Vulnerabilities

  

CVE-2025-57763 | LabRedesCefetRJ WeGIA up to 3.4.6 insere_despacho.php cross site scripting (GHSA-67w3-jf96-f754 / EUVD-2025-25461)

A vulnerability was found in LabRedesCefetRJ WeGIA up to 3.4.6. It has been classified as problematic. Impacted is an unknown

  

CVE-2025-57765 | LabRedesCefetRJ WeGIA up to 3.4.6 pre_cadastro_adotante.php msg_e cross site scripting (GHSA-39r5-c63f-99mx)

A vulnerability was found in LabRedesCefetRJ WeGIA up to 3.4.6 and classified as problematic. This issue affects some unknown processing

  

CVE-2025-6465 | Mattermost up to 10.5.8/10.8.3/10.9.3/10.10.0 File Attachment path traversal (EUVD-2025-25460)

A vulnerability described as critical has been identified in Mattermost up to 10.5.8/10.8.3/10.9.3/10.10.0. Affected by this issue is some unknown

  

CVE-2025-57753 | sapphi-red vite-plugin-static-copy up to 2.3.1/3.1.1 path traversal (GHSA-pp7p-q8fx-2968)

A vulnerability marked as critical has been reported in sapphi-red vite-plugin-static-copy up to 2.3.1/3.1.1. Affected by this vulnerability is an

  

CVE-2025-55297 | Espressif ESP-IDF up to 5.0.8/5.1.5/5.3.2/5.4.0 buffer overflow (GHSA-9w88-r2vm-qfc4)

A vulnerability labeled as critical has been found in Espressif ESP-IDF up to 5.0.8/5.1.5/5.3.2/5.4.0. Affected is an unknown function. The

  

CVE-2025-55420 | FoxCMS 1.2.6 /index.php cross site scripting (EUVD-2025-25450)

A vulnerability identified as problematic has been detected in FoxCMS 1.2.6. This impacts an unknown function of the file /index.php.

  

CVE-2025-55743 | UnoPim up to 0.2.0 unrestricted upload (GHSA-v22v-xwh7-2vrm / EUVD-2025-25455)

A vulnerability categorized as critical has been discovered in UnoPim up to 0.2.0. This affects an unknown function. Executing manipulation

  

CVE-2025-52395 | Roadcute API 1.0 password recovery (EUVD-2025-25451)

A vulnerability was found in Roadcute API 1.0. It has been rated as critical. The impacted element is an unknown

  

CVE-2025-48956 | vLLM up to 0.0.x HTTP Endpoint resource consumption (GHSA-rxc4-3w6r-4v47)

A vulnerability was found in vLLM up to 0.0.x. It has been declared as problematic. The affected element is an

  

CVE-2025-55744 | UnoPim up to 0.2.0 cross-site request forgery (GHSA-287x-6r2h-f9mw / EUVD-2025-25449)

A vulnerability has been found in UnoPim up to 0.2.0 and classified as problematic. The affected element is an unknown

  

CVE-2025-57754 | kristoferfannar eslint-ban-moment up to 3.0.0 password in configuration file (GHSA-2486-4cjg-pw98)

A vulnerability, which was classified as problematic, was found in kristoferfannar eslint-ban-moment up to 3.0.0. Impacted is an unknown function.

  

CVE-2025-43755 | Liferay Portal/DXP cross site scripting (EUVD-2025-25463)

A vulnerability, which was classified as problematic, has been found in Liferay Portal and DXP. This issue affects some unknown

  

CVE-2025-55742 | UnoPim up to 0.2.0 SVG create cross site scripting (GHSA-xr97-25v7-hc2q)

A vulnerability classified as problematic was found in UnoPim up to 0.2.0. This vulnerability affects unknown code of the file

  

CVE-2025-8402 | Mattermost up to 9.11.17/10.5.8/10.8.3/10.9.3/10.10.0 improper validation of specified type of input (EUVD-2025-25459)

A vulnerability classified as problematic has been found in Mattermost up to 9.11.17/10.5.8/10.8.3/10.9.3/10.10.0. This affects an unknown part. Performing manipulation

  

CVE-2025-43756 | Liferay Portal/DXP snippet cross site scripting

A vulnerability was found in Liferay Portal and DXP and classified as problematic. The impacted element is an unknown function.

