The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:LinuxSecurity – Security AdvisoriesRead More
Vulnerabilities
CVE-2025-65267 | ERPNext/Frappe SVG Avatar Image cross site scripting
A vulnerability was found in ERPNext and Frappe and classified as problematic. Affected by this issue is some unknown functionality
CVE-2025-55182 | Meta react-server-dom-webpack 19.0.0/19.1.0/19.1.1/19.2.0 React Server deserialization
A vulnerability was found in Meta react-server-dom-webpack, react-server-dom-turbopack and react-server-dom-parcel 19.0.0/19.1.0/19.1.1/19.2.0. It has been classified as critical. This affects an
CVE-2025-57199 | AVTECH DGM1104 FullImg-1015-1004-1006-1003 NetFailDetectD command injection
A vulnerability was found in AVTECH DGM1104 FullImg-1015-1004-1006-1003. It has been declared as critical. This vulnerability affects unknown code of
CVE-2025-7044 | Ubuntu MAAS up to 3.3.10/3.4.8/3.5.8/3.6.1 WebSocket Request is_superuser privileges management
A vulnerability was found in Ubuntu MAAS up to 3.3.10/3.4.8/3.5.8/3.6.1. It has been rated as critical. This issue affects some
openSUSE Leap 16.0 Python-Cbor2 Important Issues Addressed 2025-20133-1
An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.LinuxSecurity – Security AdvisoriesRead More
CVE-2025-13947 | WebKitGTK information disclosure
A vulnerability described as problematic has been identified in WebKitGTK. The affected element is an unknown function. The manipulation results
CVE-2025-39665 | Nagvis Checkmk MultisiteAuth up to 1.9.47 information exposure
A vulnerability classified as problematic has been found in Nagvis Checkmk MultisiteAuth up to 1.9.47. The impacted element is an
Debian 11: Mako Important Denial of Service Fix DLA-4393-1 CVE-2022-40023
It was found that Mako, a Python template library, was vulnerable to a denial of service attack via crafted regular
CVE-2025-13945 | Wireshark 4.6.0 HTTP3 Dissector improperly controlled sequential memory allocation (ID 20860)
A vulnerability was found in Wireshark 4.6.0. It has been classified as problematic. Affected is an unknown function of the
CVE-2025-13946 | Wireshark up to 4.4.10/4.6.0 MEGACO Dissector infinite loop (ID 20884)
A vulnerability was found in Wireshark up to 4.4.10/4.6.0. It has been declared as problematic. Affected by this vulnerability is
CVE-2025-12744 | ABRT up to 2.17.6 os command injection
A vulnerability was found in ABRT up to 2.17.6. It has been rated as critical. Affected by this issue is
CVE-2025-13472 | Perforce BlazeMeter Plugin up to 4.26 on Jenkins authorization
A vulnerability categorized as problematic has been discovered in Perforce BlazeMeter Plugin up to 4.26 on Jenkins. This affects an
CVE-2025-29864 | ESTsoft ALZip up to 12.28 on Windows protection mechanism
A vulnerability identified as critical has been detected in ESTsoft ALZip up to 12.28 on Windows. This vulnerability affects unknown
CVE-2025-13948 | opsre go-ldap-admin up to 20251011 JWT docker-compose.yaml secret key hard-coded key
