Tagged: Cybersecurity Alert

Koa is expressive middleware for Node.js using ES2017 async functions. In versions 2.16.2 to before 2.16.3 and 3.0.1 to before 3.0.3, a bypass to CVE-2025-8129 was discovered in the Koa.js framework affecting its back...

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting (XSS) vulnerability was identified in the editar_info_pessoal.php endpoint of the...

The affected Raisecom devices allow SSH sessions to be established without completing user authentication. This could allow attackers to gain shell access without valid credentials. More information : https://www.cisa.gov/news-events/ics-advisories/icsa-25-294-06

Improper Authentication in Liferay Portal 7.4.0 through 7.4.3.132, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows...

Cross-Site Scripting (XSS) vulnerability in Bang Resto v1.0 could allow an attacker to inject malicious JavaScript code into the application’s web pages. This vulnerability exists due to insufficient input sanitization or output encoding, allowing...

GeographicLib 2.5 is vulnerable to Buffer Overflow in GeoConvert DMS::InternalDecode. More information : https://github.com/geographiclib/geographiclib/issues/43

daicuocms V1.3.13 contains an arbitrary file upload vulnerability in the image upload feature. More information : https://github.com/jayfoxaa/yuhang-Zhou/blob/main/upload/readme.md

daicuocms V1.3.13 contains a SQL injection vulnerability in the file librarythinkdbBuilder.php. More information : https://github.com/wzy-most/zeyu-Wang/blob/main/sql/readme.md

The incomplete verification mechanism in the AutoBizLine com.mysecondline.app 1.2.91 allows attackers to log in as other users and gain unauthorized access to their personal information. More information : http://autobizline.com

This High severity DoS (Denial of Service) vulnerability was introduced in version 2.0 of Confluence Data Center. This DoS (Denial of Service) vulnerability, with a CVSS Score of 8.3, allows an attacker to...

Mbed TLS through 3.6.4 has an Observable Timing Discrepancy. More information : https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-invalid-padding-error/

An unauthenticated Local File Inclusion (LFI) vulnerability in D-Link DSR series routers allows remote attackers to retrieve sensitive configuration files in clear text. The exposed files contain administrative credentials, VPN settings, and other sensitive...

Multiple stored cross-site scripting (XSS) vulnerabilities in the Current Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the...

Multiple stored cross-site scripting (XSS) vulnerabilities in the Future Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the...