  

CVE-2025-55383 | Moss up to 0.14 Configuration upload unrestricted upload (Issue 16)

A vulnerability identified as critical has been detected in Moss up to 0.14. Affected by this issue is the function

  

CVE-2025-55521 | Akaunting 3.1.18 HTTP POST Request /settings/localisation denial of service

A vulnerability categorized as problematic has been discovered in Akaunting 3.1.18. Affected by this vulnerability is an unknown functionality of

  

CVE-2025-55522 | Akaunting 3.1.18 /common/reports Name cross site scripting

A vulnerability was found in Akaunting 3.1.18. It has been rated as problematic. Affected is an unknown function of the

  

CVE-2025-7969 | markdown-it 14.1.0 lib/renderer.mjs cross site scripting (EUVD-2025-25465)

A vulnerability was found in markdown-it 14.1.0. It has been declared as problematic. This impacts an unknown function in the

  

CVE-2025-53251 | An-Themes Pin WP Plugin up to 6.9 on WordPress unrestricted upload

A vulnerability was found in An-Themes Pin WP Plugin up to 6.9 on WordPress. It has been classified as critical.

  

Oracle Linux 9: ELSA-2025-14075 xterm Moderate Security Issue Fix

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:LinuxSecurity – Security AdvisoriesRead More

  

Oracle Linux 9 ELSA-2025-13962 Kernel Important Update for Threats

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:LinuxSecurity – Security AdvisoriesRead More

  

Oracle Linux 8 ELSA-2025-14177 Tomcat Important DoS Security Advisory

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:LinuxSecurity – Security AdvisoriesRead More

  

Oracle Linux 10: ELSA-2025-14137 libarchive Important Remote Access

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:LinuxSecurity – Security AdvisoriesRead More

  

Oracle Linux 9: Tomcat Important DoS Security Advisory ELSA-2025-14181

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:LinuxSecurity – Security AdvisoriesRead More

  

Oracle Linux 9 libarchive Important Security Update ELSA-2025-14130

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:LinuxSecurity – Security AdvisoriesRead More

  

CVE-2025-51818 | MCCMS 2.7.0 Backups.php

A vulnerability was found in MCCMS 2.7.0. It has been classified as problematic. This affects an unknown part of the

  

CVE-2025-55366 | jshERP 3.5 User Account UserController.java access control

A vulnerability was found in jshERP 3.5 and classified as critical. Affected by this issue is some unknown functionality of

  

CVE-2025-55370 | jshERP 3.5 ResourceController.java ID access control

A vulnerability has been found in jshERP 3.5 and classified as critical. Affected by this vulnerability is an unknown functionality

  

CVE-2025-34158 | Plex Media Server up to 1.42.0.x input validation

A vulnerability, which was classified as very critical, was found in Plex Media Server up to 1.42.0.x. Affected is an

  

CVE-2025-55371 | jshERP 3.5 PersonController.java getAllList access control

A vulnerability marked as critical has been reported in jshERP 3.5. This affects the function getAllList of the file /controller/PersonController.java.

  

CVE-2025-52194 | Libsndfile 1.2.2 IRCAM Audio File src/ircam.c ircam_read_header memory corruption

A vulnerability labeled as critical has been found in Libsndfile 1.2.2. The impacted element is the function ircam_read_header of the

  

CVE-2025-55368 | jshERP 3.5 RoleController.java access control

A vulnerability identified as critical has been detected in jshERP 3.5. The affected element is an unknown function of the

  

CVE-2025-55367 | jshERP 3.5 SupplierController.java access control

A vulnerability categorized as critical has been discovered in jshERP 3.5. Impacted is an unknown function of the file controllerSupplierController.java.

  

CVE-2025-55564 | Tenda AC15 15.03.05.19_multi_TD01 fromSetIpMacBind list stack-based overflow

A vulnerability was found in Tenda AC15 15.03.05.19_multi_TD01. It has been rated as critical. This issue affects the function fromSetIpMacBind.

  

CVE-2025-47184 | Exagid EX10 7.0.1p02 API Endpoint /init xml external entity reference

A vulnerability was found in Exagid EX10 7.0.1p02. It has been declared as problematic. This vulnerability affects unknown code of

  

CVE-2025-50860 | Easy Hosting Control Panel EHCP 20.04.1.b listdomains arananalan sql injection

A vulnerability described as critical has been identified in Easy Hosting Control Panel EHCP 20.04.1.b. This impacts the function listdomains.

