2772 matches found
apache2-mod_security2-2.9.11-1.1 on GA media (moderate)
apache2-modsecurity2-2.9.11-1.1 on GA media Announcement ID: openSUSE-SU-2025:15313-1 Rating: moderate Cross-References: CVE-2025-52891 CVSS scores: CVE-2025-52891 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-52891 SUSE : 8.2...
CVE-2025-53106
Graylog is a free and open log management platform. In versions 6.2.0 to before 6.2.4 and 6.3.0-alpha.1 to before 6.3.0-rc.2, Graylog users can gain elevated privileges by creating and using API tokens for the local Administrator or any other user for whom the malicious user knows the ID. For the...
CVE-2025-38206 exfat: fix double free in delayed_free
In the Linux kernel, the following vulnerability has been resolved: exfat: fix double free in delayedfree The double free could happen in the following path. exfatcreateupcasetable exfatcreateupcasetable : return error exfatfreeupcasetable : free -volutbl exfatloaddefaultupcasetable : return erro...
Cisco Issues Emergency Fix for Critical Root Credential Flaw in Unified CM
Cisco fixes critical root credential vulnerability in Unified CM rated CVSS 10 urging users to patch now to stop remote admin takeovers...
PT-2025-27882 · Woocommerce · Zoomit Woocommerce Shop Page Builder
Name of the Vulnerable Software and Affected Versions: ZoomIt WooCommerce Shop Page Builder versions 2.27.7 and earlier Description: The issue is related to a Missing Authorization vulnerability in ZoomIt WooCommerce Shop Page Builder, which allows exploiting incorrectly configured access control...
CVE-2025-53367 DjVuLibre OOB-Write Vulnerability in MMRDecoder
DjVuLibre is a GPL implementation of DjVu, a web-centric format for distributing documents and images. Prior to version 3.5.29, the MMRDecoder::scanruns method is affected by an OOB-write vulnerability, because it does not check that the xr pointer stays within the bounds of the allocated buffer...
CVE-2025-53006 Dataease PostgreSQL & Redshift Data Source JDBC Connection Parameters Bypass Vulnerability
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, in both PostgreSQL and Redshift, apart from parameters like "socketfactory" and "socketfactoryarg", there are also "sslfactory" and "sslfactoryarg" with similar functionality. The difference li...
CVE-2025-27153
Escalade GLPI plugin is a ticket escalation process helper for GLPI. Prior to version 2.9.11, there is an improper access control vulnerability. This can lead to data exposure and workflow disruptions. This issue has been patched in version 2.9.11...
CVE-2025-53103 JUnit OpenTestReportGeneratingListener can leak Git credentials
JUnit is a testing framework for Java and the JVM. From version 5.12.0 to 5.13.1, JUnit's support for writing Open Test Reporting XML files can leak Git credentials. The impact depends on the level of the access token exposed through the OpenTestReportGeneratingListener. If these test reports are...
CVE-2025-53100
The CVE-2025-53100 entry concerns RestDB codehooks-mcp-server (Codehooks.io MCP Server). Before version 0.2.2, the MCP Server tools definition/implementation allow user-initiated remote command injection, enabling a potential attacker to execute commands on a running MCP Server. The issue is stat...
CVE-2025-6297
It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and...
CVE-2024-49364 tiny-secp256k1 vulnerable to private key extraction when signing a malicious JSON-stringifyable message in bundled environment
tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a private key can be extracted on signing a malicious JSON-stringifiable object, when global Buffer is the buffer package. This affects only environments where require'buffer' is the NPM buffer package. The...
CVE-2025-53003 Janssen Config API returns results without scope verification
The Janssen Project is an open-source identity and access management IAM platform. Prior to version 1.8.0, the Config API returns results without scope verification. This has a large internal surface attack area that exposes all sorts of information from the IDP including clients, users, scripts...
CVE-2025-53005 Dataease PostgreSQL Data Source JDBC Connection Parameters Bypass Vulnerability
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's PostgreSQL Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has...
CVE-2025-53005 Dataease PostgreSQL Data Source JDBC Connection Parameters Bypass Vulnerability
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's PostgreSQL Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has...
PT-2025-27530 · Unknown · Campcodes Employee Management System
Name of the Vulnerable Software and Affected Versions: Campcodes Employee Management System version 1.0 Description: A critical vulnerability has been found in the Campcodes Employee Management System, affecting an unknown functionality of the file /applyleave.php. The manipulation of the ID...
CVE-2025-53004 Dataease Redshift Data Source JDBC Connection Parameters Bypass Vulnerability
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's Redshift Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has...
PT-2025-27387 · Sourcecodester · Sourcecodester Best Pos Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Best Salon Management System version 1.0 Description: A critical issue has been discovered, affecting an unknown functionality of the file /panel/edit-subscription.php. The manipulation of the editid argument leads to SQL...
SUSE SLES15 / openSUSE 15 Security Update : google-osconfig-agent (SUSE-SU-2025:02149-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:02149-1 advisory. - Update to version 20250416.02 bsc1244304, bsc1244503 defaultSleeper: tolerate 10% difference to reduce test flakiness Add...
CVE-2025-6775
The CVE-2025-6775 entry concerns xiaoyunjie openvpn-cms-flask (versions