CVE-2025-2412

CVE-2025-2412 affects Akinsoft QR Menü (QR Menu) versions s1.05.07 through s1.05.11. The root cause is an improper restriction of excessive authentication attempts, which can lead to an authentication bypass. Practical impact is that an attacker could bypass login controls against the affected QR...

CVE-2025-0610

CVE-2025-0610 describes a Cross-Site Request Forgery (CSRF) vulnerability in Akınsoft QR Menü. Affected versions are s1.05.06 through v1.05.12, where improper validation of user-supplied input enables CSRF actions on behalf of authenticated users. The root cause is insufficient input validation, ...

Akınsoft QR Menü 跨站请求伪造漏洞

Akinsoft QR Menü is a digitized QR code menu system from Akinsoft Turkey. Akinsoft QR Menü versions prior to s1.05.06 through v1.05.12 are vulnerable to a cross-site request forgery vulnerability that is caused by improper validation of user-supplied input. No detailed vulnerability details are...

IBM Concert Software 加密问题漏洞

IBM Concert Software is an application lifecycle risk identification software from International Business Machines IBM. An encryption issue vulnerability exists in IBM Concert Software versions 1.0.0 through 1.1.0 that stems from not properly enabling HTTP Strict Transport Security, which could...

CVE-2025-51667

An issue was discovered in simple-admin-core v1.2.0 thru v1.6.7. The /sys-api/role/update interface in the simple-admin-core system has a limited SQL injection vulnerability, which may lead to partial data leakage or disruption of normal system operations...

Linux Distros Unpatched Vulnerability : CVE-2021-37150

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resources. This issue affects Apache...

Linux Distros Unpatched Vulnerability : CVE-2020-24379

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection. CVE-2020-24379 Note that Nessus relies on the presence of the...

UBUNTU-CVE-2025-58066

nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. In versions between 1.2.0 and 1.6.1 inclusive servers which allow non-NTS traffic are affected by a denial of service vulnerability, where an attacker can induce a message storm between two NTP...

CVE-2025-58066

CVE-2025-58066 affects ntpd-rs versions 1.2.0–1.6.1 (server side with non‑NTS traffic). An attacker can induce a message storm between two NTP servers running ntpd-rs, enabling a denial of service. Client‑only configurations are not affected. The advisory recommends upgrading to version 1.6.2, wh...

CVE-2025-58066 DoS Vulnerability in ntpd-rs

nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. In versions between 1.2.0 and 1.6.1 inclusive servers which allow non-NTS traffic are affected by a denial of service vulnerability, where an attacker can induce a message storm between two NTP...

AskAI (=0.1.0), Druid_task1 (=0.1.0) +3816 more potentially affected by CVE-2025-58160 via tracing-subscriber (>=0.1.6 <=0.3.19)

tracing-subscriber CARGO version =0.1.6, =0.1.0, =0.7.0, =0.5.0, =0.5.0, =0.5.0, =0.1.5, =0.0.1-dev.10, =1.1.0, =0.0.7, =0.0.16 - acril =0.1.0 and more Source cves: CVE-2025-58160 Source advisory: OSV:GHSA-XWFJ-JGWM-7WP5...

@ainsleydev/payload-helper (>=0.0.1 <=0.0.32), @anjy7/navbar-cms (=0.0.5) +63 more potentially affected by CVE-2025-4643 +1 more via payload (>=0.12.3 <=3.35.1)

payload NPM version =0.12.3, =0.0.1, =1.0.1, =1.0.0, =1.0.6, =0.1.0, =1.0.0, =0.0.1, =0.0.1, =0.0.1, =0.0.7, =1.0.0, =1.1.8 and more Source cves: CVE-2025-4643, CVE-2025-4644 Source advisory: OSV:GHSA-26RV-H2HF-3FW4...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a security bypass vulnerability (CVE-2025-36124)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a security bypass vulnerability in JMS messaging with the wasJmsServer-1.0, wasJmsSecurity-1.0, wasJmsClient-2.0, messagingServer-3.0, messagingSecurity-3.0, or...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a security bypass vulnerability (CVE-2025-36124)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a security bypass vulnerability in JMS messaging with the wasJmsServer-1.0, wasJmsSecurity-1.0, wasJmsClient-2.0, messagingServer-3.0, messagingSecurity-3.0, or messagingClient-3...

Centurion ERP 授权问题漏洞

Centurion ERP is an open source management system from No Fuss Computing. An authorization issue vulnerability exists in Centurion ERP versions prior to 1.12.0 through 1.21.0, which stems from an improperly viewed authentication token that could lead to information disclosure...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Denial of Service in huggingface/transformers [CVE-2025-1194]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Denial of Service in huggingface/transformers, caused by a regex exhibiting exponential complexity under certain conditions with specially crafted inputs, leading to excessive backtracking CVE-2025-1194. Huggingface/transformers is...

CVE-2025-48325

Cross-Site Request Forgery CSRF vulnerability in shmish111 WP Admin Theme wp-admin-theme allows Stored XSS.This issue affects WP Admin Theme: from n/a through = 1.0...

CVE-2025-53250

CVE-2025-53250 corresponds to a Server-Side Request Forgery in the WordPress Chartbeat Plugin (versions n/a–2.0.7). The CVSS 3.1 base metrics indicate a Network attack vector, Low attack complexity, Low privileges required, no user interaction, with Confidentiality and Integrity impacts both Low ...

CVE-2025-48109

CVE-2025-48109 is a CSRF to Stored XSS vulnerability in the WordPress plugin XM-Backup, affecting versions up to and including 0.9.1. The vulnerability allows an attacker to coerce a logged-in user to perform actions that trigger a stored XSS payload, per the CVE description and Patchstack/PT-202...

Security Bulletin: Vulnerability affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficientl...