CVE Brief Security Intelligence

Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/save_collection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP code into collection rules parameters

A vulnerability exists in Chartbrew that may allow unauthorized access or impact data integrity due to its direct integration with databases and APIs.

A vulnerability in Chartbrew, an open-source data visualization tool, could potentially be leveraged by attackers to compromise connected data sources.

Jenkins Credentials Binding Plugin 719

An identified vulnerability in Chartbrew may expose connected databases or APIs to unauthorized access or manipulation.

A vulnerability within the Chartbrew web application may allow attackers to exploit its database and API integration features.

Cockpit 2

The Otter Blocks plugin for WordPress is vulnerable to Purchase Verification Bypass in all versions up to, and including, 3

XATABoost CMS 1

Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before version 1

Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission

pgjdbc is an open source postgresql JDBC Driver

A weakness has been identified in SourceCodester Advanced School Management System 1

AgentFlow is vulnerable to arbitrary code execution, allowing attackers to execute local Python files via the pipeline_path parameter in specific API endpoints.

Improper neutralization of CRLF sequences ('CRLF injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus allows Authentication Bypass

The LabOne Q serialization framework uses a class-loading mechanism (import_cls) to dynamically import and instantiate Python classes during deserialization

A security vulnerability has been detected in EyouCMS up to 1

A vulnerability has been detected in VetCoders mcp-server-semgrep, potentially impacting its operation or security.

A vulnerability has been found in SourceCodester Hotel Management System 1

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1

A vulnerability was identified in itsourcecode Electronic Judging System 1

TLS protocol dissector heap overflow in Wireshark 4

HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands

Local privilege escalation due to improper input validation

Local privilege escalation due to improper input validation

Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation

Improper Privilege Management, Improper Access Control, Incorrect privilege assignment vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Hijacking a privileged process

Improper link resolution before file access ('link following') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About allows Symlink Attack

Improper neutralization of special elements used in an OS command ('OS command injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus OS My Computer allows OS Command Injection

IBM Turbonomic prometurbo agent 8

IBM Langflow Desktop 1

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read

A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the Dbit N300 T1 Pro wireless router V1

A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1

Insufficient validation of the prefix length field in IPv6 Router Advertisement processing in FreeRTOS-Plus-TCP before V4

IBM Langflow Desktop 1

NULL pointer dereference vulnerability in ASR1903 in ASR Lapwing_Linux on Linux (ims_client modules) allows Pointer Manipulation

Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router V1

U-SPEED N300 router V1

The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient

An operator precedence bug in the kernel results in a scenario where a buffer overflow causes attacker-controlled data to overwrite adjacent execve(2) argument buffers

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Steve Burge TaxoPress simple-tags allows Blind SQL Injection

BuddyPress Xprofile Custom Fields Type 2

A vulnerability was determined in UTT HiPER 1250GW up to 3

A vulnerability was identified in UTT HiPER 1250GW up to 3

A security flaw has been discovered in UTT HiPER 1250GW up to 3

A flaw has been found in Tenda 4G300 US_4G300V1

A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the U-SPEED N300 Rounter V1

A vulnerability was detected in code-projects for Plugin 4

A flaw has been found in UTT HiPER 1200GW up to 2

A vulnerability has been found in UTT HiPER 1200GW up to 2

A vulnerability was detected in Totolink NR1800X 9

Text::CSV_XS versions before 1

Prime95 29

Easy MPEG to DVD Burner 1

Allok Video to DVD Burner 2

Free Download Manager 2

SysGauge Pro 4

Allok soft WMV to AVI MPEG DVD WMV Converter 4

Alloksoft Video joiner 4

Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4

Authorization bypass through User-Controlled key vulnerability in MeWare Software Development Inc

Improper Control of Interaction Frequency vulnerability in MeWare Software Development Inc

An issue in Krayin CRM v

A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions

This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing

An issue in the TVicPort64

Allok AVI to DVD SVCD VCD Converter 4

When exchanging data over a socket, libnv uses select(2) to wait for data to arrive

SBC codec crash in Wireshark 4

RDP protocol dissector crash in Wireshark 4

TOTOLINK A3002RU V3 <= V3

An issue was discovered in libsndfile 1

Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters

A denial-of-service vulnerability exists in the U-SPEED N300 V1

Weaver (Fanwei) E-cology 9

CryptPad 2025

Out-of-bounds read vulnerability in ASR Kestrel (nr_fw modules) allows Overflow Buffers

A security vulnerability in JetBrains IntelliJ IDEA before 2024 may impact system integrity.

A vulnerability was detected in ezequiroga mcp-bases 357ca19c7a49a9b9cb2ef639b366f03aba8bea39/c630b8ab0f970614d42da8e566e9c0d15a16414c

A flaw has been found in fatbobman mail-mcp-bridge up to 1

A weakness has been identified in florensiawidjaja BioinfoMCP up to 7ada7918b9e515604d3c0ae264d3a9af10bf6e54

A security vulnerability has been detected in geekgod382 filesystem-mcp-server 1

A vulnerability in B1 Free Archiver v1

A weakness has been identified in getsimpletool mcpo-simple-server up to 0

A vulnerability was found in PolarVista xcode-mcp-server 1

A vulnerability was found in Algovate xhs-mcp 0

A security vulnerability has been detected in 1024-lab smart-admin up to 3

As dhclient is building an environment to pass to dhclient-script, it may need to resize the array of string pointers

A flaw has been found in nextlevelbuilder GoClaw and GoClaw Lite up to 3

A vulnerability has been found in Fujian Apex LiveBOS up to 2

MyBB Recent threads 17

Pallets Click, versions 8

SSCMS v7

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration user-registration allows Reflected XSS

All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint

ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal

Profile import path traversal in Wireshark 4