2772 matches found
PSF-2025-11
There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives...
WordPress Bricks Builder Theme <= 1.12.4 is vulnerable to SQL Injection
Software Bricks Builder Type Theme Vulnerable versions = 1.12.4 Fixed in 2.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2025-6495 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID a75c4498f744 Credits Jamie Burchell Required privilege Unauthenticated...
PT-2025-31145
Name of the Vulnerable Software and Affected Versions CPython versions affected versions not specified Description A defect exists in the CPython “tarfile” module, impacting the “TarFile” extraction and entry enumeration APIs. The tar implementation processes tar archives with negative offsets...
python311-starlette-0.47.2-1.1 on GA media (moderate)
python311-starlette-0.47.2-1.1 on GA media Announcement ID: openSUSE-SU-2025:15381-1 Rating: moderate Cross-References: CVE-2025-54121 CVSS scores: CVE-2025-54121 SUSE : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2025-54121 SUSE : 6.9...
BELL-CVE-2025-54090
Bulletin has no description...
CVE-2025-7953 Sanluan PublicCMS viewer.html redirect
A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS up to 5.202506.a. This issue affects some unknown processing of the file publiccms-parent/publiccms/src/main/webapp/resource/plugins/pdfjs/viewer.html. The manipulation of the argument File leads to open...
CVE-2025-7949 Sanluan PublicCMS preview.html redirect
A vulnerability was found in Sanluan PublicCMS up to 5.202506.a. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file publiccms-parent/publiccms/src/main/resources/templates/admin/cmsDiy/preview.html. The manipulation of the argument url lead...
redis security update
6.2.19-1 - rebase to 6.2.19 for CVE-2025-32023 and CVE-2025-48367 6.2.18-1 - rebase to 6.2.18 for CVE-2025-21605 6.2.17-1 -- rebase to 6.2.17 for CVE-2024-46981 6.2.16-1 - rebase to 6.2.16 RHEL-26627...
CVE-2025-7865
CVE-2025-7865 affects thinkgem JeeSite up to version 5.12.0. The XSS Filter component’s EncodeUtils.java xssFilter function mishandles the text parameter, enabling cross-site scripting via remote manipulation. Exploit has been publicly disclosed; remediation involves applying patch 3585737d21fe49...
CVE-2025-7863 thinkgem JeeSite ServletUtils.java redirectUrl
A vulnerability was found in thinkgem JeeSite up to 5.12.0 and classified as problematic. Affected by this issue is the function redirectUrl of the file src/main/java/com/jeesite/common/web/http/ServletUtils.java. The manipulation of the argument url leads to open redirect. The attack may be...
CVE-2025-54068
Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is...
CVE-2024-25178 affecting package sysbench for versions less than 1.0.20-6
CVE-2024-25178 affecting package sysbench for versions less than 1.0.20-6. A patched version of the package is available...
CVE-2024-25176 affecting package sysbench for versions less than 1.0.20-6
CVE-2024-25176 affecting package sysbench for versions less than 1.0.20-6. A patched version of the package is available...
CVE-2024-12718 affecting package python3 for versions less than 3.9.19-14
CVE-2024-12718 affecting package python3 for versions less than 3.9.19-14. A patched version of the package is available...
CVE-2025-54068
Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is...
RHSA-2025:11321 Red Hat Security Advisory: iputils security update
Bulletin has no description...
CVE-2025-53908
RomM is affected by an authenticated path traversal vulnerability in the /api/raw endpoint. Versions prior to 3.10.3 and prior to 4.0.0-beta.3 are vulnerable. The issue can allow leakage of passwords and user data on systems with multiple users (including unprivileged users such as the kiosk user...
BIT-APACHE-2024-42516 Apache HTTP Server: HTTP response splitting
HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response. This vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP...
CVE-2025-50086
...
Oracle Linux 8 : lz4 (ELSA-2025-11035)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-11035 advisory. - Fix CVE-2019-17543 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not tested fo...