OBS-Vigilance

Title	Description	Date
PAN-OS: code execution via CLI Access	An attacker can use a vulnerability of PAN-OS, via CLI Access, in order to run code...	Visit link for details
Keycloak: spoofing via Error Description Injection	An attacker can create spoofed data on Keycloak, via Error Description Injection, in order to deceive the victim...	Visit link for details
Sonatype Nexus Repository Manager 2: Server-Side Request Forgery via Remote Browser Plugin	An attacker can trigger a Server-Side Request Forgery of Sonatype Nexus Repository Manager 2, via Remote Browser Plugin, in order to force the server to send queries...	Visit link for details
GitLab CE/EE: multiple vulnerabilities dated 08/10/2025	An attacker can use several vulnerabilities of GitLab CE/EE, dated 08/10/2025...	Visit link for details
libxslt: use after free via XSL Nodes	An attacker can force the reuse of a freed memory area of libxslt, via XSL Nodes, in order to trigger a denial of service, and possibly to run code...	Visit link for details
ArcGIS Server: SQL injection dated 08/10/2025	An attacker can use a SQL injection of ArcGIS Server, dated 08/10/2025, in order to read or alter data...	Visit link for details
Python Core zipfile: directory traversal via ZIP64 End of Central Directory	An attacker can traverse directories of Python Core zipfile, via ZIP64 End of Central Directory, in order to write a file outside the service root path...	Visit link for details
CivetWeb: overload via mg_handle_form_request()	An attacker can trigger an overload of CivetWeb, via mg_handle_form_	Visit link for details
Linux kernel: multiple vulnerabilities dated 07/10/2025	An attacker can use several vulnerabilities of the Linux kernel, dated 07/10/2025...	Visit link for details
Rust shlex: multiple vulnerabilities via Quote API	An attacker can use several vulnerabilities of Rust shlex, via Quote API...	Visit link for details