Category: Vulnerabilities

XWiki Contrib’s Syntax Markdown allows importing Markdown content into wiki pages and creating wiki content in Markdown. In versions starting from 8.2 to before 8.9, the Markdown syntax is vulnerable to cross-site scripting (XSS)...

A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific conditions could potentially enable a remote unauthenticated attacker to cause the appliance to make requests...

OpenCTI is an open-source cyber threat intelligence platform. In versions starting from 6.4.8 to before 6.4.10, the allow/deny lists can be bypassed, allowing a user to change attributes that are intended to be unmodifiable...

Volcano is a Kubernetes-native batch scheduling system. Prior to versions 1.11.2, 1.10.2, 1.9.1, 1.11.0-network-topology-preview.3, and 1.12.0-alpha.2, attacker compromise of either the Elastic service or the extender plugin can cause denial of service of the...

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.10 to v1.3.6 (Helm chart

XWiki is a generic wiki platform. In versions starting from 1.8.1 to before 14.10.22, from 15.0-rc-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.7.0, anyone can access the...

XWiki is a generic wiki platform. In versions starting from 15.3-rc-1 to before 15.10.14, from 16.0.0-rc-1 to before 16.4.6, and from 16.5.0-rc-1 to before 16.10.0-rc-1, a user who can access pages located in the...

Improper authorization in Azure allows an authorized attacker to elevate privileges over a network. Assigner : secure@microsoft.com More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30390

Improper input validation in Microsoft Dynamics allows an unauthorized attacker to disclose information over a network. Assigner : secure@microsoft.com More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30391

Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network. Assigner : secure@microsoft.com More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30392

Improper verification of cryptographic signature in Microsoft Azure Functions allows an authorized attacker to execute code over a network. Assigner : secure@microsoft.com More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33074

Missing Authorization vulnerability in David Gwyer Simple Sitemap – Create a Responsive HTML Sitemap.This issue affects Simple Sitemap – Create a Responsive HTML Sitemap: from n/a through 3.5.14. Assigner : audit@patchstack.com More information :...

A vulnerability was found in Netgear WG302v2 up to 5.2.9 and classified as critical. Affected by this issue is the function ui_get_input_value. The manipulation of the argument host leads to command injection. The attack...

SourceCodester Simple Barangay Management System v1.0 has a SQL injection vulnerability in /barangay_management/admin/?page=view_clearance. Assigner : cve@mitre.org More information : https://github.com/red-team00/bug_report/blob/main/simple-barangay-management-system/SQLi-1.md