A vulnerability labeled as problematic has been found in opsre go-ldap-admin up to 20251011. This issue affects some unknown processing
CVE-2025-13949 | ProudMuBai GoFilm 1.0.0/1.0.1 FileController.go SingleUpload File unrestricted upload
A vulnerability marked as critical has been reported in ProudMuBai GoFilm 1.0.0/1.0.1. Impacted is the function SingleUpload of the file
Fedora 41 Applies Critical Security Patch for NextCloud 32.0.3 Update
32.0.2 release RHBZ#2416087 RHBZ#2415750 RHBZ#2415751 RHBZ#2415752 RHBZ#2415753LinuxSecurity – Security AdvisoriesRead More
Fedora 41: restic 0.18.1 Advisory – Urgent Security Concerns Identified
Update to 0.18.1LinuxSecurity – Security AdvisoriesRead More
Fedora 41: openbao 2.4.4 Important Security Issues DoS 2025-45a7dd8f10
update to upstream 2.4.4, which fixed CVE-2025-64761 Adds hsm tag. The fedora-41 build was done with golang-1.24.10 which fixed CVE-2025-58189,
CVE-2025-64298 | Mirion Medical EC2 Software NMIS BioDose up to 22.02 Microsoft SQLServer Express permission assignment (icsma-25-336-01)
A vulnerability classified as critical has been found in Mirion Medical EC2 Software NMIS BioDose up to 22.02. Affected by
CVE-2025-62575 | Mirion Medical EC2 Software NMIS BioDose up to 22.02 Microsoft SQL Server Database permission assignment (icsma-25-336-01)
A vulnerability classified as critical was found in Mirion Medical EC2 Software NMIS BioDose up to 22.02. This affects an
CVE-2025-65657 | FeehiCMS 2.1.1 unrestricted upload (Issue 78)
A vulnerability, which was classified as critical, has been found in FeehiCMS 2.1.1. This vulnerability affects unknown code. The manipulation
CVE-2025-65380 | PHPGurukul Billing System 1.0 /admin/index.php Username sql injection
A vulnerability, which was classified as critical, was found in PHPGurukul Billing System 1.0. This issue affects some unknown processing
CVE-2025-12954 | MotoPress Timetable and Event Schedule Plugin up to 2.4.15 on WordPress authorization (EUVD-2025-200729)
A vulnerability has been found in MotoPress Timetable and Event Schedule Plugin up to 2.4.15 on WordPress and classified as
CVE-2025-66476 | Vim up to 9.1.1946 on Windows cmd.exe uncontrolled search path (GHSA-g77q-xrww-p834 / 083ec6d9a3b7b09006e0ce69ac802597d25)
A vulnerability was found in Vim up to 9.1.1946 on Windows and classified as problematic. The affected element is an
CVE-2025-65955 | ImageMagick up to 6.9.13-33/7.1.2-8 Magick++ Layer Options::fontFamily double free (GHSA-q3hc-j9x5-mp9m)
A vulnerability was found in ImageMagick up to 6.9.13-33/7.1.2-8. It has been classified as critical. The impacted element is the
CVE-2025-61940 | Mirion Medical EC2 Software NMIS BioDose up to 22.02 SQL Server client-side authentication (icsma-25-336-01)
A vulnerability was found in Mirion Medical EC2 Software NMIS BioDose up to 22.02. It has been declared as critical.
CVE-2025-64642 | Mirion Medical EC2 Software NMIS BioDose up to 22.02 Installation Directory permission assignment (icsma-25-336-01)
A vulnerability was found in Mirion Medical EC2 Software NMIS BioDose up to 22.02. It has been rated as problematic.
