Tagged: Cybersecurity Alert

A vulnerability was determined in itsourcecode Online Frozen Foods Ordering System 1.0. This affects an unknown part of the file /contact_us.php. This manipulation of the argument Name causes sql injection. It is possible to...

C-Kermit (aka ckermit) through 10.0 Beta.12 (aka 416-beta12) before 244644d allows a remote Kermit system to overwrite files on the local system, or retrieve arbitrary files from the local system. More information : https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123025

ONLYOFFICE Docs before 9.2.1 allows XSS in the textarea of the comment editing form. This is related to DocumentServer. More information : https://github.com/ONLYOFFICE/DocumentServer/blob/master/CHANGELOG.md#921

Fujitsu / Fsas Technologies ETERNUS SF ACM/SC/Express (DX / AF Management Software) before 16.8-16.9.1 PA 2025-12, when collected maintenance data is accessible by a principal/authority other than ETERNUS SF Admin, allows an attacker to...

Telenium Online Web Application is vulnerable due to a Perl script that is called to load the login page. Due to improper input validation, an attacker can inject arbitrary Perl code through a crafted...

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an attacker can delete the LOGINFAILEDTABLE table. More information : https://github.com/gerico-lab/riello-multiple-vulnerabilities-2025

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/loginbanner_w.cgi XSS via a crafted banner. More information : https://github.com/gerico-lab/riello-multiple-vulnerabilities-2025

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/certsupload.cgi /../ directory traversal for file upload with resultant code execution. More information : https://github.com/gerico-lab/riello-multiple-vulnerabilities-2025

A remote unauthenticated attacker may be able to bypass authentication by utilizing a specific API route to execute arbitrary OS commands. More information : https://emea.mitsubishielectric.com/fa/products/quality/quality-news-information

IBM Concert 1.0.0 through 2.1.0 stores sensitive information in cleartext during recursive docker builds which could be obtained by a local user. More information : https://www.ibm.com/support/pages/node/7255549

A vulnerability was found in BlueChi, a multi-node systemd service controller used in RHIVOS. This flaw allows a user with root privileges on a managed node (qm) to create or override systemd service unit...

Under certain circumstances a successful exploitation could result in access to the device. More information : https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-01

In the Linux kernel, the following vulnerability has been resolved: usb: potential integer overflow in usbg_make_tpg() The variable tpgt in usbg_make_tpg() is defined as unsigned long and is assigned to tpgt->tport_tpgt, which is defined...

Under certain circumstances a successful exploitation could result in access to the device. More information : https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-01