Vulnerabilities

  

CVE-2025-43357 | Apple iOS/iPadOS up to 18.7 App information disclosure

A vulnerability classified as problematic was found in Apple iOS and iPadOS. Affected by this vulnerability is an unknown functionality

  

CVE-2025-43357 | Apple macOS up to 18.4 App information disclosure

A vulnerability, which was classified as problematic, has been found in Apple macOS. Affected by this issue is some unknown

  

CVE-2025-56274 | SourceCodester Web-based Pharmacy Product Management System 1.0 access control

A vulnerability, which was classified as critical, was found in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an

  

CVE-2025-59056 | FreePBX up to 15.0.37/16.0.40/17.0.20 Administrator Control Panel Web Interface path traversal (GHSA-frc2-jhgg-rwpr)

A vulnerability was found in FreePBX up to 15.0.37/16.0.40/17.0.20 and classified as critical. This issue affects some unknown processing of

  

CVE-2025-55211 | FreePBX up to 17.0.20 Administrator Control Panel os command injection (GHSA-xg83-m6q5-q24h)

A vulnerability has been found in FreePBX up to 17.0.20 and classified as critical. This vulnerability affects unknown code of

  

CVE-2025-43368 | Apple iOS/iPadOS up to 18.7 Web use after free

A vulnerability was found in Apple iOS and iPadOS. It has been classified as critical. Impacted is an unknown function

  

CVE-2025-43368 | Apple Safari up to 18.4 Web use after free

A vulnerability was found in Apple Safari. It has been declared as critical. The affected element is an unknown function

  

CVE-2025-43368 | Apple macOS up to 18.4 Web use after free

A vulnerability was found in Apple macOS. It has been rated as critical. The impacted element is an unknown function

  

CVE-2025-43372 | Apple iOS/iPadOS up to 18.7 Media File memory corruption

A vulnerability identified as critical has been detected in Apple iOS and iPadOS. This impacts an unknown function of the

  

CVE-2025-43802 | Liferay Portal/DXP API Endpoint externalReferenceCode cross site scripting

A vulnerability categorized as problematic has been discovered in Liferay Portal and DXP. This affects an unknown function of the

  

CVE-2025-43372 | Apple visionOS up to 18.4 Media File memory corruption

A vulnerability marked as critical has been reported in Apple visionOS up to 18.4. Affected by this vulnerability is an

  

CVE-2025-43372 | Apple tvOS up to 18.4 Media File memory corruption

A vulnerability labeled as critical has been found in Apple tvOS. Affected is an unknown function of the component Media

  

CVE-2025-43372 | Apple macOS up to 18.4 Media File memory corruption

A vulnerability classified as critical has been found in Apple macOS. This affects an unknown part of the component Media

  

CVE-2025-43372 | Apple watchOS up to 18.2 Media File memory corruption

A vulnerability described as critical has been identified in Apple watchOS. Affected by this issue is some unknown functionality of

  

CVE-2025-57118 | PHPGurukul Online Library Management System 3.0 index.php privilege escalation

A vulnerability classified as critical was found in PHPGurukul Online Library Management System 3.0. This vulnerability affects unknown code of

  

CVE-2025-43798 | Liferay DXP up to 7.3.10-u35/7.4.13-u92/2023.Q3.4/2023.Q4.0 One-Time Password missing critical step in authentication

A vulnerability, which was classified as problematic, has been found in Liferay DXP up to 7.3.10-u35/7.4.13-u92/2023.Q3.4/2023.Q4.0. This issue affects some

  

CVE-2025-6999 | WatchGuard Fireware OS up to 12.11.2 Request Parameter request smuggling (wgsa-2025-00014)

A vulnerability has been found in WatchGuard Fireware OS up to 12.11.2 and classified as critical. The affected element is

  

CVE-2025-57117 | Rems Employee Management System 1.0 Add Department department.php Department Name cross site scripting

A vulnerability, which was classified as problematic, was found in Rems Employee Management System 1.0. Impacted is an unknown function

  

CVE-2025-43370 | Apple Xcode up to 16.3 Path path traversal

A vulnerability was found in Apple Xcode and classified as critical. The impacted element is an unknown function of the

  

CVE-2025-43375 | Apple Xcode up to 16.3 Path denial of service

A vulnerability was found in Apple Xcode. It has been classified as problematic. This affects an unknown function of the

  

CVE-2025-43797 | Liferay Portal/DXP insecure default initialization of resource

A vulnerability was found in Liferay Portal and DXP. It has been declared as critical. This impacts an unknown function.

