CVE-2024-56805 QTS, QuTS hero

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to possible denial of service due to rack ( CVE-2024-25126 )

Summary Rack is a modular Ruby web server interface used by IBM Cloud Pak for Data as part of the platform. CVE-2024-25126. Vulnerability Details CVEID:CVE-2024-25126 DESCRIPTION: Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parse...

PT-2025-24397 · Tenda · Tenda Ac7

Name of the Vulnerable Software and Affected Versions: Tenda AC7 version 15.03.06.44 Description: A critical issue affects the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the list argument leads to a buffer overflow. The attack may be initiated remotely...

PT-2025-24007 · Sourcecodester · Sourcecodester Open Source Clinic Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Open Source Clinic Management System version 1.0 Description: A critical vulnerability has been found in the SourceCodester Open Source Clinic Management System. The issue affects an unknown function of the file /login.php. The...

PT-2025-23916

Name of the Vulnerable Software and Affected Versions PHPGurukul Complaint Management System version 2.0 Description A critical issue was found in the PHPGurukul Complaint Management System, affecting an unknown part of the file /admin/edit-subcategory.php. The manipulation of the subcategory...

CVE-2025-48935 Deno has --allow-read / --allow-write permission bypass in `node:sqlite`

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 2.2.0 and prior to versions 2.2.5, it is possible to bypass Deno's permission read/write db permission check by using ATTACH DATABASE statement. Version 2.2.5 contains a patch for the issue...

electron{34,35,36} -- Out of bounds read and write in V8

Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2025-5419...

CVE-2025-49002 Dataease H2 Database Remote Code Execution (RCE) Bypass Vulnerability

DataEase is an open source business intelligence and data visualization tool. Versions prior to version 2.10.10 have a flaw in the patch for CVE-2025-32966 that allow the patch to be bypassed through case insensitivity because INIT and RUNSCRIPT are prohibited. The vulnerability has been fixed in...

CVE-2025-49002

DataEase (open source BI/visualization) contains a vulnerability in versions prior to 2.10.10 where a patch for CVE-2025-32966 can be bypassed due to case-insensitive handling, specifically when INIT and RUNSCRIPT are prohibited. The issue is fixed in v2.10.10. A GitHub exploit post (DataEase_Pos...

CVE-2025-30360 webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser

webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1, webpack-dev-server users' source code may be stolen when you access a malicious web site with non-Chromium based browser. The Origin header is checked to prevent Cross-si...

Security Bulletin: IBM Engineering Systems Design Rhapsody affected by CVE-2024-6763

Summary jetty-http-12.0.9.jar, jetty-server-12.0.9.jar was vulnerable and IBM Engineering Systems Design Rhapsodyhas upgraded JARs to org.eclipse.jetty:jetty-http:12.0.12;org.eclipse.jetty:jetty-server:12.0.12 Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight,...

PT-2025-29389

Name of the Vulnerable Software and Affected Versions GNU Binutils version 2.45 Description A problematic vulnerability exists in the copy section function within the binutils/objcopy.c file. This manipulation leads to a heap-based buffer overflow, requiring local access for exploitation. The...

PT-2025-23650 · Unknown · Quequnlong Shiyi-Blog

Name of the Vulnerable Software and Affected Versions: quequnlong shiyi-blog versions up to 1.2.1 Description: A vulnerability has been found in quequnlong shiyi-blog, affecting an unknown functionality of the file "/dev-api/api/comment/add". The manipulation of the content argument leads to...

CVE-2025-48996

HAX open-apis provides microservice apis for HAX webcomponents repo that are shared infrastructure calls. An unauthenticated information disclosure vulnerability exists in the Penn State University deployment of the HAX content management system via the haxPsuUsage API endpoint, related to a flat...

CVE-2025-48996 Unauthenticated Disclosure of PSU HAX CMS Site Listings via haxPsuUsage API Endpoint

HAX open-apis provides microservice apis for HAX webcomponents repo that are shared infrastructure calls. An unauthenticated information disclosure vulnerability exists in the Penn State University deployment of the HAX content management system via the haxPsuUsage API endpoint, related to a flat...

PT-2025-23480 · Multilaser · Multilaser Sirius Re016 Mlt1.0

Name of the Vulnerable Software and Affected Versions: Multilaser Sirius RE016 MLT1.0 Description: A problem was found in the processing of the file /cgi-bin/cstecgi.cgi, which leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and...

Debian: Security Advisory (DLA-4203-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-48489

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site Scripting XSS attacks due to insufficient data validation and sanitization during data reception. This issue has been patched in version 1.8.180...

PT-2025-23371 · WordPress · Wp-Geometa

Name of the Vulnerable Software and Affected Versions: WP-GeoMeta plugin for WordPress versions 0.3.4 through 0.3.5 Description: The issue is related to a missing capability check on the wp ajax wpgm start geojson import function, allowing authenticated attackers with Subscriber-level access and...

OESA-2025-1563 mod_security security update

This software is also called Modsec,it is an open-source web application firewall. It is designed for Apache HTTP Server.ModSecurity is commonly deployed to provide protections against generic classed of vulnerabilities.The install of this package is easy and you can read the README.TXT for more...