6.4
CVE-2025-65035 - GLPI Database Inventory Plugin Vulnerable to Stored Object Injection
pluginsGLPI's Database Inventory Plugin "manages" the Teclib' inventory agents in order to perform an inventory of the databases present on the workstation. Prior to version 1.1.2, in certain conditions (database write access must first be obtained through another vulnerability or misconfiguration)β¦
6.8
CVE-2023-30971 - Gaia unauthenticated endpoints
Gotham Gaia application was found to be exposing multiple unauthenticated endpoints.
9.1
CVE-2024-49587 - Glutton V1 endpoints missing authentication
Glutton V1 service endpoints were exposed without any authentication on Gotham stacks, this could have allowed users that did not have any permission to hit glutton backend directly and read/update/delete data. The affected service has been patched and automatically deployed to all Apollo-managed Gβ¦
4.8
CVE-2025-14956 - WebAssembly Binaryen wasm-binary.cpp readExport heap-based overflow
A vulnerability was determined in WebAssembly Binaryen up to 125. Affected by this issue is the function WasmBinaryReader::readExport of the file src/wasm/wasm-binary.cpp. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has beeβ¦
6.3
CVE-2025-14955 - Open5GS PFCP handler.c ogs_pfcp_handle_create_pdr initialization
A vulnerability was found in Open5GS up to 2.7.5. Affected by this vulnerability is the function ogs_pfcp_handle_create_pdr in the library lib/pfcp/handler.c of the component PFCP. The manipulation results in improper initialization. It is possible to launch the attack remotely. This attack is charβ¦
4.9
CVE-2025-58053 - Galette has a privilege escalation vulnerability
Galette is a membership management web application for non profit organizations. Prior to version 1.2.0, while updating any existing account with a self forged POST request, one can gain higher privileges. Version 1.2.0 fixes the issue.
2.1
CVE-2025-58052 - Galette has groups managers access control bypass on Members
Galette is a membership management web application for non profit organizations. Starting in version 0.9.6 and prior to version 1.2.0, attackers with group manager role can bypass intended restrictions allowing unauthorized access and changes despite role-based controls. Since it requires privilegeβ¦
6.3
CVE-2025-14954 - Open5GS QER/FAR/URR/PDR context.c ogs_pfcp_qer_find_or_add assertion
A vulnerability has been found in Open5GS up to 2.7.6. Affected is the function ogs_pfcp_pdr_find_or_add/ogs_pfcp_far_find_or_add/ogs_pfcp_urr_find_or_add/ogs_pfcp_qer_find_or_add in the library lib/pfcp/context.c of the component QER/FAR/URR/PDR. The manipulation leads to reachable assertion. It iβ¦
2.3
CVE-2025-14953 - Open5GS FAR-ID handler.c ogs_pfcp_handle_create_pdr null pointer dereference
A flaw has been found in Open5GS up to 2.7.5. This impacts the function ogs_pfcp_handle_create_pdr in the library lib/pfcp/handler.c of the component FAR-ID Handler. Executing a manipulation can lead to null pointer dereference. The attack may be performed from remote. The attack requires a high leβ¦
9.3
CVE-2025-34433 - AVideo < 20.1 Unauthenticated RCE via Predictable Installation Salt
AVideo versions 14.3.1 prior to 20.1 contain an unauthenticated remote code execution vulnerability caused by predictable generation of an installation salt using PHP uniqid(). The installation timestamp is exposed via a public endpoint, and a derived hash identifier is accessible through unauthentβ¦