CVE-2025-64778 | Mirion Medical EC2 Software NMIS BioDose up to 22.02 hard-coded credentials (icsma-25-336-01)
A vulnerability categorized as critical has been discovered in Mirion Medical EC2 Software NMIS BioDose up to 22.02. Affected is
CVE-2025-55181 | Facebook proxygen up to 2025.12.01.00 Body proxygen::coro iteration
A vulnerability identified as problematic has been detected in Facebook proxygen up to 2025.12.01.00. Affected by this vulnerability is the
CVE-2025-13342 | DynamiApps Frontend Admin Plugin up to 3.28.20 on WordPress ActionOptions::run
A vulnerability labeled as critical has been found in DynamiApps Frontend Admin Plugin up to 3.28.20 on WordPress. Affected by
CVE-2025-13390 | WP Directory Kit Plugin up to 1.4.4 on WordPress wdk_generate_auto_login_link improper authentication
A vulnerability marked as critical has been reported in WP Directory Kit Plugin up to 1.4.4 on WordPress. This affects
CVE-2025-13109 | Husky Plugin up to 1.3.7.2 on WordPress woof_add_query/woof_remove_query resource injection
A vulnerability described as critical has been identified in Husky Plugin up to 1.3.7.2 on WordPress. This vulnerability affects the
CVE-2025-13756 | Fluent Booking Plugin up to 1.9.11 on WordPress importCalendar authorization
A vulnerability classified as critical has been found in Fluent Booking Plugin up to 1.9.11 on WordPress. This issue affects
CVE-2025-12358 | ShopEngine Plugin up to 4.8.5 on WordPress Wishlist post_add_to_list cross-site request forgery
A vulnerability classified as problematic was found in ShopEngine Plugin up to 4.8.5 on WordPress. Impacted is the function post_add_to_list
CVE-2025-13354 | Tag, Category, and Taxonomy Manager Plugin up to 3.40.1 on WordPress taxopress_merge_terms_batch authorization
A vulnerability, which was classified as problematic, has been found in Tag, Category, and Taxonomy Manager Plugin up to 3.40.1
CVE-2025-13359 | Tag, Category, and Taxonomy Manager Plugin up to 3.40.1 on WordPress sql injection
A vulnerability, which was classified as critical, was found in Tag, Category, and Taxonomy Manager Plugin up to 3.40.1 on
CVE-2025-12887 | Post SMTP Plugin up to 3.6.1 on WordPress handle_gmail_oauth_redirect authorization
A vulnerability has been found in Post SMTP Plugin up to 3.6.1 on WordPress and classified as problematic. This affects
CVE-2025-13401 | Autoptimize Plugin up to 3.1.13 on WordPress create_img_preload_tag cross site scripting
A vulnerability was found in Autoptimize Plugin up to 3.1.13 on WordPress and classified as problematic. This impacts the function
Fedora 43: openbao Critical Root Escalation Fix 2025-c7f4367479
update to upstream 2.4.4, fixing CVE-2025-64761. Adds hsm tag. The fedora-43 build was done with golang-1.25.4 which fixed CVE-2025-58189, CVE-2025-58188,
Fedora 42: rclone Security Advisory RHSA-2025:5f73919942 – Update 1.72.0
Update to 1.72.0LinuxSecurity – Security AdvisoriesRead More
Fedora 42: Crucial Restic Security Advisory CVE-2025-47910 Update
Update to 0.18.1LinuxSecurity – Security AdvisoriesRead More
Fedora 42: Critical NextCloud 32.0.2 Authorization Bypass Advisory
32.0.2 release RHBZ#2416087 RHBZ#2415750 RHBZ#2415751 RHBZ#2415752 RHBZ#2415753LinuxSecurity – Security AdvisoriesRead More
Fedora 42: TigerVNC Important CVE Fixes for Remote Access 2025-f59b250c31
Fix recent xorg-x11-server CVEs: Fixes: CVE-2025-62229 CVE-2025-62230 CVE-2025-62231LinuxSecurity – Security AdvisoriesRead More
Fedora 42: openbao Critical CVE-2025-64761 Privileged Escalation Advisory
update to upstream 2.4.4, which fixed CVE-2025-64761 Adds hsm tag. The fedora-42 build was done with golang-1.24.10 which fixed CVE-2025-58183.LinuxSecurity
Debian: Critical Denial of Service & Privilege Escalation DSA-6067-1
Two security vulnerabilities were discovered in the Containerd container runtime, which may result in denial of service or local privilege
Debian 11: Xen Critical Privilege Escalation DSA-6068-1 CVE-2024-28956
Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in memory disclosure, denial of service or privilege
CVE-2025-13633 | Google Chrome up to 142.0.7444.175 Digital Credentials use after free (ID 458082)
A vulnerability identified as critical has been detected in Google Chrome. Impacted is an unknown function of the component Digital
CVE-2025-13630 | Google Chrome up to 142.0.7444.175 V8 type confusion (ID 456547)
A vulnerability labeled as critical has been found in Google Chrome. The affected element is an unknown function of the
CVE-2025-13631 | Google Chrome up to 142.0.7444.175 on macOS Google Updater Remote Code Execution (ID 448113)
A vulnerability marked as critical has been reported in Google Chrome on macOS. The impacted element is an unknown function
CVE-2025-13636 | Google Chrome up to 142.0.7444.175 Split View ui layer (ID 446181)
A vulnerability described as problematic has been identified in Google Chrome. This affects an unknown function of the component Split
CVE-2025-13637 | Google Chrome up to 142.0.7444.175 Downloads access control (ID 392375)
A vulnerability classified as critical has been found in Google Chrome. This impacts an unknown function of the component Downloads.
