A vulnerability labeled as problematic has been found in MISP up to 2.5.23. This affects the function tmp_name of the
Vulnerabilities
CVE-2025-64313 | Huawei HarmonyOS 5.0.1/5.1.0/6.0.0 Office Service race condition
A vulnerability has been found in Huawei HarmonyOS 5.0.1/5.1.0/6.0.0 and classified as problematic. The affected element is an unknown function
CVE-2025-64314 | Huawei HarmonyOS 5.1.0 Memory Management type confusion
A vulnerability was found in Huawei HarmonyOS 5.1.0 and classified as critical. The impacted element is an unknown function of
CVE-2025-66382 | libexpat up to 2.7.3 File algorithmic complexity
A vulnerability was found in libexpat up to 2.7.3. It has been classified as problematic. This affects an unknown function
CVE-2025-66370 | Kivitendo up to 3.9.1 ZUGFeRD xml external entity reference
A vulnerability was found in Kivitendo up to 3.9.1. It has been declared as problematic. This impacts an unknown function
CVE-2025-66372 | Mustang up to 2.16.2 xml external entity reference (Issue 685)
A vulnerability was found in Mustang up to 2.16.2. It has been rated as problematic. Affected is an unknown function.
CVE-2025-58312 | Huawei HarmonyOS 5.0.1/5.1.0/6.0.0 App Lock access control
A vulnerability categorized as critical has been discovered in Huawei HarmonyOS 5.0.1/5.1.0/6.0.0. Affected by this vulnerability is an unknown functionality
CVE-2025-64315 | Huawei HarmonyOS 5.1.0 File Management access control
A vulnerability identified as critical has been detected in Huawei HarmonyOS 5.1.0. Affected by this issue is some unknown functionality
Slackware 15.0: CUPS Important DoS Threat Fix SSA:2025-331-01
New cups packages are available for Slackware 15.0 and -current to fix security issues.LinuxSecurity – Security AdvisoriesRead More
Mageia 9: Advisory for Microcode Bugfix MGAA-2025-0101 Released Now
MGAA-2025-0101 – Updated microcode packages fix bugsLinuxSecurity – Security AdvisoriesRead More
Oracle Linux 9 ELSA-2025-20954 sssd Important Privilege Escalation Fix
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:LinuxSecurity – Security AdvisoriesRead More
Oracle Linux 9: ELSA-2025-20945 Vim Moderate Path Traversal Issues
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:LinuxSecurity – Security AdvisoriesRead More
Oracle Linux 9: Kernel Moderate Risks Advisory ELSA-2025-21469 Released
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:LinuxSecurity – Security AdvisoriesRead More
Moderate Bug Fix for Kernel in Oracle Linux 9 ELSA-2025-21112 Release
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:LinuxSecurity – Security AdvisoriesRead More
Oracle Linux 9 Advisory ELSA-2025-21111 bind9 Important DNS Issues
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:LinuxSecurity – Security AdvisoriesRead More
Oracle Linux 9: ELSA-2025-20955 Redis 7 Important Remote Access Risk
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:LinuxSecurity – Security AdvisoriesRead More
SUSE glib2 Moderate Buffer Under-read Vulnerability CVE-2025-7039 Advisory
* bsc#1249055 Cross-References: * CVE-2025-7039LinuxSecurity – Security AdvisoriesRead More
openSUSE: Kernel Important Bluetooth Disconnection Flaw SUSE-SU-2025:4281-1
An update that solves one vulnerability can now be installed.LinuxSecurity – Security AdvisoriesRead More
SUSE Advisory 2025:4281-1 Addresses Critical CVE-2023-53673 Bluetooth Issue
* bsc#1251983 Cross-References: * CVE-2023-53673LinuxSecurity – Security AdvisoriesRead More
Ubuntu: CUPS Critical Denial of Service Issue USN-7897-1 CVE-2025-61915