  

CVE-2025-43366 | Apple macOS up to 15.7 App out-of-bounds

A vulnerability was found in Apple macOS up to 15.7. It has been rated as problematic. Affected is an unknown

  

CVE-2025-43367 | Apple macOS up to 14.7 App information disclosure

A vulnerability identified as problematic has been detected in Apple macOS up to 14.7. Affected by this issue is some

  

CVE-2025-43362 | Apple iOS/iPadOS up to 18.6 App permission

A vulnerability categorized as critical has been discovered in Apple iOS and iPadOS up to 18.6. Affected by this vulnerability

  

CVE-2025-43369 | Apple macOS up to 15.7 symlink

A vulnerability labeled as critical has been found in Apple macOS up to 15.7. This affects an unknown part. The

  

CVE-2025-43371 | Apple Xcode up to 16.3 sandbox

A vulnerability marked as critical has been reported in Apple Xcode. This vulnerability affects unknown code. This manipulation causes sandbox

  

CVE-2025-6947 | WatchGuard Fireware OS up to 12.11.2 SIP Proxy cross site scripting (wgsa-2025-00012)

A vulnerability described as problematic has been identified in WatchGuard Fireware OS up to 12.11.2. This issue affects some unknown

Fedora 42: perl-Plack-Middleware-Session 2025-ca07c36a0a
  

Fedora 42: perl-Plack-Middleware-Session 2025-ca07c36a0a

This update upgrade the package to version 0.36. This version fixes CVE-2025-40923 by using Crypt::SysRandom to generate secure session IDs.LinuxSecurity

Fedora 42: perl-Catalyst-Plugin-Session 2025-90d5989bee
  

Fedora 42: perl-Catalyst-Plugin-Session 2025-90d5989bee

This update upgrade the package to version 0.44. This version fixes CVE-2025-40924 by using Crypt::SysRandom to generate properly random session

Fedora 42: perl-Catalyst-Authentication-Credential-HTTP 2025-d72429a1f8
  

Fedora 42: perl-Catalyst-Authentication-Credential-HTTP 2025-d72429a1f8

This update upgrade the package to version 1.019. This version fixes CVE-2025-40920 by using Crypt::SysRandom to generate nonces instead of

  

CVE-2025-59154 | igniterealtime Openfire up to 5.0.1 X509Certificate.getSubjectDN.getName authentication spoofing (GHSA-w252-645g-87mp)

A vulnerability was found in igniterealtime Openfire up to 5.0.1. It has been rated as critical. Affected by this issue

  

CVE-2025-43799 | Liferay Portal/DXP API default password

A vulnerability categorized as critical has been discovered in Liferay Portal and DXP. This affects an unknown part of the

  

CVE-2025-57176 | Ceragon/Siklu Etherhaul 8010TX/Etherhaul 1200FX up to 10.7.3 Rfpiped Service inadequate encryption

A vulnerability identified as problematic has been detected in Ceragon/Siklu Etherhaul 8010TX and Etherhaul 1200FX up to 10.7.3. This vulnerability

  

CVE-2025-59437 | fedorindutny ip up to 2.0.1 net::ERR_ADDRESS_INVALID server-side request forgery

A vulnerability labeled as critical has been found in fedorindutny ip up to 2.0.1. This issue affects the function net::ERR_ADDRESS_INVALID.

  

CVE-2025-59398 | EVerest libocpp up to 0.26.1 OCPP error condition (Issue 1152)

A vulnerability marked as problematic has been reported in EVerest libocpp up to 0.26.1. Impacted is an unknown function of

  

CVE-2025-56448 | Positron PX360BT 8 authentication replay

A vulnerability described as critical has been identified in Positron PX360BT 8. The affected element is an unknown function. Executing

  

CVE-2025-59332 | dolfinus 3DAlloy up to 1.8 on MediaWiki Custom Attributes cross site scripting (GHSA-f2rp-232x-mqrh)

A vulnerability classified as problematic has been found in dolfinus 3DAlloy up to 1.8 on MediaWiki. The impacted element is

  

CVE-2025-24133 | Apple iOS/iPadOS up to 18.7 Keyboard Suggestion information disclosure

A vulnerability classified as problematic was found in Apple iOS and iPadOS up to 18.7. This affects an unknown function

