IBM WebSphere Application Server Liberty 17.0.0.3 < 25.0.0.9 (7242027)

The version of IBM WebSphere Application Server Liberty running on the remote host is affected by a vulnerability as referenced in the 7242027 advisory. - IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a...

CVE-2025-54063

Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.4.8 to 1.5.0, there is a one-click remote code execution vulnerability through the custom URL handling. An attacker can exploit this by hosting a malicious website or embedding a specially crafted URL on a...

CVE-2024-12303

Removed by vendor...

CVE-2025-2614

Removed by vendor...

CVE-2025-54074

CVE-2025-54074 affects Cherry Studio desktop client, versions 1.2.5–1.5.1, which are vulnerable to OS command injection when connecting to a malicious MCP server over HTTP Streamable mode. The underlying issue arises during the OAuth-enabled connection process, allowing an attacker-controlled MCP...

CVE-2025-8891 OceanWP <= 4.0.9 - 4.1.1 - Cross-Site Request Forgery to Ocean Extra Plugin Installation

The OceanWP theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.0.9 to 4.1.1. This is due to missing or incorrect nonce validation on the oceanwpnoticebuttonclick function. This makes it possible for unauthenticated attackers to install the Ocean Extra plugin via a forge...

Cherry Studio 操作系统命令注入漏洞

Cherry Studio is a multi-model AI assistant from China Thousand Comets Cherry Studio. An OS command injection vulnerability exists in Cherry Studio versions 1.2.5 through 1.5.1, which stems from an OS command injection when connecting to a malicious MCP server...

CVE-2025-36000 IBM WebSphere Application Server Liberty cross-site scripting

IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure with...

CVE-2025-36124 IBM WebSphere Application Server Liberty bypass security

IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration...

CVE-2024-41979

CVE-2024-41979 affects Siemens SmartClient modules Opcenter QL Home, SOA Audit, and SOA Cockpit (versions 13.2 through 2505). Root cause: the server does not enforce mandatory authorization on some functionality levels, allowing an authenticated attacker to gain complete access to the application...

com.walterjwhite.java.examples:ssh (=0.0.17), com.walterjwhite.java.modules.linux-builder.modules.cli.providers:cdi (=0.0.17) +23 more potentially affected by CVE-2025-8885 via org.bouncycastle:bcprov-ext-jdk14 (>=1.51 <=1.72)

org.bouncycastle:bcprov-ext-jdk14 MAVEN version =1.51, =0.1.0, =0.1.0, =0.1.2 - io.github.qsy7.java.modules.linux-builder.modules.cli.providers:guice =0.1.0 and more Source cves: CVE-2025-8885 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-11777847...

Siemens多款产品 安全漏洞

Siemens SmartClient modules Opcenter QL Home is a client module from Siemens Germany. A security vulnerability exists in various Siemens products, which stems from mishandling of errors and could lead to the exposure of system applications. The following products and versions are affected:...

PT-2025-32879 · Ibm · Ibm Websphere Application Server Liberty

IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration...

VulnCheck KEV: CVE-2023-37941

If an attacker gains write access to the Apache Superset metadata database, they could persist a specifically crafted Python object that may lead to remote code execution on Superset's web backend. The Superset metadata db is an 'internal' component that is typically only accessible directly by t...

SUSE CVE-2025-54999

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, when using OpenBao's userpass auth method, user enumeration was possible due to timing difference between non-existent users an...

BIT-LIBPHP-2024-8926 PHP CGI Parameter Injection Vulnerability (CVE-2024-4577 bypass)

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 may still be bypassed and the same command injection related to Windows...

Duplicate Advisory: Keras safe mode bypass vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-c9rc-mg46-23w3. This link is maintained to preserve external references. Original Description A safe mode bypass vulnerability in the Model.loadmodel method in Keras versions 3.0.0 through 3.10.0 allows an...

UBUNTU-CVE-2025-8747

A safe mode bypass vulnerability in the Model.loadmodel method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a specially crafted .keras model archive...

CVE-2025-55000

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, OpenBao's TOTP secrets engine could accept valid codes multiple times rather than strictly-once. This was caused by unexpected...

Linux Distros Unpatched Vulnerability : CVE-2024-31309

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2...