2772 matches found
CVE-2025-48996 Unauthenticated Disclosure of PSU HAX CMS Site Listings via haxPsuUsage API Endpoint
HAX open-apis provides microservice apis for HAX webcomponents repo that are shared infrastructure calls. An unauthenticated information disclosure vulnerability exists in the Penn State University deployment of the HAX content management system via the haxPsuUsage API endpoint, related to a flat...
PT-2025-23480 · Multilaser · Multilaser Sirius Re016 Mlt1.0
Name of the Vulnerable Software and Affected Versions: Multilaser Sirius RE016 MLT1.0 Description: A problem was found in the processing of the file /cgi-bin/cstecgi.cgi, which leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and...
Debian: Security Advisory (DLA-4203-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-48489
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site Scripting XSS attacks due to insufficient data validation and sanitization during data reception. This issue has been patched in version 1.8.180...
PT-2025-23371 · WordPress · Wp-Geometa
Name of the Vulnerable Software and Affected Versions: WP-GeoMeta plugin for WordPress versions 0.3.4 through 0.3.5 Description: The issue is related to a missing capability check on the wp ajax wpgm start geojson import function, allowing authenticated attackers with Subscriber-level access and...
OESA-2025-1563 mod_security security update
This software is also called Modsec,it is an open-source web application firewall. It is designed for Apache HTTP Server.ModSecurity is commonly deployed to provide protections against generic classed of vulnerabilities.The install of this package is easy and you can read the README.TXT for more...
CVE-2025-48875 FreeScout Vulnerable to Stored XSS
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.181, the system's incorrect validation of lastname and firstname during profile data updates allows for the injection of arbitrary JavaScript code, which will be executed in a flesh-message when the data is deleted...
CVE-2025-48489 FreeScout Vulnerable to Stored XSS
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site Scripting XSS attacks due to insufficient data validation and sanitization during data reception. This issue has been patched in version 1.8.180...
CVE-2025-48487 FreeScout Vulnerable to Stored XSS
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when creating a translation of a phrase that appears in a flash-message after a completed action, it is possible to inject a payload to exploit XSS vulnerability. This issue has been patched in version 1.8.180...
CVE-2025-48485 FreeScout Vulnerable to Stored XSS
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site Scripting XSS attacks due to incorrect input validation and sanitization of user-input data when an authenticated user updates the profile of an arbitrary customer...
CVE-2025-48492 GetSimple CMS RCE in Edit component
GetSimple CMS is a content management system. In versions starting from 3.3.16 to 3.3.21, an authenticated user with access to the Edit component can inject arbitrary PHP into a component file and execute it via a crafted query string, resulting in Remote Code Execution RCE. This issue is set to ...
ConnectWise Hit by Cyberattack; Nation-State Actor Suspected in Targeted Breach
ConnectWise, the developer of remote access and support software ScreenConnect, has disclosed that it was the victim of a cyber attack that it said was likely perpetrated by a nation-state threat actor. "ConnectWise recently learned of suspicious activity within our environment that we believe wa...
CVE-2025-48482
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, there is a mass assignment vulnerability. The Customer object is updated using the fill method, which processes fields such as channel and channelid. However, the fill method is called with all client-provided...
CVE-2025-47952
Traefik (HTTP reverse proxy/load balancer) had a path-matching bypass vulnerability prior to 2.11.25 and 3.4.1 when a URL with an encoded path string could bypass the middleware chain and target a backend exposed via another router. Affected versions: <2.11.25 and
Photon OS 4.0: Nodejs PHSA-2025-4.0-0807
An update of the nodejs package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0807. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
About Cross Site Scripting – MDaemon Email Server (CVE-2024-11182)
About Cross Site Scripting - MDaemon Email Server CVE-2024-11182. An attacker can send an HTML-formatted email containing malicious JavaScript code embedded in an img tag. If the user opens the email in the MDaemon Email Server's web interface, the malicious JavaScript code will execute in the...
CVE-2025-46570 vLLM’s Chunk-Based Prefix Caching Vulnerable to Potential Timing Side-Channel
vLLM is an inference and serving engine for large language models LLMs. Prior to version 0.9.0, when a new prompt is processed, if the PageAttention mechanism finds a matching prefix chunk, the prefill process speeds up, which is reflected in the TTFT Time to First Token. These timing differences...
PT-2025-23672 · Tenda · Tenda Rx3
Name of the Vulnerable Software and Affected Versions: Tenda RX3 version 16.03.13.11 multi TDE01 Description: A critical issue affects the function save staticroute data of the file "/goform/SetStaticRouteCfg". The manipulation of the argument list leads to a stack-based buffer overflow. The atta...
CVE-2024-4603 affecting package edk2 for versions less than 20240524git3e722403cd16-8
CVE-2024-4603 affecting package edk2 for versions less than 20240524git3e722403cd16-8. A patched version of the package is available...
CVE-2025-32415 affecting package libxml2 for versions less than 2.11.5-5
CVE-2025-32415 affecting package libxml2 for versions less than 2.11.5-5. A patched version of the package is available...