CVE-2025-13638 | Google Chrome up to 142.0.7444.175 Media Stream use after free (ID 448046)
A vulnerability classified as critical was found in Google Chrome. Affected is an unknown function of the component Media Stream.
CVE-2025-13639 | Google Chrome up to 142.0.7444.175 WebRTC access control (ID 448408)
A vulnerability, which was classified as critical, has been found in Google Chrome. Affected by this vulnerability is an unknown
CVE-2025-13720 | Google Chrome up to 142.0.7444.175 Loader type conversion (ID 457818)
A vulnerability, which was classified as critical, was found in Google Chrome. Affected by this issue is some unknown functionality
CVE-2025-13632 | Google Chrome up to 142.0.7444.175 DevTools sandbox (ID 439058)
A vulnerability has been found in Google Chrome and classified as critical. This affects an unknown part of the component
CVE-2025-65379 | PHPGurukul Billing System 1.0 password-recovery.php username/mobileno sql injection
A vulnerability was found in PHPGurukul Billing System 1.0 and classified as critical. This vulnerability affects unknown code of the
CVE-2025-13634 | Google Chrome up to 142.0.7444.175 on Windows Downloads Remote Code Execution (ID 429140)
A vulnerability was found in Google Chrome on Windows. It has been classified as critical. This issue affects some unknown
CVE-2025-13635 | Google Chrome up to 142.0.7444.175 Downloads ui layer (ID 405727)
A vulnerability was found in Google Chrome. It has been declared as problematic. Impacted is an unknown function of the
CVE-2025-13640 | Google Chrome up to 142.0.7444.175 Passwords improper authentication (ID 452071)
A vulnerability was found in Google Chrome. It has been rated as critical. The affected element is an unknown function
CVE-2025-13721 | Google Chrome up to 142.0.7444.175 v8 race condition (ID 355120)
A vulnerability categorized as problematic has been discovered in Google Chrome. The impacted element is an unknown function of the
CVE-2025-61729 | crypto-x509 up to 1.24.10/1.25.4 on Go HostnameError.Error resource consumption
A vulnerability identified as problematic has been detected in crypto-x509 up to 1.24.10/1.25.4 on Go. This affects the function HostnameError.Error.
CVE-2025-65877 | Lvzhou CMS Title sql injection
A vulnerability labeled as critical has been found in Lvzhou CMS. This impacts an unknown function of the component com.wanli.lvzhoucms.service.ContentService#findPage.
CVE-2025-66468 | aimeos ai-cms-grapesjs cross site scripting (GHSA-424m-fj2q-g7vg)
A vulnerability marked as problematic has been reported in aimeos ai-cms-grapesjs. Affected is an unknown function. This manipulation causes cross
CVE-2025-13486 | Advanced Custom Fields Plugin up to 0.9.1.1 on WordPress prepare_form Remote Code Execution
A vulnerability described as critical has been identified in Advanced Custom Fields Plugin up to 0.9.1.1 on WordPress. Affected by
CVE-2025-65105 | Apptainer up to 1.4.4 symlink (GHSA-j3rw-fx6g-q46j)
A vulnerability was found in Apptainer up to 1.4.4. It has been classified as critical. The affected element is an
CVE-2025-66416 | modelcontextprotocol python-sdk up to 1.22.x insecure default initialization of resource
A vulnerability was found in modelcontextprotocol python-sdk up to 1.22.x. It has been declared as problematic. The impacted element is
CVE-2025-12630 | Upload.am Plugin up to 1.0.0 on WordPress AJAX Request authorization
A vulnerability was found in Upload.am Plugin up to 1.0.0 on WordPress. It has been rated as problematic. This affects
CVE-2025-65358 | edoc-doctor-appointment-system 1.0.1 /admin/appointment.php docid sql injection
A vulnerability categorized as critical has been discovered in edoc-doctor-appointment-system 1.0.1. This impacts an unknown function of the file /admin/appointment.php.