CUPS could be made to crash or run programs as an administrator if it opened a specially crafted file.LinuxSecurity –
Debian: DSA-6064-1 tryton-server Critical Fix Information Disclosure
Several security vulnerabilities were discovered in the server of the Tryton application platform, which could lead to information disclosure. For
SUSE 15 SP7: Python313 Low Risk Security Update 2025:4277-1
* bsc#1244680 * bsc#1251305 * bsc#1252974 Cross-References:LinuxSecurity – Security AdvisoriesRead More
Ubuntu 25.10: WebKitGTK Critical RCE & DoS Advisory USN-7895-1
Several security issues were fixed in WebKitGTK.LinuxSecurity – Security AdvisoriesRead More
SUSE Linux Micro 6.2: Critical Samba Patch for CVE-2025-10230 Issue
* bsc#1249087 * bsc#1249179 * bsc#1249180 * bsc#1249181 * bsc#1251279LinuxSecurity – Security AdvisoriesRead More
SUSE: libxml2 Critical Resource Exhaustion Vulnerability 2028:31045-2
* bsc#1249584 Cross-References: * CVE-2025-59375LinuxSecurity – Security AdvisoriesRead More
SUSE: libxslt Important Denial of Service Fix CVE-2025-10911 2025:21031-1
* bsc#1250553 * bsc#1251979 Cross-References: * CVE-2025-10911LinuxSecurity – Security AdvisoriesRead More
Ubuntu 14.04 LTS: libxml2 Important Denial of Service Issues USN-7896-1
Several security issues were fixed in libxml2.LinuxSecurity – Security AdvisoriesRead More
Ubuntu 20.04 LTS: libxml2 Denial of Service Fix USN-7852-2 CVE-2025-7425
libxml2 could be made to crash or run programs if it opened a specially crafted file.LinuxSecurity – Security AdvisoriesRead More
CVE-2025-12421 | Mattermost up to 10.5.12/10.11.4/10.12.1/11.0.2 Email code-exchange incorrect implementation of authentication algorithm
A vulnerability categorized as critical has been discovered in Mattermost up to 10.5.12/10.11.4/10.12.1/11.0.2. Impacted is an unknown function of the
CVE-2025-3261 | ThingsBoard up to 4.2.0 API Endpoint cross site scripting
A vulnerability identified as problematic has been detected in ThingsBoard up to 4.2.0. The affected element is an unknown function
CVE-2025-58436 | CUPS Slow Client Communication denial of service
A vulnerability labeled as problematic has been found in CUPS. The impacted element is an unknown function of the component
CVE-2025-61915 | CUPS cupsd.conf denial of service
A vulnerability marked as problematic has been reported in CUPS. This affects an unknown function of the file cupsd.conf. This
CVE-2025-12419 | Mattermost up to 10.5.12/10.11.4/10.12.1/11.0.3 OpenID Connect Authentication incorrect implementation of authentication algorithm
A vulnerability, which was classified as critical, has been found in Mattermost up to 10.5.12/10.11.4/10.12.1/11.0.3. This impacts an unknown function
CVE-2025-13757 | Devolutions Server up to 2025.2.20/2025.3.8 Last Usage Logs sql injection (DEVO-2025-0018)
A vulnerability, which was classified as critical, was found in Devolutions Server up to 2025.2.20/2025.3.8. Affected is an unknown function
CVE-2025-13758 | Devolutions Server up to 2025.2.20/2025.3.8 information disclosure (DEVO-2025-0018)
A vulnerability has been found in Devolutions Server up to 2025.2.20/2025.3.8 and classified as problematic. Affected by this vulnerability is
CVE-2025-13765 | Devolutions Server up to 2025.2.20/2025.3.8 information disclosure (DEVO-2025-0018)
A vulnerability was found in Devolutions Server up to 2025.2.20/2025.3.8 and classified as problematic. Affected by this issue is some
CVE-2025-12559 | Mattermost up to 10.5.12/10.11.4/10.12.1/11.0.2 Email Address common_teams information disclosure
