* bsc#1242882 * bsc#1245778 * bsc#1251983 Cross-References:LinuxSecurity – Security AdvisoriesRead More
Vulnerabilities
CVE-2025-33199 | NVIDIA DGX Spark GB10 SROOT Firmware control flow
A vulnerability has been found in NVIDIA DGX Spark GB10 and classified as problematic. This affects an unknown part of
CVE-2025-33205 | NVIDIA NeMo Framework inclusion of functionality from untrusted control sphere
A vulnerability was found in NVIDIA NeMo Framework and classified as critical. This vulnerability affects unknown code. Such manipulation leads
CVE-2025-64064 | Primakon Pi Portal 1.0.18 PATCH Request /api/v2/pp_users PP_SECURITY_PROFILE_ID access control
A vulnerability was found in Primakon Pi Portal 1.0.18. It has been classified as critical. This issue affects some unknown
CVE-2025-33203 | NVIDIA NeMo Agent ToolKit UI for Web API Endpoint server-side request forgery
A vulnerability was found in NVIDIA NeMo Agent ToolKit UI for Web. It has been declared as critical. Impacted is
CVE-2025-33189 | NVIDIA DGX Spark GB10 SROOT Firmware out-of-bounds write
A vulnerability was found in NVIDIA DGX Spark GB10. It has been rated as critical. The affected element is an
CVE-2025-61167 | SIGB PMB 8.0.1.14 ajax_selector.php id/datas sql injection
A vulnerability categorized as critical has been discovered in SIGB PMB 8.0.1.14. The impacted element is an unknown function of
CVE-2025-33187 | NVIDIA DGX Spark GB10 SROOT Firmware privileges management
A vulnerability identified as critical has been detected in NVIDIA DGX Spark GB10. This affects an unknown function of the
CVE-2025-33196 | NVIDIA DGX Spark GB10 SROOT Firmware sensitive information in resource not removed before reuse
A vulnerability labeled as problematic has been found in NVIDIA DGX Spark GB10. This impacts an unknown function of the
CVE-2025-64067 | Primakon Primakon Pi Portal 1.0.18 API Endpoint user_id/project_id information disclosure
A vulnerability marked as problematic has been reported in Primakon Primakon Pi Portal 1.0.18. Affected is an unknown function of
CVE-2025-33188 | NVIDIA DGX Spark GB10 privileges management
A vulnerability described as critical has been identified in NVIDIA DGX Spark GB10. Affected by this vulnerability is an unknown
CVE-2025-33190 | NVIDIA DGX Spark GB10 SROOT Firmware out-of-bounds write
A vulnerability classified as critical has been found in NVIDIA DGX Spark GB10. Affected by this issue is some unknown
CVE-2025-33193 | NVIDIA DGX Spark GB10 SROOT Firmware integrity check
A vulnerability classified as problematic was found in NVIDIA DGX Spark GB10. This affects an unknown part of the component
CVE-2025-33194 | NVIDIA DGX Spark GB10 SROOT Firmware incorrect behavior order: validate before canonicalize
A vulnerability, which was classified as problematic, has been found in NVIDIA DGX Spark GB10. This vulnerability affects unknown code
CVE-2025-33195 | NVIDIA DGX Spark GB10 SROOT Firmware memory corruption
A vulnerability, which was classified as critical, was found in NVIDIA DGX Spark GB10. This issue affects some unknown processing
CVE-2025-33191 | NVIDIA DGX Spark GB10 SROOT Firmware denial of service
A vulnerability has been found in NVIDIA DGX Spark GB10 and classified as problematic. Impacted is an unknown function of
CVE-2025-33192 | NVIDIA DGX Spark GB10 SROOT Firmware unchecked return value to null pointer dereference
A vulnerability was found in NVIDIA DGX Spark GB10 and classified as problematic. The affected element is an unknown function
CVE-2025-64062 | Primakon Pi Portal 1.0.18 /api/V2/pp_users?email improper authentication
A vulnerability was found in Primakon Pi Portal 1.0.18. It has been classified as critical. The impacted element is an
CVE-2025-61168 | SIGB PMB 8.0.1.14 cms_rest.php deserialization
A vulnerability was found in SIGB PMB 8.0.1.14. It has been declared as critical. This affects an unknown function of
CVE-2025-65960 | Contao CMS up to 4.13.56/5.3.41/5.6.4 Template::once Required type distinction
A vulnerability was found in Contao CMS up to 4.13.56/5.3.41/5.6.4. It has been rated as problematic. This impacts the function
openSUSE 15.3/15.6: Python39 Low Severity Issues Resolved 2025:4221-1
An update that solves two vulnerabilities can now be installed.LinuxSecurity – Security AdvisoriesRead More
openSUSE Leap 15.3: SUSE-SU-2025:4221-1 Low Threat Fix for python39
* bsc#1251305 * bsc#1252974 Cross-References: * CVE-2025-6075LinuxSecurity – Security AdvisoriesRead More
UBUNTU: Critical Spoofing Vulnerability Mitigation 2025:3333-2
* bsc#1252379 * bsc#1252380 Cross-References: * CVE-2025-40778LinuxSecurity – Security AdvisoriesRead More
SUSE: Moderate Update for govulncheck-vulndb – 2025:4220-1 Released
* jsc#PED-11136 Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6LinuxSecurity – Security AdvisoriesRead More
Fedora: secfix-check-security Moderate Patch 2025:6789-1