  

SUSE: Key Security Update for Linux Kernel CVE-2025-38079 DoS Alert

* bsc#1245218 * bsc#1245350 * bsc#1247350 * bsc#1247351LinuxSecurity – Security AdvisoriesRead More

  

Ubuntu 20.04 LTS: Important Security Updates USN-7701-3 Released

Several security issues were fixed in the Linux kernel.LinuxSecurity – Security AdvisoriesRead More

  

Debian: Chromium Critical Exec Code Denial Service CVE-2025-9132 DSA-5981-1

A security issues was discovered in Chromium which could result in the execution of arbitrary code, denial of service, or

  

SUSE: Linux Kernel Important Security Fix ID 2025:02933-1 CVE-2025-38079

* bsc#1245218 * bsc#1247350 * bsc#1247351 Cross-References:LinuxSecurity – Security AdvisoriesRead More

  

CVE-2025-49222 | Mattermost up to 9.11.17/10.5.8/10.8.3/10.9.2/10.10.0 Non-Attachment File unrestricted upload

A vulnerability identified as critical has been detected in Mattermost up to 9.11.17/10.5.8/10.8.3/10.9.2/10.10.0. This vulnerability affects unknown code of the

  

CVE-2025-8023 | Mattermost up to 9.11.17/10.5.8/10.8.3/10.9.2 path traversal

A vulnerability labeled as critical has been found in Mattermost up to 9.11.17/10.5.8/10.8.3/10.9.2. This issue affects some unknown processing. Such

  

CVE-2025-47870 | Mattermost up to 9.11.17/10.5.8/10.8.3/10.9.2 restore missing authentication

A vulnerability categorized as critical has been discovered in Mattermost up to 9.11.17/10.5.8/10.8.3/10.9.2. This affects an unknown part of the

  

CVE-2025-53971 | Mattermost up to 9.11.17/10.5.8 API Endpoint schemeRoles authorization

A vulnerability marked as problematic has been reported in Mattermost up to 9.11.17/10.5.8. Impacted is an unknown function of the

  

CVE-2025-49810 | Mattermost up to 10.5.8 authorization

A vulnerability, which was classified as problematic, has been found in Mattermost up to 10.5.8. This impacts an unknown function.

  

CVE-2025-7390 | Softing Industrial Automation OPC UA C++ SDK/edgeConnector/edgeAggregator certificate validation

A vulnerability classified as critical was found in Softing Industrial Automation OPC UA C++ SDK, edgeConnector and edgeAggregator. This affects

  

CVE-2025-47700 | Mattermost up to 10.5.8 Agents Plugin server-side request forgery

A vulnerability classified as critical has been found in Mattermost up to 10.5.8. The impacted element is an unknown function

  

CVE-2025-36530 | Mattermost up to 9.11.17/10.5.8/10.8.3/10.9.1 Plugin Import path traversal

A vulnerability described as critical has been identified in Mattermost up to 9.11.17/10.5.8/10.8.3/10.9.1. The affected element is an unknown function

  

CVE-2025-9310 | yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3 Druid login.html hard-coded credentials

A vulnerability was found in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. It has been declared as critical. Affected by this vulnerability

  

CVE-2025-9309 | Tenda AC10 16.03.10.13 MD5 Hash /etc_ro/shadow hard-coded credentials

A vulnerability was found in Tenda AC10 16.03.10.13. It has been classified as problematic. Affected is an unknown function of

  

CVE-2025-9308 | yarnpkg Yarn up to 1.22.22 request-manager.js setOptions redos (ID 9203)

A vulnerability was found in yarnpkg Yarn up to 1.22.22 and classified as problematic. This impacts the function setOptions of

  

CVE-2025-9311 | itsourcecode Apartment Management System 1.0 /fair/addfair.php ID sql injection

A vulnerability was found in itsourcecode Apartment Management System 1.0. It has been rated as critical. Affected by this issue

  

CVE-2025-9305 | SourceCodester Online Bank Management System 1.0 /bank/mnotice.php ID sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Online Bank Management System 1.0. The affected element

  

CVE-2025-9304 | SourceCodester Online Bank Management System 1.0 /bank/show.php ID sql injection

A vulnerability classified as critical was found in SourceCodester Online Bank Management System 1.0. Impacted is an unknown function of

  

CVE-2025-9303 | TOTOLINK A720R 4.1.5cu.630_B20250509 /cgi-bin/cstecgi.cgi setParentalRules desc buffer overflow

A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5cu.630_B20250509. This issue affects the function setParentalRules of the

  

CVE-2025-9302 | PHPGurukul User Management System 1.0 /signup.php emailid sql injection

A vulnerability described as critical has been identified in PHPGurukul User Management System 1.0. This vulnerability affects unknown code of

  

CVE-2025-9301 | cmake 4.1.20250725-gb5cce23 cmForEachCommand.cxx ReplayItems assertion (Issue 27135)

A vulnerability marked as problematic has been reported in cmake 4.1.20250725-gb5cce23. This affects the function cmForEachFunctionBlocker::ReplayItems of the file cmForEachCommand.cxx.

