PT-2025-35055

Name of the Vulnerable Software and Affected Versions: Theme Blvd Widget Areas versions through 1.3.0 Description: Theme Blvd Widget Areas is susceptible to a Reflected Cross-Site Scripting XSS issue due to improper neutralization of input during web page generation. Recommendations: Update Theme...

WordPress RingCentral Communications 1.6.8 Authentication Bypass

WordPress RingCentral Communications plugin versions 1.5 through 1.6.8 have a missing server-side verification that allows for authentication bypass...

CVE-2025-34520

CVE-2025-34520 describes an authentication bypass in Arcserve Unified Data Protection (UDP). The issue allows unauthenticated attackers to access administrator-level features by manipulating request parameters or exploiting a logic flaw. Affected: UDP versions prior to 10.2. Patches exist in 10.2...

Security Bulletin: Vulnerability in SSH authorization affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in SSH authorization affects IBM Storage Virtualize products and could allow privilege escalation. CVE-2025-36120. Vulnerability Details CVEID:CVE-2025-36120 DESCRIPTION: IBM Storage Virtualize could allow an authenticated user to escalate their privileges in an SSH sessio...

CVE-2025-51667

An issue was discovered in simple-admin-core v1.2.0 thru v1.6.7. The /sys-api/role/update interface in the simple-admin-core system has a limited SQL injection vulnerability, which may lead to partial data leakage or disruption of normal system operations...

GHSA-9HP3-F5G8-RCCG The Freeform CraftCMS plugin contains an Server-side template injection (SSTI) vulnerability

Freeform 5.0.0 to before 5.10.16, a plugin for CraftCMS, contains an Server-side template injection SSTI vulnerability, resulting in arbitrary code injection for all users that have access to editing a form submission title...

CVE-2025-53105 GLPI permits unauthorized rules execution order

GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 10.0.0 to before 10.0.19, a connected user without administration rights can change th...

@alauda-fe/create-alauda-mfe-plugin (>=0.0.1 <=0.0.2), @apj-pace/pace-nx-plugin (>=0.0.2 <=0.0.5) +75 more potentially affected by CVE-2025-10894 via nx (>=20.0.0-beta.0 <=20.0.9)

nx NPM version =20.0.0-beta.0, =0.0.1, =0.0.2, =0.0.0, =0.5.0, =0.0.1, =0.0.25, =20.0.0-beta.0, =20.0.0-beta.0, =20.0.0-beta.0, =20.0.0-beta.0, =20.0.0-beta.0, =20.0.0-canary.20240926-529ab94 and more Source cves: CVE-2025-10894 Source advisory: SNYK:JS-NX-12205542...

Linux Distros Unpatched Vulnerability : CVE-2022-29501

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution. CVE-2022-29501 Note that Nessus...

CVE-2025-51667

An issue was discovered in simple-admin-core v1.2.0 thru v1.6.7. The /sys-api/role/update interface in the simple-admin-core system has a limited SQL injection vulnerability, which may lead to partial data leakage or disruption of normal system operations...

PT-2025-34932 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.15 through 18.1.4 GitLab CE/EE versions 18.2 through 18.2.4 GitLab CE/EE versions 18.3 through 18.3.0 Description: An authenticated user could cause a Denial of Service DoS condition by submitting URLs that generate...

PT-2025-34906

Name of the Vulnerable Software and Affected Versions: simple-admin-core versions 1.2.0 through 1.6.7 Description: An issue exists in the /sys-api/role/update interface of the simple-admin-core system. This interface has a SQL injection vulnerability that may lead to partial data leakage or...

GLPI 安全漏洞

GLPI is an open source IT and asset management software from GLPI Open Source. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

Linux Distros Unpatched Vulnerability : CVE-2022-30780

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a denial of service CPU consumption from stuck connections because connectionreadheadermore in...

Linux Distros Unpatched Vulnerability : CVE-2023-5512

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions from 16.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions startin...

Linux Distros Unpatched Vulnerability : CVE-2023-34411

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service panic via an invalid ! token such as !DOCTYPEs/%!A nesting in an XML document. The...

Linux Distros Unpatched Vulnerability : CVE-2018-19865

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3. CVE-2018-19865 Note that Nessus relies...

Linux Distros Unpatched Vulnerability : CVE-2018-11738

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in libtskfs.a in The Sleuth Kit TSK from release 4.0.2 through to 4.6.1. An out- of-bounds read of a memory region was found in the...

Linux Distros Unpatched Vulnerability : CVE-2022-22577

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An XSS Vulnerability in Action Pack = 5.2.0 and = 5.2.0 and 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses. CVE-2022-22577 Note th...

Linux Distros Unpatched Vulnerability : CVE-2022-45582

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the successurl parameter. CVE-2022-45582 Note that Nessus relies on the presence of...