An update that contains one feature can now be installed.LinuxSecurity – Security AdvisoriesRead More
Critical Linux Kernel Issues Impacting Raspberry Pi on Ubuntu 24.04 LTS
Several security issues were fixed in the Linux kernel.LinuxSecurity – Security AdvisoriesRead More
CVE-2025-13595 | CIBELES AI Plugin up to 1.10.8 on WordPress actualizador_git.php unrestricted upload
A vulnerability marked as critical has been reported in CIBELES AI Plugin up to 1.10.8 on WordPress. This issue affects
CVE-2025-13597 | AI Feeds Plugin up to 1.0.11 on WordPress actualizador_git.php unrestricted upload
A vulnerability described as critical has been identified in AI Feeds Plugin up to 1.0.11 on WordPress. Impacted is an
CVE-2025-59369 | ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102 bwdpi sql injection
A vulnerability was found in ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102 and classified as critical. This affects an unknown function of the component
CVE-2025-59370 | ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102 bwdpi os command injection
A vulnerability was found in ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102. It has been classified as critical. This impacts an unknown function of
CVE-2025-59371 | ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102 IFTTT random values
A vulnerability was found in ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102. It has been declared as critical. Affected is an unknown function of
CVE-2025-59372 | ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102 path traversal
A vulnerability was found in ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102. It has been rated as critical. Affected by this vulnerability is an
CVE-2025-59365 | ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102 stack-based overflow
A vulnerability categorized as critical has been discovered in ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102. Affected by this issue is some unknown functionality.
CVE-2025-59366 | ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102 AiCloud path traversal
A vulnerability identified as critical has been detected in ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102. This affects an unknown part of the component
CVE-2025-59368 | ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102 AiCloud integer underflow
A vulnerability labeled as critical has been found in ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102. This vulnerability affects unknown code of the component
CVE-2025-62691 | Intercom Security Point of MaLion prior 7.1.1.9 on Windows Request stack-based overflow
A vulnerability classified as critical has been found in Intercom Security Point of MaLion and Security Point of MaLionCloud on
CVE-2025-64693 | Intercom Security Point of MaLion prior 7.1.1.9 on Windows Request heap-based overflow
A vulnerability classified as critical was found in Intercom Security Point of MaLion and Security Point of MaLionCloud on Windows.
CVE-2025-59485 | Intercom Security Point of MaLion up to 5.3.3 on Windows DLL File Parser uncontrolled search path
A vulnerability, which was classified as problematic, has been found in Intercom Security Point of MaLion up to 5.3.3 on
CVE-2025-12003 | ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102 WebDAV missing authentication
A vulnerability, which was classified as critical, was found in ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102. The affected element is an unknown function
CVE-2025-13502 | WebKitGTK/WPE WebKit GLib Remote Inspector Server integer overflow
A vulnerability has been found in WebKitGTK and WPE WebKit and classified as problematic. The impacted element is an unknown
CVE-2025-36150 | IBM Concert up to 2.0.0 risky encryption
A vulnerability was found in IBM Concert up to 2.0.0. It has been classified as problematic. This affects an unknown
CVE-2024-47856 | RSA Authentication Agent up to 7.4.6 unquoted search path
A vulnerability was found in RSA Authentication Agent up to 7.4.6. It has been declared as problematic. This impacts an
CVE-2025-13643 | MongoDB Server up to 7.0.25/8.0.13 authorization
A vulnerability was found in MongoDB Server up to 7.0.25/8.0.13. It has been rated as problematic. Affected is an unknown
CVE-2025-12742 | Google Looker up to 25.13 os command injection (gcp-2025-052)
A vulnerability categorized as critical has been discovered in Google Looker up to 25.13. Affected by this vulnerability is an
CVE-2025-13644 | MongoDB Server up to 7.0.25/8.0.12/8.1.1 Batched Delete assertion
A vulnerability identified as problematic has been detected in MongoDB Server up to 7.0.25/8.0.12/8.1.1. Affected by this issue is some
CVE-2025-54347 | Desktop Alert PingAlert up to 6.1.0.11/6.1.1.2 path traversal
A vulnerability labeled as critical has been found in Desktop Alert PingAlert up to 6.1.0.11/6.1.1.2. This affects an unknown part.
