GHSA-WC53-4255-GW3F The XWiki JIRA extension allows data leak through an XXE attack by using a fake JIRA server

Impact If the JIRA macro is installed, any logged in XWiki user could edit his/her user profile wiki page and use that JIRA macro, specifying a fake JIRA URL that returns an XML specifying a DOCTYPE pointing to a local file on the XWiki server host and displaying that file's content in one of the...

PT-2025-14880 · Unknown · Phpgurukul Online Fire Reporting System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Fire Reporting System version 1.2 Description: A critical issue has been found in the PHPGurukul Online Fire Reporting System. The problem affects some unknown functionality of the file /admin/search.php. The manipulation of...

PT-2025-14860 · Unknown · Phpgurukul E-Diary Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul e-Diary Management System version 1.0 Description: A critical issue affects an unknown part of the /password-recovery.php file. The manipulation of the username or contactno argument leads to SQL injection. It is possible to initia...

wonderwork.ucoz.com Cross Site Scripting vulnerability OBB-4042103

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2025-31487

The XWiki JIRA extension provides various integration points between XWiki and JIRA macros, UI, CKEditor plugin. If the JIRA macro is installed, any logged in XWiki user could edit his/her user profile wiki page and use that JIRA macro, specifying a fake JIRA URL that returns an XML specifying a...

CVE-2025-31487 The XWiki JIRA extension allows data leak through an XXE attack by using a fake JIRA server

The XWiki JIRA extension provides various integration points between XWiki and JIRA macros, UI, CKEditor plugin. If the JIRA macro is installed, any logged in XWiki user could edit his/her user profile wiki page and use that JIRA macro, specifying a fake JIRA URL that returns an XML specifying a...

CVE-2025-31487 The XWiki JIRA extension allows data leak through an XXE attack by using a fake JIRA server

The XWiki JIRA extension provides various integration points between XWiki and JIRA macros, UI, CKEditor plugin. If the JIRA macro is installed, any logged in XWiki user could edit his/her user profile wiki page and use that JIRA macro, specifying a fake JIRA URL that returns an XML specifying a...

DSA-5891-1 thunderbird - security update

Bulletin has no description...

CVE-2025-31137

React Router is a multi-strategy router for React bridging the gap from React 18 to React 19. There is a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an...

zeger.org Cross Site Scripting vulnerability OBB-4041645

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2025-21982 pinctrl: nuvoton: npcm8xx: Add NULL check in npcm8xx_gpio_fw

In the Linux kernel, the following vulnerability has been resolved: pinctrl: nuvoton: npcm8xx: Add NULL check in npcm8xxgpiofw devmkasprintf calls can return null pointers on failure. But the return values were not checked in npcm8xxgpiofw. Add NULL check in npcm8xxgpiofw, to handle kernel NULL...

Important: tomcat10

Issue Overview: Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from...

WordPress Rezo Theme <= 1.9.7 is vulnerable to Cross Site Scripting (XSS)

Software Rezo Type Theme Vulnerable versions = 1.9.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-31013 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c43544fe3a66 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunit...

my.gotmyhost.com Cross Site Scripting vulnerability OBB-4041447

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

PT-2025-14871 · Tenda · Tenda Fh1202

Name of the Vulnerable Software and Affected Versions: Tenda FH1202 version 1.2.0.14408 Description: A critical issue affects the Web Management Interface component, specifically the /goform/VirSerDMZ file, leading to improper access controls. The attack can be initiated remotely. Recommendations...

zinkinfobenelux.com Cross Site Scripting vulnerability OBB-4041328

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

PT-2025-13633 · Hewlett Packard · Hpe Insight Cluster Management Utility

Name of the Vulnerable Software and Affected Versions: HPE Insight Cluster Management Utility CMU version 8.2 Description: The issue is related to an unauthenticated Remote Code Execution RCE vulnerability in HPE Insight Cluster Management Utility CMU. This vulnerability allows unauthenticated...

RHEL 8 : container-tools:rhel8 (RHSA-2025:3210)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3210 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes:...

CVE-2025-22870 affecting package azcopy for versions less than 10.25.1-4

CVE-2025-22870 affecting package azcopy for versions less than 10.25.1-4. A patched version of the package is available...

CVE-2023-52976

In the Linux kernel, the following vulnerability has been resolved: efi: fix potential NULL deref in efimemreservepersistent When iterating on a linked list, a result of memremap is dereferenced without checking it for NULL. This patch adds a check that falls back on allocating a new page in case...