A vulnerability was found in Mattermost up to 10.5.12/10.11.4/10.12.1/11.0.2. It has been classified as problematic. This affects an unknown part
CVE-2025-13737 | Nextend Social Login and Register Plugin up to 3.1.21 on WordPress unlinkUser cross-site request forgery
A vulnerability was found in Nextend Social Login and Register Plugin up to 3.1.21 on WordPress. It has been declared
CVE-2025-13699 | MariaDB mariadb-dump path traversal (ZDI-25-1025)
A vulnerability was found in MariaDB. It has been rated as critical. This issue affects some unknown processing of the
Debian LTS: libssh Critical Issues Addressed in DLA-4385-1
Several vulnerabilities have been found in libssh, a tiny C SSH library. CVE-2025-4877LinuxSecurity – Security AdvisoriesRead More
openSUSE: Kernel Important Update for CVEs 2025-20091-1
An update that solves 83 vulnerabilities and has 101 bug fixes can now be installed.LinuxSecurity – Security AdvisoriesRead More
openSUSE: Important Security Fix for mysql-connector-java CVE-2025-20089-1
An update that solves one vulnerability and has one bug fix can now be installed.LinuxSecurity – Security AdvisoriesRead More
CVE-2025-12140 | Simple SA Wirtualna Uczelnia prior wu#2016.1.5513#0#20251014_113353 redirectToUrl redirectUrlParameter eval injection
A vulnerability classified as critical has been found in Simple SA Wirtualna Uczelnia. The impacted element is the function redirectToUrl.
CVE-2025-8890 | SDMC NE6037 prior 7.1.12.2.44 Diagnostics Tools os command injection
A vulnerability classified as critical was found in SDMC NE6037. This affects an unknown function of the component Diagnostics Tools.
Critical Kernel Update for CVE-2025-4269-1 in openSUSE Available Now
An update that solves two vulnerabilities can now be installed.LinuxSecurity – Security AdvisoriesRead More
SUSE: Kernel Important Security Update CVE-2025-38500 2025:4269-1
* bsc#1248672 * bsc#1249537 Cross-References: * CVE-2025-38500LinuxSecurity – Security AdvisoriesRead More
Ubuntu 16.04: FFmpeg Important Denial Of Service Crash USN-7890-1
FFmpeg could be made to crash if it opened a specially crafted file.LinuxSecurity – Security AdvisoriesRead More
CVE-2025-30186 | Open-Xchange OX App Suite up to 8.35.107/8.38.89/8.39.83/8.40.68/8.41.60 cross site scripting (adv-2025-0003)
A vulnerability was found in Open-Xchange OX App Suite up to 8.35.107/8.38.89/8.39.83/8.40.68/8.41.60. It has been rated as problematic. Affected by
CVE-2025-30190 | Open-Xchange OX App Suite cross site scripting (adv-2025-0003)
A vulnerability categorized as problematic has been discovered in Open-Xchange OX App Suite up to 8.35.1513817/8.39.1565928/8.40.1565934/8.41.1523927. This affects an unknown
CVE-2025-59025 | Open-Xchange OX App Suite up to 8.35.110/8.39.85/8.40.73/8.41.50 E-Mail Content cross site scripting (adv-2025-0003)
A vulnerability identified as problematic has been detected in Open-Xchange OX App Suite up to 8.35.110/8.39.85/8.40.73/8.41.50. This vulnerability affects unknown
CVE-2025-59026 | Open-Xchange OX App Suite up to 8.35.110/8.39.85/8.40.73/8.41.67 File cross site scripting (adv-2025-0003)
A vulnerability labeled as problematic has been found in Open-Xchange OX App Suite up to 8.35.110/8.39.85/8.40.73/8.41.67. This issue affects some
CVE-2025-59890 | Eaton Galileo Software up to 11.1.1 path traversal
A vulnerability marked as critical has been reported in Eaton Galileo Software up to 11.1.1. Impacted is an unknown function.