CVE-2025-65944 | getsentry sentry-javascript up to 10.26.x Cookie Header insertion of sensitive information into sent data (GHSA-6465-jgvq-jhgp)
A vulnerability marked as problematic has been reported in getsentry sentry-javascript up to 10.26.x. This vulnerability affects unknown code of
CVE-2025-62155 | QuantumNous new-api up to 0.9.5 302 Redirect server-side request forgery (GHSA-9f46-w24h-69w4)
A vulnerability described as critical has been identified in QuantumNous new-api up to 0.9.5. This issue affects some unknown processing
CVE-2025-13507 | MongoDB Server up to 7.0.25/8.0.15/8.2.0 improper validation of specified quantity in input (EUVD-2025-199533)
A vulnerability classified as critical has been found in MongoDB Server up to 7.0.25/8.0.15/8.2.0. Impacted is an unknown function. The
CVE-2025-64048 | YCCMS 3.4 Article Management ArticleAction.class.php add/getPost Title cross site scripting
A vulnerability classified as problematic was found in YCCMS 3.4. The affected element is the function add/getPost of the file
CVE-2025-0007 | AMD Xilinx Run Time up to 2025.0 improper adherence to coding standards
A vulnerability, which was classified as critical, has been found in AMD Xilinx Run Time up to 2025.0. The impacted
CVE-2025-64730 | Sony SNC-CX600W cross site scripting
A vulnerability, which was classified as problematic, was found in Sony SNC-CX600W. This affects an unknown function. Such manipulation leads
CVE-2025-52539 | AMD Xilinx Run Time up to 2025.0 Advanced Extensible Interface stack-based overflow
A vulnerability has been found in AMD Xilinx Run Time up to 2025.0 and classified as critical. This impacts an
CVE-2025-59373 | ASUS MyASUS 3.1.2.0 System Control Interface permission assignment
A vulnerability was found in ASUS MyASUS 3.1.2.0 and classified as critical. Affected is an unknown function of the component
CVE-2025-54338 | Desktop Alert PingAlert up to 6.1.0.11/6.1.1.2 access control
A vulnerability was found in Desktop Alert PingAlert up to 6.1.0.11/6.1.1.2. It has been classified as critical. Affected by this
CVE-2025-64047 | OpenRapid RapidCMS 1.3.1 /user/user-move.php cross site scripting
A vulnerability was found in OpenRapid RapidCMS 1.3.1. It has been declared as problematic. Affected by this issue is some
CVE-2025-54341 | Desktop Alert PingAlert up to 6.1.0.11/6.1.1.2 Configuration hard-coded credentials
A vulnerability was found in Desktop Alert PingAlert up to 6.1.0.11/6.1.1.2. It has been rated as critical. This affects an
CVE-2025-56400 | Tuya SDK 6.5.0 on Android/iOS cross-site request forgery
A vulnerability categorized as problematic has been discovered in Tuya SDK 6.5.0 on Android/iOS. This vulnerability affects unknown code. Such
CVE-2025-0005 | AMD Xilinx Run Time up to 2025.0 XOCL Driver integer overflow
A vulnerability identified as problematic has been detected in AMD Xilinx Run Time up to 2025.0. This issue affects some
CVE-2025-48510 | AMD μProf up to 4.x KSLR status code
A vulnerability labeled as critical has been found in AMD μProf up to 4.x. Impacted is an unknown function of
CVE-2025-52538 | AMD Xilinx Run Time up to 2025.0 XOCL Driver integer overflow
A vulnerability marked as problematic has been reported in AMD Xilinx Run Time up to 2025.0. The affected element is
CVE-2025-0003 | AMD Xilinx Run Time up to 2025.0 improper resource locking
A vulnerability described as problematic has been identified in AMD Xilinx Run Time up to 2025.0. The impacted element is
CVE-2025-29933 | AMD μProf up to 5.0 out-of-bounds write
A vulnerability classified as critical has been found in AMD μProf up to 5.0. This affects an unknown function. This
CVE-2025-63498 | Alinto SOGo 5.12.3 Username cross site scripting
A vulnerability classified as problematic was found in Alinto SOGo 5.12.3. This impacts an unknown function. Such manipulation of the
CVE-2025-48511 | AMD μProf up to 4.x improper validation of specified index, position, or offset in input
A vulnerability, which was classified as problematic, has been found in AMD μProf up to 4.x. Affected is an unknown
CVE-2025-63674 | Blurams Camera A31C 23.1227.472.2926 Bootloader command injection
A vulnerability, which was classified as critical, was found in Blurams Camera A31C 23.1227.472.2926. Affected by this vulnerability is an
CVE-2025-64304 | Fuji Television Network FOD App up to 5.1.x on Android/iOS hard-coded key
A vulnerability has been found in Fuji Television Network FOD App up to 5.1.x on Android/iOS and classified as problematic.