  

CVE-2025-9300 | saitoha libsixel up to 1.10.3 img2sixel src/encoder.c sixel_debug_print_palette stack-based overflow (Issue 200)

A vulnerability labeled as critical has been found in saitoha libsixel up to 1.10.3. Affected by this issue is the

  

CVE-2025-9306 | SourceCodester Advanced School Management System 1.0 addNotice noticeSubject cross site scripting

A vulnerability, which was classified as problematic, was found in SourceCodester Advanced School Management System 1.0. The impacted element is

  

CVE-2025-9307 | PHPGurukul Online Course Registration 3.1 /admin/session.php sesssion sql injection

A vulnerability has been found in PHPGurukul Online Course Registration 3.1 and classified as critical. This affects an unknown function

  

CVE-2025-27216 | Ubiquiti UISP Application up to 2.4.219 permission

A vulnerability labeled as critical has been found in Ubiquiti UISP Application up to 2.4.219. This impacts an unknown function.

  

CVE-2025-53504 | Intermesh Group-Office up to 6.8.118/25.0.19 cross site scripting

A vulnerability identified as problematic has been detected in Intermesh Group-Office up to 6.8.118/25.0.19. This affects an unknown function. Performing

  

CVE-2025-27214 | Ubiquiti UniFi Connect EV Station Pro up to 1.5.26 missing authentication

A vulnerability categorized as critical has been discovered in Ubiquiti UniFi Connect EV Station Pro up to 1.5.26. The impacted

  

CVE-2025-53505 | Intermesh Group-Office up to 6.8.118/25.0.19 path traversal

A vulnerability was found in Intermesh Group-Office up to 6.8.118/25.0.19. It has been rated as critical. The affected element is

  

CVE-2025-48355 | ProveSource Social Proof Plugin up to 3.0.5 on WordPress exposure of sensitive system information to an unauthorized control sphere

A vulnerability was found in ProveSource Social Proof Plugin up to 3.0.5 on WordPress. It has been declared as problematic.

  

CVE-2025-48978 | Ubiquiti EdgeMAX EdgeSwitch up to 1.11.0 command injection

A vulnerability was found in Ubiquiti EdgeMAX EdgeSwitch up to 1.11.0. It has been classified as critical. This issue affects

  

CVE-2025-27215 | Ubiquiti UniFi Connect Display Cast up to 1.10.6 access control

A vulnerability was found in Ubiquiti UniFi Connect Display Cast, UniFi Connect Display Cast Pro and UniFi Connect Display Cast

  

CVE-2025-9273 | CData API Server MySQL information disclosure

A vulnerability has been found in CData API Server and classified as problematic. Impacted is an unknown function of the

  

CVE-2025-9276 | Cockroach Labs cockroach-k8s-request-cert improper authentication

A vulnerability, which was classified as critical, was found in Cockroach Labs cockroach-k8s-request-cert. This issue affects some unknown processing. Executing

  

CVE-2025-9274 | Oxford Instruments Imaris Viewer IMS File Parser uninitialized pointer

A vulnerability, which was classified as critical, has been found in Oxford Instruments Imaris Viewer. This vulnerability affects unknown code

  

CVE-2025-9275 | Oxford Instruments Imaris Viewer IMS File Parser out-of-bounds write

A vulnerability classified as critical was found in Oxford Instruments Imaris Viewer. This affects an unknown part of the component

  

CVE-2025-27217 | Ubiquiti UISP Application up to 2.4.219 server-side request forgery

A vulnerability classified as critical has been found in Ubiquiti UISP Application up to 2.4.219. Affected by this issue is

  

CVE-2025-9287 | browserify cipher-base up to 1.0.4 input validation (GHSA-cpq7-6gpm-g9rc)

A vulnerability described as problematic has been identified in browserify cipher-base up to 1.0.4. Affected by this vulnerability is an

  

CVE-2025-9288 | browserify sha.js up to 2.4.11 input validation (GHSA-95m3-7q98-8xr5)

A vulnerability marked as problematic has been reported in browserify sha.js up to 2.4.11. Affected is an unknown function. The

  

CVE-2025-9141 | vllm quen3 deserialization

A vulnerability was found in vllm and classified as critical. The affected element is an unknown function of the component

  

CVE-2025-9299 | Tenda M3 1.0.0.12 getMasterPassengerAnalyseData formGetMasterPassengerAnalyseData Time stack-based overflow