CVE-2025-13742 | pretix prior 2025.7.0/2025.8.0/2025.9.0/2025.10.0 Email Template cross site scripting
A vulnerability described as problematic has been identified in pretix. The affected element is an unknown function of the component
CVE-2025-34351 | Ray Team Anyscale Ray 2.52.0 API insecure default initialization of resource (GHSA-w8vc-465m-jjw6)
A vulnerability classified as very critical was found in Ray Team Anyscale Ray 2.52.0. Impacted is an unknown function of
CVE-2025-3784 | Mitsubishi Electric GX Works2 cleartext storage
A vulnerability, which was classified as problematic, has been found in Mitsubishi Electric GX Works2. The affected element is an
CVE-2025-12758 | Validator up to 13.15.21 isLength incomplete filtering of one or more instances of special elements (SNYK-JS-VALIDATOR-13653476 / EUVD-2025-199795)
A vulnerability, which was classified as problematic, was found in Validator up to 13.15.21. The impacted element is the function
CVE-2025-13762 | CyberArk Secure Web Sessions Extension prior 2.2.30305 on Chrome denial of service (EUVD-2025-199782)
A vulnerability has been found in CyberArk Secure Web Sessions Extension on Chrome and classified as problematic. This affects an
CVE-2025-54057 | Apache SkyWalking up to 10.2.0 cross site scripting
A vulnerability was found in Apache SkyWalking up to 10.2.0 and classified as problematic. This impacts an unknown function. Executing
CVE-2025-59454 | Apache CloudStack up to 4.20.1/4.21.x API permission
A vulnerability was found in Apache CloudStack up to 4.20.1/4.21.x. It has been classified as critical. Affected is the function
CVE-2025-59302 | Apache CloudStack up to 4.20.1/4.21.x Javascript Engine stack-based overflow
A vulnerability was found in Apache CloudStack up to 4.20.1/4.21.x. It has been declared as critical. Affected by this vulnerability
Fedora 41: docker-buildx Critical Mem Exhaustion Fix CVE-2025-58185
Update to release v0.30.1 Upstream fix Update to release v0.30.0 Resolves: rhbz#2413270 Resolves: rhbz#2407614, rhbz#2407881, rhbz#2408158, rhbz#2409066LinuxSecurity – Security AdvisoriesRead
Fedora 42: docker-buildkit CVE-2025-58183 Critical Unbounded Allocation
Update to release v0.26.1 Update to release v0.26.0 Resolves: rhbz#2412681, rhbz#2412761 Upstream new features and fixes dependency override for moby/policy-helper
Fedora 43: 7zip Critical Directory Traversal RCE CVE-2025-11001
Various CVE fixes, most importantly CVE-2025-11001 This also backports the Debian patch (PR unfortunately stalled upstream, with no communication from
Docker-BuildKit Memory Allocation Fix in Fedora 41: FEDORA-2025-1ccd7dbf40
Update to release v0.26.1 Update to release v0.26.0 Resolves: rhbz#2412681, rhbz#2412761 Upstream new features and fixes dependency override for moby/policy-helper
Debian: kdeconnect Critical Impersonation Threat DSA-6063-1 CVE-2025-66270
It was discovered that missing validation of the device ID during handshakes in KDE Connect, a tool to integrate smart
Oracle Linux 9: ELSA-2025-21916 valkey Important Security Update
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:LinuxSecurity – Security AdvisoriesRead More
Oracle Linux 9 ELSA-2025-22175 expat Important Fix for Remote Access
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:LinuxSecurity – Security AdvisoriesRead More
Oracle Linux 9 ELSA-2025-22011 Buildah Important Denial of Service
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:LinuxSecurity – Security AdvisoriesRead More
Oracle Linux 9 ELSA-2025-22005 go-rpm-macros Moderate Issue CVE-2025-47906
