4.6
CVE-2025-27401 - In Tuleap, deleting a report can delete criteria filters in other reports
Tuleap is an Open Source Suite to improve management of software developments and collaboration. In a standard usages of Tuleap, the issue has a limited impact, it will mostly leave dangling data. However, a malicious user could create and delete reports multiple times to cycle through all the filtβ¦
4.1
CVE-2025-27156 - Tuleap allows content injection via emails sent by the mass emailing features
Tuleap is an Open Source Suite to improve management of software developments and collaboration. The mass emailing features do not sanitize the content of the HTML emails. A malicious user could use this issue to facilitate a phishing attempt or to indirectly exploit issues in the recipients mail cβ¦
5.3
CVE-2025-27150 - Tuleap dumps the Redis password into the generated troubleshooting archives
Tuleap is an Open Source Suite to improve management of software developments and collaboration. The password to connect the Redis instance is not purged from the archive generated with tuleap collect-system-data. These archives are likely to be used by support teams that should not have access to β¦
9
CVE-2025-27507 - IDOR Vulnerabilities in ZITADEL's Admin API that Primarily Impact LDAP Configurations
The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. ZITADEL's Admin API contains Insecure Direct Object Reference (IDOR) vulnerabilities that allow authenticated users, without specific IAM roles, to modify sensitive settings. While β¦
6.1
CVE-2025-27155 - In-memory stored Cross-site scripting (XSS) vulnerability in pineconesim
Pinecone is an experimental overlay routing protocol suite which is the foundation of the current P2P Matrix demos. The Pinecone Simulator (pineconesim) included in Pinecone up to commit ea4c337 is vulnerable to stored cross-site scripting. The payload storage is not permanent and will be wiped wheβ¦
9.3
CVE-2024-11957 - Arbitrary Code Execution in WPS Office
Improper verification of the digital signature in ksojscore.dll in Kingsoft WPS Office in versions equal or less than 12.1.0.18276 on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.2.0.16909 to mitigate CVE-2024-7262 was not restrictive enough.
6.9
CVE-2025-27111 - Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection
Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences (such as newline characters) into the header, resulting in log injection. This vulnerability is fixedβ¦
8.6
CVE-2025-1424 - Privilege Escalation Through SUID Binary and Developer Mode
A privilege escalation vulnerability in PocketBook InkPad Color 3 allows attackers to escalate to root privileges if they gain physical access to the device. This issue affects InkPad Color 3 in version U743k3.6.8.3671.
4.7
CVE-2025-1425 - File Read Through Improper Sudo Privilege Management
A Sudo privilege misconfiguration vulnerability in PocketBook InkPad Color 3 on Linux, ARM allows attackers to read file contents on the device.This issue affects InkPad Color 3: U743k3.6.8.3671.
8.6
CVE-2024-9149 - SQLi in Wind Media's E-Commerce Website Template
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wind Media E-Commerce Website Template allows SQL Injection.This issue affects E-Commerce Website Template: before v1.5.