  

CVE-2025-31254 | Apple iOS/iPadOS up to 18.6 Web redirect

A vulnerability, which was classified as problematic, has been found in Apple iOS and iPadOS. This impacts an unknown function

  

CVE-2025-31254 | Apple Safari up to 18.4 Web redirect

A vulnerability, which was classified as problematic, was found in Apple Safari. Affected is an unknown function of the component

  

CVE-2025-59436 | fedorindutny ip up to 2.0.1 Incomplete Fix CVE-2024-29415 server-side request forgery

A vulnerability has been found in fedorindutny ip up to 2.0.1 and classified as critical. Affected by this vulnerability is

  

CVE-2025-31271 | Apple macOS up to 15.7 FaceTime Call state issue

A vulnerability was found in Apple macOS up to 15.7 and classified as problematic. Affected by this issue is some

  

CVE-2025-59453 | ClickStudios Passwordstate up to 9.8 Passwordstate Administration Section resource transfer

A vulnerability was found in ClickStudios Passwordstate up to 9.8. It has been classified as problematic. This affects an unknown

  

CVE-2025-43272 | Apple iOS/iPadOS up to 18.6 Web memory corruption

A vulnerability was found in Apple iOS and iPadOS. It has been declared as critical. This vulnerability affects unknown code

  

CVE-2025-43272 | Apple Safari up to 18.4 Web memory corruption

A vulnerability was found in Apple Safari. It has been rated as critical. This issue affects some unknown processing of

  

CVE-2025-43272 | Apple visionOS up to 18.4 Web memory corruption

A vulnerability categorized as critical has been discovered in Apple visionOS up to 18.4. Impacted is an unknown function of

  

CVE-2025-43272 | Apple watchOS up to 18.2 Web memory corruption

A vulnerability identified as critical has been detected in Apple watchOS. The affected element is an unknown function of the

  

CVE-2025-43272 | Apple macOS up to 18.4 Web memory corruption

A vulnerability labeled as critical has been found in Apple macOS. The impacted element is an unknown function of the

  

CVE-2025-59155 | yuna0x0 hackmd-mcp 1.4.x Model Context Protocol Query server-side request forgery (GHSA-g5cg-6c7v-mmpw)

A vulnerability marked as critical has been reported in yuna0x0 hackmd-mcp 1.4.x. This affects an unknown function of the component

  

CVE-2025-59140 | Qix node-backslash 0.2.1 malicious code (ID 1005)

A vulnerability described as critical has been identified in Qix node-backslash 0.2.1. This impacts an unknown function. The manipulation results

  

CVE-2025-59141 | Qix node-simple-swizzle 0.2.3 malicious code (ID 1005)

A vulnerability classified as critical has been found in Qix node-simple-swizzle 0.2.3. Affected is an unknown function. This manipulation causes

  

CVE-2025-59143 | Qix color 5.0.1 malicious code (ID 1005)

A vulnerability classified as critical was found in Qix color 5.0.1. Affected by this vulnerability is an unknown functionality. Such

  

CVE-2025-59144 | debug-js debug 4.4.2 malicious code (Bug 1005)

A vulnerability, which was classified as critical, has been found in debug-js debug 4.4.2. Affected by this issue is some

  

CVE-2025-59162 | Qix color-convert 3.1.1 malicious code (ID 1005)

A vulnerability, which was classified as critical, was found in Qix color-convert 3.1.1. This affects an unknown part. Executing manipulation

  

CVE-2025-59330 | Qix node-error-ex 1.3.3 malicious code (ID 1005)

A vulnerability has been found in Qix node-error-ex 1.3.3 and classified as critical. This vulnerability affects unknown code. The manipulation

  

CVE-2025-59331 | Qix node-is-arrayish 0.3.3 malicious code (ID 1005)

A vulnerability was found in Qix node-is-arrayish 0.3.3 and classified as critical. This issue affects some unknown processing. The manipulation

  

CVE-2025-59145 | colorjs color-name 2.0.1 malicious code (ID 1005)

A vulnerability was found in colorjs color-name 2.0.1. It has been classified as critical. Impacted is an unknown function. This

  

CVE-2025-43298 | Apple macOS up to 14.7/15.6 Directory Local Privilege Escalation

A vulnerability was found in Apple macOS up to 14.7/15.6. It has been declared as critical. The affected element is

  

CVE-2025-59142 | Qix color-string 2.1.1 malicious code (ID 1005)

A vulnerability was found in Qix color-string 2.1.1. It has been rated as critical. The impacted element is an unknown

  

CVE-2025-31255 | Apple macOS up to 18.4 App information disclosure

A vulnerability categorized as problematic has been discovered in Apple macOS. This affects an unknown function of the component App.

