Linux Distros Unpatched Vulnerability : CVE-2025-52434

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Tomcat when using the APR/Native connector. Th...

org.open-metadata:openmetadata-dist (>=1.0.0 <=1.13.0-snapshot), org.open-metadata:openmetadata-k8s-operator (>=1.12.0 <=1.13.0-snapshot) +1 more potentially affected by CVE-2025-50467 via org.open-metadata:openmetadata-service (>=1.0.0-alpha <=1.4.4)

org.open-metadata:openmetadata-service MAVEN version =1.0.0-alpha, =1.0.0, =1.12.0, =1.10.0, =1.13.0-snapshot Source cves: CVE-2025-50467 Source advisory: SNYK:JAVA-ORGOPENMETADATA-12009018...

@de-otio/trellis (>=0.4.0 <=0.7.1), @fedify/amqp (>=0.1.0 <=0.2.0-dev.11) +6 more potentially affected by CVE-2025-54888 via @fedify/fedify (>=0.10.2 <=1.10.10)

@fedify/fedify NPM version =0.10.2, =0.4.0, =0.1.0, =0.3.0, =0.3.0, =0.1.0, =0.1.0, =0.0.1, =0.1.0, =1.1.20 Source cves: CVE-2025-54888 Source advisory: OSV:GHSA-6JCC-XGCR-Q3H4...

Linux Distros Unpatched Vulnerability : CVE-2024-36587

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insecure permissions in DNSCrypt-proxy v2.0.0alpha9 to v2.1.5 allows non-privileged attackers to escalate privileges to root via overwriting the binary...

CBL Mariner 2.0 Security Update: mysql (CVE-2025-53023)

The version of mysql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-53023 advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions...

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.25. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

...

LibreChat 授权问题漏洞

LibreChat is an enhanced ChatGPT clone by Danny Avila Personal Developer. An authorization issue vulnerability exists in LibreChat versions 0.0.6 through 0.7.7-rc1, which stems from a test endpoint exposure that could lead to the disclosure of arbitrary user chat logs...

@mastra/deployer-netlify (>=0.0.0-a2a-20250421213654 <=0.10.5), @rr0/cms (>=0.3.23 <=0.3.29) +14 more potentially affected by CVE-2025-54387 via ipx (>=2.0.1 <=2.1.0)

ipx NPM version =2.0.1, =0.0.0-a2a-20250421213654, =0.3.23, =1.1.6, =4.0.0, =2.0.3, =0.0.23, =1.0.0, =1.0.2, =21.5.0, =17.4.0, =0.0.7, =0.0.13 - tmp-package-registry =1.0.0 and more Source cves: CVE-2025-54387 Source advisory: OSV:GHSA-MM3P-J368-7JCR...

Gandia Integra Total 4.4.2236.1 SQL Injection

Gandia Integra Total versions 2.1.2217.3 through 4.4.2236.1 suffer from a remote SQL injection vulnerability...

CVE-2025-41370

A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb/html/view/acceso.php...

GLPI Privilege License and Access Control Issues Vulnerability (CNVD-2025-17791)

GLPI is a free asset and IT management software suite that provides ITIL service desk functionality, license tracking and software auditing. A security vulnerability exists in GLPI versions 9.1.0 through 10.0.18, which stems from a failure to perform privilege checks on specific resource deletion...

GLPI Privilege License and Access Control Issues Vulnerability (CNVD-2025-17792)

GLPI is a free asset and IT management software suite. A security vulnerability exists in GLPI versions 0.80 through 10.0.18, which originates from the system not validating permissions on some resource access requests. An attacker could exploit the vulnerability to gain unauthorized access to...

GLPI Permission License and Access Control Issues Vulnerability

GLPI is an open source IT asset and service management software suite that provides ITIL service desk functionality, license tracking and software auditing capabilities. A security vulnerability exists in GLPI versions 0.65 through 10.0.18, which originates from a technician being able to utilize...

PT-2025-31633 · Unknown · Gandia Integra Total

Name of the Vulnerable Software and Affected Versions: Gandia Integra Total versions 2.1.2217.3 through 4.4.2236.1 Description: A SQL injection vulnerability exists in Gandia Integra Total. The vulnerability allows an authenticated attacker to retrieve, create, update, and delete databases throug...

TESI Gandia Integra Total SQL注入漏洞

TESI Gandia Integra Total is a Web-based online survey and data analysis system from TESI Spain. An SQL injection vulnerability exists in TESI Gandia Integra Total versions 2.1.2217.3 through 4.4.2236.1, which originates in the file /encuestas/integrawebv4/integra/html/view/hislistadoacciones.php...

acapy-agent (>=1.1.1 <=1.5.0rc1), acapy-agent-jamie-testing (=1.3.1rc1) +446 more potentially affected by CVE-2025-45768 via pyjwt (>=2.0.0 <=2.10.1)

pyjwt PYPI version =2.0.0, =1.1.1, =0.1.1, =0.1.31, =0.1.0, =0.5.0, =1.89.5, =0.1.0, =0.0.1, =0.1.59, =0.2.47, =24.12.0, =1.29.7, =1.37.0 - anote-generate =0.3.0 and more Source cves: CVE-2025-45768 Source advisory: SNYK:PYTHON-PYJWT-11356591...

org.apache.jspwiki.it:jspwiki-selenide-tests (>=2.11.0 <=2.12.2), org.apache.jspwiki:jspwiki-210-adapters (>=2.11.0 <=2.12.2) +5 more potentially affected by CVE-2025-24854 via org.apache.jspwiki:jspwiki-main (>=2.11.0 <=2.12.2)

org.apache.jspwiki:jspwiki-main MAVEN version =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.12.2 Source cves: CVE-2025-24854 Source advisory: OSV:GHSA-72WW-4RCW-MC62...

ProcessMaker Open Source 安全漏洞

ProcessMaker Open Source is a workflow management software from US-based ProcessMaker, Inc. A security vulnerability exists in ProcessMaker Open Source versions 2.0.23 through 2.5.1 that originates from multiple endpoints that do not validate user input and could lead to remote code execution...

UBUNTU-CVE-2025-53357

GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 0.78 through 10.0.18, a connected user can alter the reservations of another user. Thi...

GLPI 代码问题漏洞

GLPI is an open source IT and asset management software from GLPI Open Source. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...