM Aspera HTTP Gateway 2.0.0 through 2.3.1 stores sensitive information in clear text in easily obtainable files which can be read by an unauthenticated user...

CVE-2025-36274 IBM Aspera HTTP Gateway information disclosure

IBM Aspera HTTP Gateway 2.0.0 through 2.3.1 stores sensitive information in clear text in easily obtainable files which can be read by an unauthenticated user...

abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +246 more potentially affected by CVE-2025-54831 via apache-airflow (>=1.10.1 <=3.0.2)

apache-airflow PYPI version =1.10.1, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.1, =0.2.9b1, =1.0.7, =0.4.0, =0.1.0a1, =0.5.1, =1.4.0 and more Source cves: CVE-2025-54831 Source advisory: OSV:PYSEC-2025-85...

GitLab Enterprise Edition 安全漏洞

GitLab Enterprise Edition EE is a content management system from the American company GitLab. A security vulnerability exists in GitLab Enterprise Edition versions 16.6 through 18.2.7 prior, 18.3 through 18.3.3 prior, and 18.4 through 18.4.1 prior, which stems from the potential for a developer...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab CE and EE versions 17.2 to before...

Flag Forge 安全漏洞

Flag Forge is an easy-to-use CTF platform open-sourced by FlagForge. A security vulnerability exists in Flag Forge version 2.0.0 through versions prior to 2.3.1, which stems from the return of a user's email address from the public endpoint /api/user/username, which could lead to information...

CVE-2025-59833

Flag Forge is a Capture The Flag CTF platform. In versions from 2.1.0 to before 2.3.0, the API endpoint GET /api/problems/:id returns challenge hints in plaintext within the question object, regardless of whether the user has unlocked them via point deduction. Users can view all hints for free,...

01os (=0.0.14), 21cmpsdenoiser (>=1.0.0 <=1.0.2) +25550 more potentially affected by CVE-2025-55554 via torch (>=1.0.0 <=2.8.0)

torch PYPI version =1.0.0, =1.0.0, =0.1.0, =1.0.0, =0.1.0, =2.13.0, =0.1.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.0.10 and more Source cves: CVE-2025-55554 Source advisory: OSV:PYSEC-2025-206...

01os (=0.0.14), 21cmpsdenoiser (>=1.0.0 <=1.0.2) +25351 more potentially affected by CVE-2025-55558 via torch (>=1.0.0 <=2.7.0)

torch PYPI version =1.0.0, =1.0.0, =0.1.0, =1.0.0, =0.1.0, =2.13.0, =0.1.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.0.10 and more Source cves: CVE-2025-55558 Source advisory: OSV:PYSEC-2025-208...

@amoscmc/dummy-package (>=1.3.1 <=1.3.3), @bitrefill/airfill-widget (>=4.2.2 <=4.8.3) +88 more potentially affected by CVE-2025-57318 via csvjson (>=1.0.5 <=5.1.0)

csvjson NPM version =1.0.5, =1.3.1, =4.2.2, =1.0.0, =1.0.6, =1.0.93, =0.0.4, =0.1.0, =0.5.1, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =1.1.1 and more Source cves: CVE-2025-57318 Source advisory: SNYK:JS-CSVJSON-13110014...