A vulnerability identified as critical has been detected in Tenda M3 1.0.0.12. Affected by this vulnerability is the function formGetMasterPassengerAnalyseData

  

CVE-2025-9298 | Tenda M3 1.0.0.12 /goform/QuickIndex formQuickIndex PPPOEPassword stack-based overflow

A vulnerability categorized as critical has been discovered in Tenda M3 1.0.0.12. Affected is the function formQuickIndex of the file

  

CVE-2025-9297 | Tenda i22 1.0.0.3(4687) /goform/wxportalauth formWeixinAuthInfoGet Type stack-based overflow

A vulnerability was found in Tenda i22 1.0.0.3(4687). It has been rated as critical. This impacts the function formWeixinAuthInfoGet of

  

CVE-2025-9296 | Emlog Pro up to 2.5.18 blogger.php?action=update_avatar image unrestricted upload

A vulnerability was found in Emlog Pro up to 2.5.18. It has been declared as critical. This affects an unknown

  

CVE-2025-8064 | Bible SuperSearch Plugin up to 6.0.1 on WordPress selector_height cross site scripting

A vulnerability was found in Bible SuperSearch Plugin up to 6.0.1 on WordPress. It has been classified as problematic. The

  

SUSE: Linux Kernel Important Security Update 2025:02932-1 CVE-2024-36978

* bsc#1244631 * bsc#1245218 * bsc#1245350 * bsc#1247350 * bsc#1247351LinuxSecurity – Security AdvisoriesRead More

  

Slackware 15.0 Mozilla Thunderbird Critical Security Update SSA:2025-232-01

New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues.LinuxSecurity – Security AdvisoriesRead More

  

Ubuntu 22.04 LTS: USN-7704-3 Linux Kernel Critical Issues

Several security issues were fixed in the Linux kernel.LinuxSecurity – Security AdvisoriesRead More

  

Ubuntu 24.04 LTS: Linux Kernel Critical Security Issues USN-7703-2

Several security issues were fixed in the Linux kernel.LinuxSecurity – Security AdvisoriesRead More

  

Ubuntu 24.04: Linux Kernel Critical Update USN-7699-2 CVE-2025-38011

Several security issues were fixed in the Linux kernel.LinuxSecurity – Security AdvisoriesRead More

  

Debian: Firefox-ESR Critical Arbitrary Code Execution DSA-5980-1

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of

  

CVE-2024-57152 | WinterChenS my-site 1.0.2 preHandle access control (Issue 92)

A vulnerability was found in WinterChenS my-site 1.0.2. It has been classified as critical. Affected by this issue is the

  

CVE-2025-50902 | old-peanut Open-Shop up to 1.0.0 HTTP POST Message cross-site request forgery

A vulnerability was found in old-peanut Open-Shop up to 1.0.0 and classified as problematic. Affected by this vulnerability is an

  

CVE-2025-43746 | Liferay Portal/DXP cross site scripting

A vulnerability was found in Liferay Portal and DXP. It has been rated as problematic. This vulnerability affects unknown code.

  

CVE-2025-5115 | Eclipse Jetty resource consumption

A vulnerability was found in Eclipse Jetty up to 9.4.57/10.0.25/11.0.25/12.0.21/12.1.0.alpha2. It has been declared as problematic. This affects an unknown

  

CVE-2025-8895 | WP Webhooks Plugin up to 3.3.5 on WordPress Remote Code Execution

A vulnerability marked as critical has been reported in WP Webhooks Plugin up to 3.3.5 on WordPress. The impacted element

  

CVE-2025-54988 | Apache Tika up to 3.2.1 XFA File xml external entity reference

A vulnerability labeled as problematic has been found in Apache Tika up to 3.2.1. The affected element is an unknown

  

CVE-2024-57154 | dts-shop 0.0.1-SNAPSHOT /admin/auth/index access control

A vulnerability identified as critical has been detected in dts-shop 0.0.1-SNAPSHOT. Impacted is an unknown function of the file /admin/auth/index.

  

CVE-2025-43757 | Liferay Portal/DXP cross site scripting

A vulnerability categorized as problematic has been discovered in Liferay Portal and DXP. This issue affects some unknown processing. The

  

CVE-2024-57155 | radar 1.0.8 API access control (Issue 100)

A vulnerability described as critical has been identified in radar 1.0.8. This affects an unknown function of the component API.

  

MSSQL Database Privilege Elevation From ALTER ANY LOGIN To SYSADMIN

Topic: MSSQL Database Privilege Elevation From ALTER ANY LOGIN To SYSADMIN Risk: High Text:Title: MSSQL Database Privilege Elevation From ALTER