CVE-2025-0103 - An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. This vulnerability also enabl... read CVE-2025-0103
Published: January 10, 2025; 10:15:22 PM -0500

V3.1: 8.8 HIGH

CVE-2025-0104 - A reflected cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition enables attackers to execute malicious JavaScript code in the context of an authenticated Expedition user’s browser if that authenticated user clicks a malicious... read CVE-2025-0104
Published: January 10, 2025; 10:15:22 PM -0500

V3.1: 6.1 MEDIUM

CVE-2012-5644 - libuser has information disclosure when moving user's home directory
Published: November 25, 2019; 10:15:12 AM -0500

V3.1: 5.5 MEDIUM
V2.0: 4.9 MEDIUM

CVE-2025-0105 - An arbitrary file deletion vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to delete arbitrary files accessible to the www-data user on the host filesystem.
Published: January 10, 2025; 10:15:22 PM -0500

V3.1: 9.1 CRITICAL

CVE-2025-0106 - A wildcard expansion vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to enumerate files on the host filesystem.
Published: January 10, 2025; 10:15:22 PM -0500

V3.1: 5.3 MEDIUM

CVE-2025-0107 - An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device c... read CVE-2025-0107
Published: January 10, 2025; 10:15:22 PM -0500

V3.1: 9.8 CRITICAL

CVE-2025-30025 - The communication protocol used between the server process and the service control had a flaw that could lead to a local privilege escalation.
Published: July 11, 2025; 2:15:24 AM -0400

V3.1: 7.8 HIGH

CVE-2025-30024 - The communication protocol used between client and server had a flaw that could be leveraged to execute a man in the middle attack.
Published: July 11, 2025; 2:15:24 AM -0400

CVE-2025-30023 - The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack.
Published: July 11, 2025; 2:15:24 AM -0400

CVE-2025-39945 - In the Linux kernel, the following vulnerability has been resolved: cnic: Fix use-after-free bugs in cnic_delete_task The original code uses cancel_delayed_work() in cnic_cm_stop_bnx2x_hw(), which does not guarantee that the delayed work item 'd... read CVE-2025-39945
Published: October 04, 2025; 4:15:47 AM -0400

V3.1: 7.8 HIGH

CVE-2024-7930 - A vulnerability has been found in SourceCodester Clinics Patient Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /pms/ajax/get_packings.php. The manipulation of the argument medicine_id leads t... read CVE-2024-7930
Published: August 19, 2024; 6:15:06 PM -0400

V3.1: 8.8 HIGH

CVE-2022-50494 - In the Linux kernel, the following vulnerability has been resolved: thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash When CPU 0 is offline and intel_powerclamp is used to inject idle, it generates kernel BUG:... read CVE-2022-50494
Published: October 04, 2025; 12:15:46 PM -0400

V3.1: 5.5 MEDIUM

CVE-2025-2913 - A vulnerability was found in HDF5 up to 1.14.6. It has been rated as critical. Affected by this issue is the function H5FL__blk_gc_list of the file src/H5FL.c. The manipulation of the argument H5FL_blk_head_t leads to use after free. An attack has... read CVE-2025-2913
Published: March 28, 2025; 1:15:30 PM -0400

V3.1: 5.3 MEDIUM

CVE-2025-2912 - A vulnerability was found in HDF5 up to 1.14.6. It has been declared as problematic. Affected by this vulnerability is the function H5O_msg_flush of the file src/H5Omessage.c. The manipulation of the argument oh leads to heap-based buffer overflow... read CVE-2025-2912
Published: March 28, 2025; 12:15:30 PM -0400

V3.1: 5.3 MEDIUM

CVE-2025-6270 - A vulnerability, which was classified as critical, has been found in HDF5 up to 1.14.6. Affected by this issue is the function H5FS__sect_find_node of the file H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is possible to ... read CVE-2025-6270
Published: June 19, 2025; 1:15:27 PM -0400

CVE-2022-50493 - In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash when I/O abort times out While performing CPU hotplug, a crash with the following stack was seen: Call Trace: qla24xx_process_response_queue+0x42a... read CVE-2022-50493
Published: October 04, 2025; 12:15:46 PM -0400

V3.1: 5.5 MEDIUM

CVE-2022-50492 - In the Linux kernel, the following vulnerability has been resolved: drm/msm: fix use-after-free on probe deferral The bridge counter was never reset when tearing down the DRM device so that stale pointers to deallocated structures would be acces... read CVE-2022-50492
Published: October 04, 2025; 12:15:46 PM -0400

V3.1: 7.8 HIGH

CVE-2023-53531 - In the Linux kernel, the following vulnerability has been resolved: null_blk: fix poll request timeout handling When doing io_uring benchmark on /dev/nullb0, it's easy to crash the kernel if poll requests timeout triggered, as reported by David.... read CVE-2023-53531
Published: October 01, 2025; 8:15:57 AM -0400

V3.1: 5.5 MEDIUM

CVE-2025-32660 - Unrestricted Upload of File with Dangerous Type vulnerability in JoomSky JS Job Manager allows Upload a Web Shell to a Web Server. This issue affects JS Job Manager: from n/a through 2.0.2.
Published: April 17, 2025; 12:15:49 PM -0400

V3.1: 9.8 CRITICAL

CVE-2025-39941 - In the Linux kernel, the following vulnerability has been resolved: zram: fix slot write race condition Parallel concurrent writes to the same zram index result in leaked zsmalloc handles. Schematically we can have something like this: CPU0 ... read CVE-2025-39941
Published: October 04, 2025; 4:15:47 AM -0400

V3.1: 4.7 MEDIUM