Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview react-server-dom-parcel is a React Server Components bindings for DOM using Parcel. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an...

EUVD-2024-55314

PopojiCMS 2.0.1 contains an authenticated remote command execution vulnerability that allows administrative users to inject malicious PHP code through the metadata settings endpoint. Attackers can log in and modify the meta content to create a web shell that executes arbitrary system commands...

Ruijie RG-BCR 安全漏洞

Ruijie RG-BCR is a series of cloud routers from China Ruijie Ruijie. A security vulnerability exists in the Ruijie RG-BCR RG-BCR600W version, which stems from improper handling of a specially crafted POST request for getwanobj in the file /usr/lib/lua/luci/controller/admin/common.lua, which could...

PT-2025-50762

Name of the Vulnerable Software and Affected Versions APC Network Management Card 4 affected versions not specified Description The software contains a path traversal issue that allows unauthenticated attackers to access sensitive system files. Attackers can manipulate URL parameters to exploit...

CVE-2020-36895

EIBIZ i-Media Server Digital Signage 3.8.0 contains an unauthenticated configuration disclosure vulnerability that allows remote attackers to access sensitive configuration files via direct object reference. Attackers can retrieve the SiteConfig.properties file through an HTTP GET request, exposi...

CVE-2020-36895 EIBIZ i-Media Server Digital Signage 3.8.0 Unauthenticated Configuration Disclosure

EIBIZ i-Media Server Digital Signage 3.8.0 contains an unauthenticated configuration disclosure vulnerability that allows remote attackers to access sensitive configuration files via direct object reference. Attackers can retrieve the SiteConfig.properties file through an HTTP GET request, exposi...

CVE-2020-36895

CVE-2020-36895 affects EIBIZ i-Media Server Digital Signage 3.8.0. The issue is an unauthenticated configuration disclosure that lets remote attackers access sensitive configuration files via direct object reference, specifically enabling retrieval of SiteConfig.properties through an HTTP GET req...

CVE-2025-64153

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiExtender 7.6.0 through 7.6.3, FortiExtender 7.4.0 through 7.4.7, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated attacker to execute unauthorized...

CVE-2025-64153

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiExtender 7.6.0 through 7.6.3, FortiExtender 7.4.0 through 7.4.7, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated attacker to execute unauthorized...

CVE-2025-64153

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiExtender 7.6.0 through 7.6.3, FortiExtender 7.4.0 through 7.4.7, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated attacker to execute unauthorized...

EUVD-2025-202276

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiExtender 7.6.0 through 7.6.3, FortiExtender 7.4.0 through 7.4.7, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated attacker to execute unauthorized...

December 9, 2025—KB5071506 (Security-only update)

December 9, 2025—KB5071506 Security-only update Windows Secure Boot certificate expirationImportant: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Microsoft has been updating these certificates on consumer and non-managed business devices for the...

December 9, 2025—KB5071544 (OS Build 17763.8146)

December 9, 2025—KB5071544 OS Build 17763.8146 Windows Secure Boot certificate expirationImportant: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Microsoft has been updating these certificates on consumer and non-managed business devices for the pa...

PT-2025-50129

Name of the Vulnerable Software and Affected Versions Fortinet FortiWeb versions 8.0.0 through 8.0.1 Fortinet FortiWeb versions 7.6.0 through 7.6.5 Fortinet FortiWeb versions 7.4.0 through 7.4.10 Fortinet FortiWeb versions 7.2.0 through 7.2.11 Fortinet FortiWeb versions 7.0.0 through 7.0.11...

Fortinet FortiPortal 安全漏洞

Fortinet FortiPortal is an advanced, feature-rich hosted security analysis and management support tool for Fortinet's FortiGate, FortiWiFi, and FortiAP product lines, available as a virtual machine for MSPs. A security vulnerability exists in Fortinet FortiPortal versions 7.4.0 through 7.4.5 that...

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in the JDBC driver for Apache Hive

Summary Multiple vulnerabilities in the JDBC driver for Apache Hive that is used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2025-58163 DESCRIPTION: FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Versions 1.8.185 and earlier...

CVE-2025-14108

ZSPACE Q2C NAS 1.1.0210050) or apply vendor-provided fixes; restricting access to the affected API endpoint is a suggested workaround where feasible. If implementing, verify affected versions and monitor for vendor advisories.

Exploit for CVE-2025-55182

CVE-2025-55182 Raw HTTP Requests to exploit the insecure lazy...

Adobe Experience Manager (AEM) QueryBuilder JCR Hashed Password Disclosure

The remote Adobe Experience Manager AEM QueryBuilder Servlet is prone to an information disclosure vulnerability. An unauthenticated attacker can exploit this issue to retrieve the hashed passwords of users in the AEM instance by sending a specially crafted HTTP request to the QueryBuilder Servle...

CVE-2025-66373

Akamai Ghost on Akamai CDN edge servers before 2025-11-17 has a chunked request body processing error that can result in HTTP request smuggling. When Akamai Ghost receives an invalid chunked body that includes a chunk size different from the actual size of the following chunk data, under certain...