CVE-2025-12040 | Premmerce Wishlist for WooCommerce Plugin up to 1.0.9 on WordPress class-th-wishlist-frontend.php resource injection
A vulnerability was found in Premmerce Wishlist for WooCommerce Plugin up to 1.0.9 on WordPress and classified as critical. This
CVE-2025-13376 | ProjectList Plugin up to 0.3.0 on WordPress unrestricted upload
A vulnerability was found in ProjectList Plugin up to 0.3.0 on WordPress. It has been classified as critical. This vulnerability
CVE-2025-13389 | Admin and Customer Messages after Order for WooCommerce Plugin get_order_by_id authorization
A vulnerability was found in Admin and Customer Messages after Order for WooCommerce Plugin on WordPress. It has been declared
CVE-2025-12043 | Autochat Automatic Conversation Plugin up to 1.1.9 on WordPress AJAX Endpoint wp_ajax_nopriv_auycht_saveCid authorization
A vulnerability was found in Autochat Automatic Conversation Plugin up to 1.1.9 on WordPress. It has been rated as problematic.
CVE-2025-13452 | Admin and Customer Messages after Order for WooCommerce Plugin REST Endpoint authorization
A vulnerability categorized as critical has been discovered in Admin and Customer Messages after Order for WooCommerce Plugin up to
CVE-2025-12634 | Refund Request for WooCommerce Plugin up to 1.0 on WordPress Refund Status Update update_refund_status authorization
A vulnerability identified as problematic has been detected in Refund Request for WooCommerce Plugin up to 1.0 on WordPress. The
CVE-2025-12525 | Locker Content Plugin up to 1.0.0 on WordPress AJAX Endpoint lockerco_submit_post information disclosure
A vulnerability labeled as problematic has been found in Locker Content Plugin up to 1.0.0 on WordPress. This affects the
CVE-2025-13386 | Social Images Widget Plugin up to 2.1 on WordPress options_update authorization
A vulnerability marked as critical has been reported in Social Images Widget Plugin up to 2.1 on WordPress. This impacts
CVE-2025-13404 | atec Duplicate Page & Post Plugin up to 1.2.20 on WordPress duplicate_post authorization
A vulnerability described as critical has been identified in atec Duplicate Page & Post Plugin up to 1.2.20 on WordPress.
CVE-2025-13382 | Frontend File Manager Plugin up to 23.4 on WordPress REST API Endpoint /wpfm/v1/file-rename fileid resource injection
A vulnerability classified as problematic has been found in Frontend File Manager Plugin up to 23.4 on WordPress. Affected by
CVE-2025-13380 | AI Engine Plugin up to 1.0.1 on WordPress AJAX Endpoint file_get_contents path traversal
A vulnerability classified as critical was found in AI Engine Plugin up to 1.0.1 on WordPress. Affected by this issue
CVE-2025-13405 | Ace Post Type Builder Plugin up to 1.9 on WordPress cptb_delete_custom_taxonomy authorization
A vulnerability, which was classified as problematic, has been found in Ace Post Type Builder Plugin up to 1.9 on
CVE-2025-13370 | ProjectList Plugin up to 0.3.0 on WordPress ID sql injection
A vulnerability, which was classified as critical, was found in ProjectList Plugin up to 0.3.0 on WordPress. This vulnerability affects
CVE-2025-13385 | Bookme Plugin up to 4.2 on WordPress filter[status] sql injection
A vulnerability has been found in Bookme Plugin up to 4.2 on WordPress and classified as critical. This issue affects
CVE-2025-13414 | Morgan Kay Chamber Dashboard Business Directory Plugin up to 3.3.11 on WordPress cdash_watch_for_export authorization
A vulnerability was found in Morgan Kay Chamber Dashboard Business Directory Plugin up to 3.3.11 on WordPress and classified as
CVE-2025-12025 | YouTube Subscribe Plugin up to 3.0.0 on WordPress Title/Channel ID cross site scripting
A vulnerability was found in YouTube Subscribe Plugin up to 3.0.0 on WordPress. It has been classified as problematic. The
CVE-2025-12645 | Inline Frame Plugin up to 0.1 on WordPress Shortcode cross site scripting
A vulnerability was found in Inline Frame Plugin up to 0.1 on WordPress. It has been declared as problematic. The
CVE-2025-12032 | Zweb Social Mobile Plugin up to 1.0.0 on WordPress cross site scripting
A vulnerability was found in Zweb Social Mobile Plugin up to 1.0.0 on WordPress. It has been rated as problematic.
