2772 matches found
CVE-2025-5896
A vulnerability was found in tarojs taro up to 4.1.1. It has been declared as problematic. This vulnerability affects unknown code of the file taro/packages/css-to-react-native/src/index.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely...
CVE-2025-5889
A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely...
33,000 WordPress Sites Affected by Privilege Escalation Vulnerability in RealHomes WordPress Theme
🌞Spring Into Summer Challenge: Critical Threats = Critical Rewards. 🌞 🔥 Now through August 4, 2025, earn 2X bounty rewards for all in-scope submissions from our'High Threat' list in software with fewer than 5 million active installs. Submit bold. Earn big! 🔥 On May 4th, 2025, we received a...
CVE-2025-48053
Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, sending a malicious URL in a PM to a bot user can cause a reduced the availability of a Discourse instance...
Fedora: Security Advisory (FEDORA-2025-15220f1411)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 41 : libvpx (2025-15220f1411)
The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-15220f1411 advisory. Add patch for double free Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...
CVE-2024-56805 QTS, QuTS hero
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to possible denial of service due to rack ( CVE-2024-25126 )
Summary Rack is a modular Ruby web server interface used by IBM Cloud Pak for Data as part of the platform. CVE-2024-25126. Vulnerability Details CVEID:CVE-2024-25126 DESCRIPTION: Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parse...
PT-2025-24397 · Tenda · Tenda Ac7
Name of the Vulnerable Software and Affected Versions: Tenda AC7 version 15.03.06.44 Description: A critical issue affects the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the list argument leads to a buffer overflow. The attack may be initiated remotely...
PT-2025-24007 · Sourcecodester · Sourcecodester Open Source Clinic Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Open Source Clinic Management System version 1.0 Description: A critical vulnerability has been found in the SourceCodester Open Source Clinic Management System. The issue affects an unknown function of the file /login.php. The...
PT-2025-23916
Name of the Vulnerable Software and Affected Versions PHPGurukul Complaint Management System version 2.0 Description A critical issue was found in the PHPGurukul Complaint Management System, affecting an unknown part of the file /admin/edit-subcategory.php. The manipulation of the subcategory...
CVE-2025-48935 Deno has --allow-read / --allow-write permission bypass in `node:sqlite`
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 2.2.0 and prior to versions 2.2.5, it is possible to bypass Deno's permission read/write db permission check by using ATTACH DATABASE statement. Version 2.2.5 contains a patch for the issue...
electron{34,35,36} -- Out of bounds read and write in V8
Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2025-5419...
CVE-2025-49002
DataEase (open source BI/visualization) contains a vulnerability in versions prior to 2.10.10 where a patch for CVE-2025-32966 can be bypassed due to case-insensitive handling, specifically when INIT and RUNSCRIPT are prohibited. The issue is fixed in v2.10.10. A GitHub exploit post (DataEase_Pos...
CVE-2025-49002 Dataease H2 Database Remote Code Execution (RCE) Bypass Vulnerability
DataEase is an open source business intelligence and data visualization tool. Versions prior to version 2.10.10 have a flaw in the patch for CVE-2025-32966 that allow the patch to be bypassed through case insensitivity because INIT and RUNSCRIPT are prohibited. The vulnerability has been fixed in...
CVE-2025-30360 webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser
webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1, webpack-dev-server users' source code may be stolen when you access a malicious web site with non-Chromium based browser. The Origin header is checked to prevent Cross-si...
Security Bulletin: IBM Engineering Systems Design Rhapsody affected by CVE-2024-6763
Summary jetty-http-12.0.9.jar, jetty-server-12.0.9.jar was vulnerable and IBM Engineering Systems Design Rhapsodyhas upgraded JARs to org.eclipse.jetty:jetty-http:12.0.12;org.eclipse.jetty:jetty-server:12.0.12 Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight,...
PT-2025-23650 · Unknown · Quequnlong Shiyi-Blog
Name of the Vulnerable Software and Affected Versions: quequnlong shiyi-blog versions up to 1.2.1 Description: A vulnerability has been found in quequnlong shiyi-blog, affecting an unknown functionality of the file "/dev-api/api/comment/add". The manipulation of the content argument leads to...
PT-2025-29389
Name of the Vulnerable Software and Affected Versions GNU Binutils version 2.45 Description A problematic vulnerability exists in the copy section function within the binutils/objcopy.c file. This manipulation leads to a heap-based buffer overflow, requiring local access for exploitation. The...
CVE-2025-48996
HAX open-apis provides microservice apis for HAX webcomponents repo that are shared infrastructure calls. An unauthenticated information disclosure vulnerability exists in the Penn State University deployment of the HAX content management system via the haxPsuUsage API endpoint, related to a flat...