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:LinuxSecurity – Security AdvisoriesRead More
Oracle Linux 9 ELSA-2025-21968 GIMP Important Security Fix
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:LinuxSecurity – Security AdvisoriesRead More
Oracle Linux 9: ELSA-2025-21926 Kernel Moderate Threat CVE-2025-39843
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:LinuxSecurity – Security AdvisoriesRead More
CVE-2025-65276 | henzljw hashtech 1.0 /admin_index.php access control
A vulnerability classified as critical has been found in henzljw hashtech 1.0. The affected element is an unknown function of
CVE-2020-36873 | Astak CM-818T3 2.4GHz Wireless Security Surveillance Camera Endpoint backup.cgi missing authentication
A vulnerability classified as critical was found in Astak CM-818T3 2.4GHz Wireless Security Surveillance Camera. The impacted element is an
CVE-2025-65278 | GroceryMart 21934e6 users.json information disclosure
A vulnerability, which was classified as problematic, has been found in GroceryMart 21934e6. This affects an unknown function of the
CVE-2025-65202 | TRENDnet TEW-657BRM 1.00.1 HTTP Parameter setup.cgi command/todo/next_file os command injection
A vulnerability, which was classified as critical, was found in TRENDnet TEW-657BRM 1.00.1. This impacts an unknown function of the
CVE-2020-36874 | ACE Security WIP-90113 HD Camera Endpoint backup.cgi missing authentication
A vulnerability has been found in ACE Security WIP-90113 HD Camera and classified as critical. Affected is an unknown function
CVE-2019-25226 | Dongyoung Media Tech DM-AP240T/W Wireless Access Point Endpoint sys_system_config missing authentication
A vulnerability was found in Dongyoung Media Tech DM-AP240T and W Wireless Access Point and classified as critical. Affected by
CVE-2025-62593 | ray-project ray up to 2.51.x code injection (GHSA-q279-jhrf-cc6v)
A vulnerability was found in ray-project ray up to 2.51.x. It has been classified as critical. Affected by this issue
CVE-2019-25227 | Tellion HN-2204AP Router Endpoint system_config_file missing authentication
A vulnerability was found in Tellion HN-2204AP Router. It has been declared as problematic. This affects an unknown part of
CVE-2020-36871 | ESCAM QD-900 WIFI HD Camera Endpoint backup.cgi missing authentication (EDB-48107)
A vulnerability was found in ESCAM QD-900 WIFI HD Camera. It has been rated as critical. This vulnerability affects unknown
CVE-2025-65670 | classroomio 0.1.13 resource injection
A vulnerability categorized as problematic has been discovered in classroomio 0.1.13. This issue affects some unknown processing. Such manipulation leads
CVE-2025-64331 | OISF Suricata up to 7.0.12/8.0.1 HTTP File Transfer stack-based overflow (GHSA-v32w-j79x-pfj2)
A vulnerability identified as critical has been detected in OISF Suricata up to 7.0.12/8.0.1. Impacted is an unknown function of
CVE-2025-64344 | OISF Suricata up to 7.0.12/8.0.1 HTTP Response stack-based overflow (GHSA-93fh-cgmc-w3rx)
A vulnerability labeled as critical has been found in OISF Suricata up to 7.0.12/8.0.1. The affected element is an unknown
CVE-2025-64333 | OISF Suricata up to 7.0.12/8.0.1 HTTP Content Type stack-based overflow (GHSA-537h-xxmx-v87m)
A vulnerability marked as critical has been reported in OISF Suricata up to 7.0.12/8.0.1. The impacted element is an unknown
CVE-2025-40934 | TIMLEGGE XML::Sig up to 0.67 on Perl signature verification (Issue 63)
A vulnerability described as problematic has been identified in TIMLEGGE XML::Sig up to 0.67 on Perl. This affects an unknown
CVE-2025-64334 | OISF Suricata up to 8.0.1 Decompression allocation of resources (GHSA-r5jf-v2gx-gx8w)
