WatchGuard Fireware OS 安全漏洞

WatchGuard Fireware OS is a software from WatchGuard USA that runs on a Firebox. A security vulnerability exists in WatchGuard Fireware OS versions 11.10.2 through 11.12.4Update1, 12.0 through 12.11.3, and 2025.1, which originates from an out-of-bounds write and could lead to the execution of...

Paraşüt 跨站脚本漏洞

Paraşüt is a cloud-based online finance and accounting management software from Paraşüt Turkey. A cross-site scripting vulnerability exists in Paraşüt versions 0.0.0.65efa44e through 20250204, which stems from improper input neutralization and could lead to cross-site scripting attacks...

CVE-2025-55111

Certain files with overly permissive permissions were identified in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions as well as in newer versions which were upgraded from an affected version. These files contain keys and passwords relating ...

BIT-GITLAB-2025-1250 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed an authenticated user to stall background job processing by sending specially crafted commit messages, merge request descriptions, or not...

CVE-2024-12367

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vegagrup Software Vega Master allows Directory Indexing. This issue affects Vega Master: from v.1.12.35 through 20250916. NOTE: The vendor did not inform about the completion of the fixing process within...

org.webjars.npm:bonjour (=3.5.0), org.webjars.npm:dns-packet (>=1.3.1 <=4.2.0) +10 more potentially affected by CVE-2024-29415 +1 more via org.webjars.npm:ip (>=1.1.5 <=2.0.0)

org.webjars.npm:ip MAVEN version =1.1.5, =1.3.1, =1.0.1, =6.2.3, =4.2.0, =1.1.10, =3.0.1, =4.0.2 - org.webjars.npm:splitsoftwaresplitio =10.8.4 Source cves: CVE-2024-29415, CVE-2025-59437 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-14101895...

Vegagrup Software Vega Master 安全漏洞

Vegagrup Software Vega Master is a web-based reporting system from Vegagrup Software, Turkey. A security vulnerability exists in Vegagrup Software Vega Master versions v.1.12.35 through 20250916, which stems from a directory index that exposes sensitive system information...

CVE-2025-43794

Stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote authenticated attackers...

Ceragon EtherHaul series 代码问题漏洞

The Ceragon EtherHaul series is a point-to-point infinite link device from Ceragon USA. A security vulnerability exists in the Ceragon EtherHaul series versions 7.4.0 through 10.7.3, which stems from the rfpiped service not performing authentication or path validation, which could result in...

3m (=0.1.0), aaa-ml-datasets-course (=1.0.0) +1856 more potentially affected by CVE-2025-6051 via transformers (>=2.10.0 <=4.52.4)

transformers PYPI version =2.10.0, =0.0.4.80, =0.1.0, =0.1.1, =0.1.0, =0.0.3, =0.0.1, =0.0.0.dev20230804, =0.1.0, =0.3.0, =0.1.0, =0.2.5, =0.2.11 and more Source cves: CVE-2025-6051 Source advisory: OSV:GHSA-RCV9-QM8P-9P6J...

GHSA-M55R-9FX8-725J Liferay Portal's System, Instance and Site Settings are vulnerable to Open Redirect

An open redirect vulnerability in the System Settings in Liferay Portal 7.1.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4 , 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to redirect users to arbitrary external URLs vi...

CVE-2025-6454

An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to make unintended internal requests through proxy environments by injecting crafted sequences...

GitLab CE和EE 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab CE and EE versions 15.0 through 18.1.6 prior...

GitLab Enterprise Edition（EE）和GitLab Community Edition（CE） 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability in GitLab Enterprise Edition EE and GitLab Community Edition ...

CVE-2025-49860

Missing Authorization vulnerability in Majestic Support Majestic Support majestic-support.This issue affects Majestic Support: from n/a through = 1.1.0...

mysql: InnoDB unspecified vulnerability (CPU Jul 2025)

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

mysql: Encryption unspecified vulnerability (CPU Jul 2025)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

mysql: Parser unspecified vulnerability (CPU Apr 2025)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Parser. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...

mysql: Optimizer unspecified vulnerability (CPU Jul 2025)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MyS...

CVE-2025-48040 Malicious Key Exchange Messages may Lead to Excessive Resource Consumption

Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh sshsftp modules allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl. This issue affects OTP from OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to...