CVE-2025-12586 | Conditional Maintenance Mode Plugin up to 1.0.0 on WordPress cross-site request forgery
A vulnerability categorized as problematic has been discovered in Conditional Maintenance Mode Plugin up to 1.0.0 on WordPress. This impacts
CVE-2025-13467 | Keycloak LDAP User Federation deserialization
A vulnerability identified as critical has been detected in Keycloak. Affected is an unknown function of the component LDAP User
CVE-2025-13311 | Just Highlight Plugin up to 1.0.3 on WordPress Setting Highlight Color cross site scripting
A vulnerability labeled as problematic has been found in Just Highlight Plugin up to 1.0.3 on WordPress. Affected by this
CVE-2025-12587 | Peer Publish Plugin up to 1.0 on WordPress cross-site request forgery
A vulnerability marked as problematic has been reported in Peer Publish Plugin up to 1.0 on WordPress. Affected by this
CVE-2025-13383 | BestWebSoft Job Board Plugin up to 1.2.1 on WordPress update_user_meta cross-site request forgery
A vulnerability described as problematic has been identified in BestWebSoft Job Board Plugin up to 1.2.1 on WordPress. This affects
CVE-2023-7330 | Beijing Star-Net Ruijie Network NBR Router 2025-01-14 Endpoint fileupload.php uploadDir unrestricted upload
A vulnerability was found in Beijing Star-Net Ruijie Network NBR Router 2025-01-14. It has been rated as critical. The impacted
CVE-2025-12893 | MongoDB Server up to 7.0.25/8.0.15/8.2.1 on Windows/Apple certificate validation
A vulnerability categorized as critical has been discovered in MongoDB Server up to 7.0.25/8.0.15/8.2.1 on Windows/Apple. This affects an unknown
CVE-2025-36112 | IBM Sterling B2B Integrator/Sterling File Gateway up to 6.1.2.7/6.2.0.5/6.2.1.1 IP Configuration exposure of sensitive system information to an unauthorized control sphere
A vulnerability identified as problematic has been detected in IBM Sterling B2B Integrator and Sterling File Gateway up to 6.1.2.7/6.2.0.5/6.2.1.1.
CVE-2025-62497 | Sony SNC-CX600W up to 2.7.x cross-site request forgery
A vulnerability labeled as problematic has been found in Sony SNC-CX600W up to 2.7.x. Affected is an unknown function. The
CVE-2025-64761 | OpenBao up to 2.4.3 privileges assignment (GHSA-7ff4-jw48-3436)
A vulnerability marked as critical has been reported in OpenBao up to 2.4.3. Affected by this vulnerability is an unknown
CVE-2025-65951 | mescuwa entropy-derby information disclosure (GHSA-pm54-f847-w4mh)
A vulnerability described as problematic has been identified in mescuwa entropy-derby. Affected by this issue is some unknown functionality. Such
CVE-2025-63914 | Cinnamon Kotaemon 0.11.0 ZIP File ui.py _may_extract_zip resource consumption
A vulnerability classified as problematic has been found in Cinnamon Kotaemon 0.11.0. This affects the function _may_extract_zip of the file
Gentoo: UDisks High Risk Arbitrary Code Exec Vulnerability GLSA 202511-01
Multiple vulnerabilities have been discovered in UDisks, the worst of which can lead to execution of arbitrary code.LinuxSecurity – Security
Gentoo: GLSA 202511-04 for Chromium High Remote Code Execution Risk
Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution.LinuxSecurity
Gentoo: qtsvg High Risk Arbitrary Code Execution GLSA-202511-03
Multiple vulnerabilities have been discovered in qtsvg, the worst of which could lead to execution of arbitrary code.LinuxSecurity – Security
Gentoo: WebKitGTK+ High Multiple Threats GLSA-202511-02
Multiple vulnerabilities have been discovered in WebKitGTK+, the worst of which can lead to execution of arbitary code.LinuxSecurity – Security