CVE-2025-7865

CVE-2025-7865 affects thinkgem JeeSite up to version 5.12.0. The XSS Filter component’s EncodeUtils.java xssFilter function mishandles the text parameter, enabling cross-site scripting via remote manipulation. Exploit has been publicly disclosed; remediation involves applying patch 3585737d21fe49...

CVE-2025-7863 thinkgem JeeSite ServletUtils.java redirectUrl

A vulnerability was found in thinkgem JeeSite up to 5.12.0 and classified as problematic. Affected by this issue is the function redirectUrl of the file src/main/java/com/jeesite/common/web/http/ServletUtils.java. The manipulation of the argument url leads to open redirect. The attack may be...

CVE-2025-54068

Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is...

CVE-2024-25176 affecting package sysbench for versions less than 1.0.20-6

CVE-2024-25176 affecting package sysbench for versions less than 1.0.20-6. A patched version of the package is available...

CVE-2024-25178 affecting package sysbench for versions less than 1.0.20-6

CVE-2024-25178 affecting package sysbench for versions less than 1.0.20-6. A patched version of the package is available...

CVE-2024-12718 affecting package python3 for versions less than 3.9.19-14

CVE-2024-12718 affecting package python3 for versions less than 3.9.19-14. A patched version of the package is available...

CVE-2025-54068

Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is...

RHSA-2025:11321 Red Hat Security Advisory: iputils security update

Bulletin has no description...

CVE-2025-53908

RomM is affected by an authenticated path traversal vulnerability in the /api/raw endpoint. Versions prior to 3.10.3 and prior to 4.0.0-beta.3 are vulnerable. The issue can allow leakage of passwords and user data on systems with multiple users (including unprivileged users such as the kiosk user...

BIT-APACHE-2024-42516 Apache HTTP Server: HTTP response splitting

HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response. This vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP...

CVE-2025-50086

...

Oracle Linux 8 : lz4 (ELSA-2025-11035)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-11035 advisory. - Fix CVE-2019-17543 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not tested fo...

CVE-2025-53822

WeGIA (open source web manager) is affected by a Reflected XSS in the relatorio_geracao.php endpoint, via the tipo_relatorio parameter, for versions prior to 3.4.5. The underlying issue is lack of proper input filtering/escaping, enabling injection of arbitrary scripts. A fix is available in vers...

CVE-2025-53822 WeGIA vulnerable to Reflected Cross-Site Scripting in endpoint 'relatorio_geracao.php' parameter 'tipo_relatorio'

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the relatoriogeracao.php endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to...

RHEL 9 : kpatch-patch-5_14_0-284_104_1, kpatch-patch-5_14_0-284_117_1, kpatch-patch-5_14_0-284_52_1, kpatch-patch-5_14_0-284_79_1, and kpatch-patch-5_14_0-284_92_1 (RHSA-2025:10980)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:10980 advisory. This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patch module ...

UBUNTU-CVE-2025-7545

A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copysection of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the publ...

CVE-2025-7546

A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfdelfsetgroupcontents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has bee...

CVE-2025-7545 GNU Binutils objcopy.c copy_section heap-based overflow

A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copysection of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the publ...

PT-2025-29381 · Campcodes · Campcodes Sales/Inventory System

Name of the Vulnerable Software and Affected Versions: Campcodes Sales and Inventory System version 1.0 Description: A critical issue exists in Campcodes Sales and Inventory System. The vulnerability is located in the file /pages/product update.php and allows for SQL injection through manipulatio...

CVE-2025-53371

DiscordNotifications is an extension for MediaWiki that sends notifications of actions in your Wiki to a Discord channel. DiscordNotifications allows sending requests via curl and filegetcontents to arbitrary URLs set via $wgDiscordIncomingWebhookUrl and $wgDiscordAdditionalIncomingWebhookUrls...