CVE-2025-65656 | Dcat-Admin up to 2.2.3-beta VersionManager.php file inclusion
A vulnerability identified as problematic has been detected in Dcat-Admin up to 2.2.3-beta. Affected is an unknown function of the
CVE-2025-13827 | Mautic up to 4.4.17/5.2.8/6.0.6 GrapesJS Builder unrestricted upload (GHSA-5xw2-57jx-pgjp)
A vulnerability labeled as critical has been found in Mautic up to 4.4.17/5.2.8/6.0.6. Affected by this vulnerability is an unknown
CVE-2025-64750 | sylabs singularity up to 4.1.10/4.3.4 /proc symlink (GHSA-fh74-hm69-rqjw)
A vulnerability marked as critical has been reported in sylabs singularity up to 4.1.10/4.3.4. Affected by this issue is some
CVE-2025-66399 | Cacti up to 1.2.28 SNMP command injection (GHSA-c7rr-2h93-7gjf)
A vulnerability described as critical has been identified in Cacti up to 1.2.28. This affects an unknown part of the
CVE-2025-60736 | code-projects Online Medicine Guide 1.0 /login.php upass sql injection
A vulnerability classified as critical has been found in code-projects Online Medicine Guide 1.0. This vulnerability affects unknown code of
CVE-2025-58113 | PDF-XChange Editor 10.7.3.401 EMF File Parser out-of-bounds (TALOS-2025-2280)
A vulnerability classified as problematic was found in PDF-XChange Editor 10.7.3.401. This issue affects some unknown processing of the component
CVE-2025-58386 | Terminalfour up to 8.4.1.1 User Management userLevel improper authorization
A vulnerability, which was classified as critical, has been found in Terminalfour up to 8.4.1.1. Impacted is an unknown function
CVE-2025-13828 | Mautic up to 4.4.17/5.2.8/6.0.6 authorization (GHSA-3fq7-c5m8-g86x)
A vulnerability, which was classified as critical, was found in Mautic up to 4.4.17/5.2.8/6.0.6. The affected element is an unknown
CVE-2025-60854 | D-Link R15 up to 1.20.01 Password Change model name command injection
A vulnerability has been found in D-Link R15 up to 1.20.01 and classified as critical. The impacted element is an
CVE-2025-66409 | Espressif ESP-IDF up to 5.1.6/5.2.6/5.3.4/5.4.3/5.5.1 out-of-bounds
A vulnerability was found in Espressif ESP-IDF up to 5.1.6/5.2.6/5.3.4/5.4.3/5.5.1 and classified as problematic. This affects an unknown function. Such
CVE-2025-66414 | modelcontextprotocol typescript-sdk up to 1.23.x insecure default initialization of resource
A vulnerability was found in modelcontextprotocol typescript-sdk up to 1.23.x. It has been classified as problematic. This impacts an unknown
CVE-2025-65215 | SourceCodester Web-based Pharmacy Product Management System 1.0 add-supplier.php Name cross site scripting
A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been declared as problematic. Affected is
CVE-2025-65881 | SourceCodester Zoo Management System 1.0 /classes/Login.php cross site scripting
A vulnerability was found in SourceCodester Zoo Management System 1.0. It has been rated as problematic. Affected by this vulnerability
CVE-2025-65187 | CiviCRM up to 6.6 Accounting Batches cross site scripting
A vulnerability categorized as problematic has been discovered in CiviCRM up to 6.6. Affected by this issue is some unknown
CVE-2025-52622 | HCL BigFix SaaS Remediate insecure default initialization of resource (KB0127171)
A vulnerability identified as critical has been detected in HCL BigFix SaaS Remediate. This affects an unknown part. This manipulation
CVE-2025-65844 | EverShop 2.0.1 /api/images unrestricted upload (Issue 819)
A vulnerability labeled as critical has been found in EverShop 2.0.1. This vulnerability affects unknown code of the file /api/images.