A vulnerability classified as problematic has been found in OISF Suricata up to 8.0.1. This impacts an unknown function of
CVE-2020-36872 | BACnet Test Server up to 1.01 Packet resource consumption (ID 159504 / EDB-48860)
A vulnerability classified as problematic was found in BACnet Test Server up to 1.01. Affected is an unknown function of
CVE-2025-66030 | digitalbazaar forge up to 1.3.1 integer overflow (GHSA-65ch-62r8-g69g)
A vulnerability, which was classified as problematic, has been found in digitalbazaar forge up to 1.3.1. Affected by this vulnerability
CVE-2025-66031 | digitalbazaar forge up to 1.3.1 recursion (GHSA-554w-wpv2-vw27)
A vulnerability, which was classified as problematic, was found in digitalbazaar forge up to 1.3.1. Affected by this issue is
CVE-2025-12571 | GitLab Community Edition/Enterprise Edition up to 18.4.4/18.5.2/18.6.0 Requests allocation of resources (Issue 579168)
A vulnerability has been found in GitLab Community Edition and Enterprise Edition up to 18.4.4/18.5.2/18.6.0 and classified as problematic. This
CVE-2025-12653 | GitLab Community Edition/Enterprise Edition up to 18.4.4/18.5.2/18.6.0 authentication spoofing (Issue 579372)
A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 18.4.4/18.5.2/18.6.0 and classified as critical. This vulnerability
CVE-2025-13611 | GitLab Community Edition/Enterprise Edition up to 18.4.4/18.5.2/18.6.0 log file (Issue 545947)
A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 18.4.4/18.5.2/18.6.0. It has been classified as problematic.
CVE-2025-6195 | GitLab Enterprise Edition up to 18.4.4/18.5.2/18.6.0 direct request (Issue 549937)
A vulnerability was found in GitLab Enterprise Edition up to 18.4.4/18.5.2/18.6.0. It has been declared as problematic. Impacted is an
CVE-2025-7449 | GitLab Community Edition/Enterprise Edition up to 18.4.4/18.5.2/18.6.0 HTTP Response allocation of resources (Issue 554938)
A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 18.4.4/18.5.2/18.6.0. It has been rated as problematic.
CVE-2025-66040 | spotipy-dev spotipy up to 2.25.1 cross site scripting (GHSA-r77h-rpp9-w2xm)
A vulnerability categorized as problematic has been discovered in spotipy-dev spotipy up to 2.25.1. The impacted element is an unknown
CVE-2025-64330 | OISF Suricata up to 7.0.12/8.0.1 heap-based overflow (GHSA-83v7-gm34-f437)
A vulnerability identified as critical has been detected in OISF Suricata up to 7.0.12/8.0.1. This affects an unknown function. The
CVE-2025-64332 | OISF Suricata up to 7.0.12/8.0.1 Decompression stack-based overflow (GHSA-p32q-7wcp-gv92)
A vulnerability labeled as critical has been found in OISF Suricata up to 7.0.12/8.0.1. This impacts an unknown function of
CVE-2025-0657 | Automated Logic WebCtrl up to 8.5 drv_gen5_106 array index
A vulnerability marked as critical has been reported in Automated Logic WebCtrl up to 8.5. Affected is the function drv_gen5_106.
CVE-2025-64335 | OISF Suricata up to 8.0.1 base64_data null pointer dereference (GHSA-v299-h7p3-q4f2)
A vulnerability described as problematic has been identified in OISF Suricata up to 8.0.1. Affected by this vulnerability is the
CVE-2024-5539 | Automated Logic WebCTRL up to 8.5 authorization
A vulnerability classified as problematic has been found in Automated Logic WebCTRL up to 8.5. Affected by this issue is
CVE-2025-0658 | Automated Logic/Carrier Zone Controllers prior 6.06-101 BACnet Protocol denial of service
A vulnerability classified as problematic was found in Automated Logic/Carrier Zone Controllers. This affects an unknown part of the component