Linux Distros Unpatched Vulnerability : CVE-2024-8973

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to...

Linux Distros Unpatched Vulnerability : CVE-2022-29501

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution. CVE-2022-29501 Note that Nessus...

Linux Distros Unpatched Vulnerability : CVE-2018-11738

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in libtskfs.a in The Sleuth Kit TSK from release 4.0.2 through to 4.6.1. An out- of-bounds read of a memory region was found in the...

PT-2025-34792 · Ibm · Ibm Cognos Command Center

Name of the Vulnerable Software and Affected Versions: IBM Cognos Command Center versions 10.2.4.1 through 10.2.5 Description: IBM Cognos Command Center is susceptible to an open redirect attack, potentially enabling a remote attacker to conduct phishing attacks. A crafted website can be used to...

acelerai (=0.0.32), acelerai-staging (>=0.0.1 <=0.0.8) +103 more potentially affected by CVE-2025-57804 via h2 (>=4.0.0 <=4.2.0)

h2 PYPI version =4.0.0, =0.0.1, =0.0.1, =0.2.2, =1.0.0, =0.1.12, =0.0.1, =0.1.3, =0.1.19 - coif =0.0.1 and more Source cves: CVE-2025-57804 Source advisory: SNYK:PYTHON-H2-12201340...

CVE-2025-54300 Extension - norrnext.com - Stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla

A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. The SVG upload feature does not sanitize uploads...

CVE-2025-43767

Open Redirect vulnerability in /c/portal/editinfoitem parameter redirect in Liferay Portal 7.4.3.86 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 update 86 through update 92 allows an attacker to exploit this...

Norrnext Quantum Manager component for Joomla 跨站脚本漏洞

Norrnext Quantum Manager component for Joomla is a file and media management extension from Norrnext, Inc. A cross-site scripting vulnerability exists in the Norrnext Quantum Manager component for Joomla versions 1.0.0-3.2.0, which stems from the SVG upload function not cleaning up the uploaded...

CVE-2025-53363

dpanel is an open source server management panel written in Go. In versions 1.2.0 through 1.7.2, dpanel allows authenticated users to read arbitrary files from the server via the /api/app/compose/get-from-uri API endpoint. The vulnerability exists in the GetFromUri function in...

CVE-2025-36174

IBM Integrated Analytics System 1.0.0.0 through 1.0.30.0 could allow an authenticated user to upload a file with dangerous types that could be executed by another user if opened...

CVE-2025-36157

IBM Jazz Foundation 7.0.2 to 7.0.2 iFix035, 7.0.3 to 7.0.3 iFix018, and 7.1.0 to 7.1.0 iFix004 could allow an unauthenticated remote attacker to update server property files that would allow them to perform unauthorized actions...

CVE-2025-36174 IBM Integrated Analytics System file upload

IBM Integrated Analytics System 1.0.0.0 through 1.0.30.0 could allow an authenticated user to upload a file with dangerous types that could be executed by another user if opened...

IBM Integrated Analytics System 代码问题漏洞

IBM Integrated Analytics System is an integrated data analytics platform from International Business Machines IBM. A code issue vulnerability exists in IBM Integrated Analytics System versions 1.0.0.0 through 1.0.30.0, which stems from allowing the upload of dangerously typed files could lead to...

CVE-2025-47700

Mattermost Server versions 10.5.x = 10.5.9 utilizing the Agents plugin fail to reject empty request bodies which allows users to trick users into clicking malicious links via post actions...

PT-2025-34529 · Linksys · Linksys Re9000 +5

Name of the Vulnerable Software and Affected Versions: Linksys RE6250 version 1.0.013.001 Linksys RE6250 version 1.0.04.001 Linksys RE6250 version 1.0.04.002 Linksys RE6250 version 1.1.05.003 Linksys RE6250 version 1.2.07.001 Linksys RE6300 version 1.0.013.001 Linksys RE6300 version 1.0.04.001...

PT-2025-34507 · WordPress · Simpler Checkout

Name of the Vulnerable Software and Affected Versions: Simpler Checkout versions 0.7.0 through 1.1.9 Description: The Simpler Checkout plugin for WordPress is susceptible to authentication bypass. The plugin does not properly verify a user’s identity before granting access as an administrator...

CVE-2025-57800 Audiobookshelf vulnerable to OIDC token exfiltration and account takeover

Audiobookshelf is an open-source self-hosted audiobook server. In versions 2.6.0 through 2.26.3, the application does not properly restrict redirect callback URLs during OIDC authentication. An attacker can craft a login link that causes Audiobookshelf to store an arbitrary callback in a cookie,...

CVE-2025-43748

Insufficient CSRF protection for omni-administrator users in Liferay Portal 7.0.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.6, 2023.Q4.0 through 2023.Q4.9, 2023.Q3.1 through 2023.Q3.9, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allows...

CVE-2025-53992

Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetTricks jet-tricks allows Retrieve Embedded Sensitive Data.This issue affects JetTricks: from n/a through = 1.5.4.1...

CVE-2025-8678

The WP Crontrol plugin for WordPress is vulnerable to blind Server-Side Request Forgery in versions 1.17.0 to 1.19.1 via the 'wpremoterequest' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations...