CVE Brief Security Intelligence

Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs

OpenSTAManager is an open source management software for technical assistance and invoicing

OpenSTAManager is an open source management software for technical assistance and invoicing

Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network

phpMyFAQ is an open source FAQ web application

A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with read-only privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker with low privileges to access sensitive information that they are not authorized to access

Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability

HiOS Switch Platform versions 09

An arbitrary file overwrite vulnerability in Ora Tools PDF Reader ' Reader & Editor APPv4

An arbitrary file overwrite vulnerability in Docudepot PDF Reader: PDF Viewer APP v1

DbGate is cross-platform database manager

The MW WP Form plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the 'generate_user_filepath' function and the 'move_temp_file_to_upload_dir' function in all versions up to, and including, 5

The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 2

Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows local apps to execute arbitrary code as system via command injection

Tinyauth is an authentication and authorization server

The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2

A Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability in Balena Etcher for Windows prior to v2

xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1

A bug in POST request handling causes a crash under a certain condition

Apache Traffic Server allows request smuggling if chunked messages are malformed

Mbed TLS before 3

Rack is a modular Ruby web server interface

Rack is a modular Ruby web server interface

Rack is a modular Ruby web server interface

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix side-effect bug in match_char() macro usage The match_char() macro evaluates its character parameter multiple times when traversing differential encoding chains

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix missing bounds check on DEFAULT table in verify_dfa() The verify_dfa() function only checks DEFAULT_TABLE bounds when the state is not differentially encoded

Mbed TLS 3

An issue was discovered in Mbed TLS through 3

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo endpoint due to improper neutralization of special elements in a SQL SELECT command

An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command

An issue was discovered in Mbed TLS 3

In OpenSSH before 10

Endian Firewall version 3

Endian Firewall version 3

Endian Firewall version 3

Endian Firewall version 3

Endian Firewall version 3

Endian Firewall version 3

Endian Firewall version 3

HiSecOS web server versions 03

IBM Verify Identity Access Container 11

In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix double free of ns_name in aa_replace_profiles() if ns_name is NULL after 1071 error = aa_unpack(udata, &lh, &ns_name); and if ent->ns_name contains an ns_name in 1089 } else if (ent->ns_name) { then ns_name is assigned the ent->ns_name 1095 ns_name = ent->ns_name; however ent->ns_name is freed at 1262 aa_load_ent_free(ent); and then again when freeing ns_name at 1270 kfree(ns_name); Fix this by NULLing out ent->ns_name after it is transferred to ns_name ")

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix race on rawdata dereference There is a race condition that leads to a use-after-free situation: because the rawdata inodes are not refcounted, an attacker can start open()ing one of the rawdata files, and at the same time remove the last reference to this rawdata (by removing the corresponding profile, for example), which frees its struct aa_loaddata; as a result, when seq_rawdata_open() is reached, i_private is a dangling pointer and freed memory is accessed

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix race between freeing data and fs accessing it AppArmor was putting the reference to i_private data on its end after removing the original entry from the file system

PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multiple devices

HiSecOS web server versions 05

Hirschmann Industrial IT products (BAT-R, BAT-F, BAT450-F, BAT867-R, BAT867-F, WLC, BAT Controller Virtual) contain a heap overflow vulnerability in the HiLCOS web interface that allows unauthenticated remote attackers to trigger a denial-of-service condition by sending specially crafted requests to the web interface

ByteDance Deer-Flow versions prior to commit 92c7a20 contain a sandbox escape vulnerability in bash tool handling that allows attackers to execute arbitrary commands on the host system by bypassing regex-based validation using shell features such as directory changes and relative paths

A flaw was found in libinput

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support

HCL BigFix Platform is affected by insecure permissions on private cryptographic keys

A vulnerability was identified in Trendnet TEW-657BRM 1

A security flaw has been discovered in Trendnet TEW-657BRM 1

The issue was addressed with improved memory handling

The issue was addressed with improved memory handling

Payload is a free and open source headless content management system

This issue was addressed with improved handling of symlinks

Postiz is an AI social media scheduling tool

Command injection vulnerability in console

Payload is a free and open source headless content management system

An arbitrary file overwrite vulnerability in Deep Thought Industries ACE Scanner PDF Scanner v1

An arbitrary file overwrite vulnerability in Tinybeans Private Family Album App v5

Cr*nMaster (cronmaster) is a Cronjob management UI with human readable syntax, live logging and log history for cronjobs

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models

A flaw was found in Corosync

Improper authentication in the OAuth login functionality in Devolutions Server 2026

Improper authentication in the two-factor authentication (2FA) feature in Devolutions Server 2026

A permissions issue was addressed with additional restrictions

Tina is a headless content management system

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory

A flaw was found in Keycloak

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models

goshs is a SimpleHTTPServer written in Go

OneUptime is an open-source monitoring and observability platform

V-SFT versions 6

V-SFT versions 6

V-SFT versions 6

V-SFT versions 6

V-SFT versions 6

Glances is an open-source system cross-platform monitoring tool

Unsanitized input during web page generation in the Kiro Agent webview in Kiro IDE before version 0

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline

Payload is a free and open source headless content management system

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory

OpenClaw versions prior to commit b57b680 contain an approval bypass vulnerability due to inconsistent environment variable normalization between approval and execution paths, allowing attackers to inject attacker-controlled environment variables into execution without approval system validation

A flaw was found in Corosync

A flaw was found in Keycloak

Suricata is a network IDS, IPS and NSM engine

Suricata is a network IDS, IPS and NSM engine

Suricata is a network IDS, IPS and NSM engine

Suricata is a network IDS, IPS and NSM engine

Suricata is a network IDS, IPS and NSM engine

Suricata is a network IDS, IPS and NSM engine

A race condition was addressed with additional validation

A permissions issue was addressed with additional restrictions

This issue was addressed through improved state management

The issue was addressed with improved checks

Hirschmann EagleSDV version 05