Pitchfork HTTP Request/Response Splitting vulnerability

Impact HTTP Response Header Injection in Pitchfork Versions 0.11.0 when used in conjunction with Rack 3 Patches The issue was fixed in Pitchfork release 0.11.0 Workarounds There are no known work arounds. Users must upgrade...

CVE-2025-29789

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.3.0 are vulnerable to Directory Traversal in the Load Code feature. Version 7.3.0 contains a patch for the issue...

CVE-2025-29789 OpenEMR Has Directory Traversal in Load Code feature

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.3.0 are vulnerable to Directory Traversal in the Load Code feature. Version 7.3.0 contains a patch for the issue...

CVE-2025-30213

Frappe is a full-stack web application framework. Prior to versions 14.91.0 and 15.52.0, a system user was able to create certain documents in a specific way that could lead to remote code execution. Versions 14.9.1 and 15.52.0 contain a patch for the vulnerability. There's no workaround; an...

SUSE-SU-2025:1004-1 Security update for python-Jinja2

This update for python-Jinja2 fixes the following issues: - CVE-2025-27516: Fixed sandbox breakout through attr filter selecting format method bsc1238879...

PT-2025-13440 · Unknown · Choco Tei Watcher Mini

Name of the Vulnerable Software and Affected Versions: CHOCO TEI WATCHER mini IB-MCT001 all versions Description: A Direct request 'Forced Browsing' issue exists, allowing a remote attacker to send a specially crafted HTTP request to obtain or delete product data, and/or alter product settings...

CVE-2025-29778

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were...

PT-2025-12669 · Kentico · Kentico Xperience

Name of the Vulnerable Software and Affected Versions: Kentico Xperience versions through 13.0.178 Description: An authentication bypass issue in Kentico Xperience allows attackers to bypass authentication via the Staging Sync Server component's password handling for the server-defined None type...

RHEL 8 : kpatch-patch-4_18_0-477_43_1, kpatch-patch-4_18_0-477_67_1, kpatch-patch-4_18_0-477_81_1, and kpatch-patch-4_18_0-477_89_1 (RHSA-2025:3094)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3094 advisory. This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patch module i...

Critical GitHub Attack

This is serious: A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical CI/CD secrets across tens of thousands of repositories. The attack, which originally targeted the widely used “tj-actions/changed-files” utility, is now believed to have...

CVE-2025-27779 Applio allows unsafe deserialization in model_blender.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in modelblender.py lines 20 and 21. modelfusiona and modelfusionb from voiceblender.py take user-supplied input e.g. a path to a model and pass that value to the runmodelblenderscript and...

CVE-2025-27780 Applio allows unsafe deserialization in model_information.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in modelinformation.py. modelname in modelinformation.py takes user-supplied input e.g. a path to a model and pass that value to the runmodelinformationscript and later to modelinformation...

CVE-2024-29195 affecting package azure-iot-sdk-c for versions less than 2022.01.21-4

CVE-2024-29195 affecting package azure-iot-sdk-c for versions less than 2022.01.21-4. A patched version of the package is available...

RockyLinux 9 : libpq (RLSA-2025:1738)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:1738 advisory. postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CVE-2025-1094 Tenable has extracted the preceding...

notice-facile.com Cross Site Scripting vulnerability OBB-4037592

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-52920 affecting package kernel for versions less than 6.6.64.2-9

CVE-2023-52920 affecting package kernel for versions less than 6.6.64.2-9. A patched version of the package is available...

CVE-2024-49897 affecting package kernel for versions less than 6.6.64.2-9

CVE-2024-49897 affecting package kernel for versions less than 6.6.64.2-9. A patched version of the package is available...

CVE-2024-43911 affecting package kernel for versions less than 6.6.64.2-9

CVE-2024-43911 affecting package kernel for versions less than 6.6.64.2-9. A patched version of the package is available...

CVE-2024-56599 affecting package kernel for versions less than 6.6.76.1-1

CVE-2024-56599 affecting package kernel for versions less than 6.6.76.1-1. A patched version of the package is available...

CVE-2024-56761 affecting package kernel for versions less than 6.6.76.1-1

CVE-2024-56761 affecting package kernel for versions less than 6.6.76.1-1. A patched version of the package is available...