CVE-2025-65186 | Grav CMS 1.7.49 Page Editor cross site scripting
A vulnerability marked as problematic has been reported in Grav CMS 1.7.49. This issue affects some unknown processing of the
CVE-2025-64070 | SourceCodester Student Grades Management System 1.0 Add New Subject Description cross site scripting
A vulnerability described as problematic has been identified in SourceCodester Student Grades Management System 1.0. Impacted is an unknown function.
CVE-2025-66454 | ArcadeAI arcade-mcp up to 1.5.3 hard-coded key
A vulnerability classified as critical has been found in ArcadeAI arcade-mcp up to 1.5.3. The affected element is an unknown
CVE-2025-34352 | JumpCloud Remote Assist up to 0.316.x on Windows DeleteFileW temp file
A vulnerability classified as critical was found in JumpCloud Remote Assist up to 0.316.x on Windows. The impacted element is
CVE-2025-66460 | lookyloo up to 1.35.2 cross site scripting
A vulnerability, which was classified as problematic, has been found in lookyloo up to 1.35.2. This affects an unknown function.
CVE-2025-66459 | lookyloo up to 1.35.2 Error cross site scripting
A vulnerability, which was classified as problematic, was found in lookyloo up to 1.35.2. This impacts an unknown function. Such
CVE-2025-66458 | lookyloo up to 1.35.2 cross site scripting
A vulnerability has been found in lookyloo up to 1.35.2 and classified as problematic. Affected is an unknown function. Performing
CVE-2025-65896 | long2ice assyncmy up to 0.2.10 Dict Key sql injection
A vulnerability was found in long2ice assyncmy up to 0.2.10 and classified as critical. Affected by this vulnerability is an
CVE-2025-10304 | Everest Backup Plugin up to 2.3.8 on WordPress process_status_unlink authorization
A vulnerability was found in Everest Backup Plugin up to 2.3.8 on WordPress. It has been classified as critical. Affected
CVE-2025-57850 | codeready-ws /etc/passwd permission
A vulnerability was found in codeready-ws. It has been declared as critical. This affects an unknown part of the file
CVE-2025-13510 | Iskra iHUB/iHUB Lite missing authentication (icsa-25-336-02)
A vulnerability was found in Iskra iHUB and iHUB Lite. It has been rated as critical. This vulnerability affects unknown
CVE-2025-13658 | Industrial Video & Control Longwatch up to 6.334 HTTP GET Request code injection (icsa-25-336-01)
A vulnerability categorized as critical has been discovered in Industrial Video & Control Longwatch up to 6.334. This issue affects
CVE-2025-13372 | Django up to 4.2.26/5.1.14/5.2.8 FilteredRelation QuerySet.annotate/QuerySet.alias sql injection (EUVD-2025-200249)
A vulnerability classified as critical has been found in Django up to 4.2.26/5.1.14/5.2.8. Affected by this vulnerability is the function
CVE-2025-64460 | Django up to 4.2.26/5.1.14/5.2.8 algorithmic complexity (EUVD-2025-200248)
A vulnerability classified as problematic was found in Django up to 4.2.26/5.1.14/5.2.8. Affected by this issue is some unknown functionality
CVE-2025-59703 | Entrust nShield Connect XC/nShield 5c/nShield HSMi up to 13.6.11/13.7
A vulnerability, which was classified as problematic, has been found in Entrust nShield Connect XC, nShield 5c and nShield HSMi
CVE-2025-59704 | Entrust nShield Connect XC/nShield 5c/nShield HSMi up to 13.6.11/13.7 BIOS Menu Local Privilege Escalation
A vulnerability, which was classified as critical, was found in Entrust nShield Connect XC, nShield 5c and nShield HSMi up