CVE-2024-56731

Summary: Gogs (self-hosted Git service) contains a remote command execution flaw tied to the .git directory. Prior to version 0.13.3, an insufficient patch for CVE-2024-39931 allowed unprivileged users to delete files inside .git and run arbitrary commands with RUN_USER privileges, enabling acces...

CVE-2025-32975

Quest KACE Systems Management Appliance SMA 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 Patch 5, and 14.1.x before 14.1.101 Patch 4 contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid...

PT-2025-26792 · Sourcecodester · Sourcecodester Best Pos Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Best Salon Management System version 1.0 Description: A critical vulnerability has been found in the SourceCodester Best Salon Management System. The issue affects some unknown functionality of the file...

CVE-2025-52558

changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Prior to version 0.50.4, errors in filters from website page change detection watches were not being filtered resulting in a cross-site scripting XSS vulnerability. This...

CVE-2025-52485

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request to inject scripts in the Activity Feed Attachments endpoint which will then render in the feed. This issue...

CVE-2025-52487 DNN.PLATFORM possibly allows bypass of IP Filters

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In versions 7.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request or proxy to be created that could bypass the design of DNN Login IP Filters allowing login attempts from IP...

CVE-2025-52487

CVE-2025-52487 affects DNN.PLATFORM (DotNetNuke) prior to version 10.0.1. Versions 7.0.0 up to before 10.0.1 allow a specially crafted request or proxy to bypass the DNN Login IP Filters, enabling login attempts from IPs outside the allow list. The vulnerability is mitigated by upgrading to versi...

CVE-2025-52485 DNN.PLATFORM Allows Stored Cross-Site Scripting (XSS) in Activity Feed

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request to inject scripts in the Activity Feed Attachments endpoint which will then render in the feed. This issue...

Fedora 42 : perl-File-Find-Rule (2025-eef56e1ee1)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-eef56e1ee1 advisory. Fix CVE-2011-10007 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

CVE-2025-49132 Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution

Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code it...

CVE-2025-49132

Summary (CVE-2025-49132) Pterodactyl Panel versions up to 1.11.10 are affected by an unauthenticated remote code execution via the /locales/locale.json endpoint, where locale and namespace query parameters are passed to PHP include() unsafely. The vulnerability can lead to local file inclusion an...

CVE-2025-48059 PowSyBl Core Contains a Polynomial ReDoS in RegexCriterion

PowSyBl Power System Blocks is a framework to build power system oriented software. In com.powsybl:powsybl-iidm-criteria versions 6.3.0 to before 6.7.2 and com.powsybl:powsybl-contingency-api versions 5.0.0 to before 6.3.0, there is a a potential polynomial Regular Expression Denial of Service...

CVE-2025-48058

PowSyBl Core contains a polynomial ReDoS vulnerability in the DataSource mechanism (affecting listNames regex handling) prior to version 6.7.2. Exploitation can cause high CPU due to regex backtracking. The issue has been patched in com.powsybl:powsybl-commons:6.7.2 and related patches in 6.7.2+;...

PT-2025-26286 · Unknown · Code-Projects Online Shoe Store

Name of the Vulnerable Software and Affected Versions: code-projects Online Shoe Store version 1.0 Description: A critical issue was found in the code-projects Online Shoe Store, affecting an unknown functionality of the file /admin/admin running.php. The manipulation of the qty argument leads to...

PT-2025-26257 · Code Projects · Code-Projects Hospital Management System

Name of the Vulnerable Software and Affected Versions: code-projects Hostel Management System version 1.0 Description: A critical issue affects the processing of the file /contact manager.php, where the manipulation of the student roll no argument leads to SQL injection. The attack can be initiat...

PT-2025-26302 · Unknown · Phpgurukul Directory Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Directory Management System version 2.0 Description: A critical issue has been found in the PHPGurukul Directory Management System, affecting some unknown functionality of the file /admin/manage-directory.php. The manipulation of t...

CVE-2022-49970

In the Linux kernel, the following vulnerability has been resolved: bpf, cgroup: Fix kernel BUG in purgeeffectiveprogs Syzkaller reported a triggered kernel BUG as follows: ------------ cut here ------------ kernel BUG at kernel/bpf/cgroup.c:925! invalid opcode: 0000 1 PREEMPT SMP NOPTI CPU: 1...

CVE-2025-48886

Hydra is a layer-two scalability solution for Cardano. Prior to version 0.22.0, the process assumes L1 event finality and does not consider failed transactions. Currently, Cardano L1 is monitored for certain events which are necessary for state progression. At the moment, Hydra considers those...

CVE-2025-52474 WeGIA SQL Injection Vulnerability in id Parameter on control.php Endpoint

WeGIA is a web manager for charitable institutions. Prior to version 3.4.2, a SQL Injection vulnerability was identified in the id parameter of the /WeGIA/controle/control.php endpoint. This vulnerability allows attacker to manipulate SQL queries and access sensitive database information, such as...

CVE-2025-50201 WeGIA OS Command Injection in debug_info.php parameter 'branch'

WeGIA is a web manager for charitable institutions. Prior to version 3.4.2, an OS Command Injection vulnerability was identified in the /html/configuracao/debuginfo.php endpoint. The branch parameter is not properly sanitized before being concatenated and executed in a shell command on the server...