  

CVE-2025-31255 | Apple iOS/iPadOS up to 18.6 App information disclosure

A vulnerability identified as problematic has been detected in Apple iOS and iPadOS. This impacts an unknown function of the

  

CVE-2025-31255 | Apple tvOS up to 18.4 App information disclosure

A vulnerability labeled as problematic has been found in Apple tvOS. Affected is an unknown function of the component App.

  

CVE-2025-31255 | Apple watchOS up to 18.2 App information disclosure

A vulnerability marked as problematic has been reported in Apple watchOS. Affected by this vulnerability is an unknown functionality of

  

CVE-2025-31268 | Apple macOS up to 14.7/15.6 App permission

A vulnerability described as critical has been identified in Apple macOS up to 14.7/15.6. Affected by this issue is some

  

CVE-2025-43190 | Apple macOS up to 18.4 information disclosure

A vulnerability classified as problematic has been found in Apple macOS. This affects an unknown part. Performing manipulation results in

  

CVE-2025-43190 | Apple iOS/iPadOS up to 18.6 information disclosure

A vulnerability classified as problematic was found in Apple iOS and iPadOS. This vulnerability affects unknown code. Executing manipulation can

  

CVE-2025-43190 | Apple visionOS up to 18.4 information disclosure

A vulnerability, which was classified as problematic, has been found in Apple visionOS up to 18.4. This issue affects some

  

CVE-2025-43190 | Apple watchOS up to 18.2 information disclosure

A vulnerability, which was classified as problematic, was found in Apple watchOS. Impacted is an unknown function. The manipulation results

  

CVE-2025-43203 | Apple iOS/iPadOS up to 18.6 Locked Note information disclosure

A vulnerability has been found in Apple iOS and iPadOS up to 18.6 and classified as problematic. The affected element

  

CVE-2025-43285 | Apple macOS up to 14.7/15.6 permission

A vulnerability was found in Apple macOS up to 14.7/15.6 and classified as critical. The impacted element is an unknown

  

CVE-2025-43286 | Apple macOS up to 14.7/15.6 sandbox

A vulnerability was found in Apple macOS up to 14.7/15.6. It has been classified as critical. This affects an unknown

  

CVE-2025-43291 | Apple macOS up to 14.7/15.6 permission

A vulnerability was found in Apple macOS up to 14.7/15.6. It has been declared as critical. This impacts an unknown

Fedora 43: chromium 2025-fade46c641
  

Fedora 43: chromium 2025-fade46c641

Update to 140.0.7339.127 CVE-2025-10200: Use after free in Serviceworker CVE-2025-10201: Inappropriate implementation in MojoLinuxSecurity – Security AdvisoriesRead More

Fedora 43: cups 2025-3596273b51
  

Fedora 43: cups 2025-3596273b51

2.4.14 (fixes CVE-2025-58060 and CVE-2025-58364)LinuxSecurity – Security AdvisoriesRead More

Fedora 43: qemu 2025-b8b6acb283
  

Fedora 43: qemu 2025-b8b6acb283

Fix crash with spice GL (bz 2391334) Update to 10.1.0 GA release Automatic update for qemu-10.1.0-0.4.rc4.fc43.LinuxSecurity – Security AdvisoriesRead More

Fedora 43: exiv2 2025-c23727e694
  

Fedora 43: exiv2 2025-c23727e694

Exiv2 0.28.6 + patch to fix silent abi breakage Exiv2 v0.28.6 (Fixes two low severity CVEs)LinuxSecurity – Security AdvisoriesRead More

  

CVE-2023-53237 | Linux Kernel up to 6.1.28/6.2.15/6.3.2 amdgpu amdgpu_irq_put information disclosure

A vulnerability classified as problematic has been found in Linux Kernel up to 6.1.28/6.2.15/6.3.2. The affected element is the function

  

CVE-2023-53233 | Linux Kernel up to 5.10.175/5.15.103/6.1.20/6.2.7 smc cancel_delayed_work_syn deadlock

A vulnerability classified as critical was found in Linux Kernel up to 5.10.175/5.15.103/6.1.20/6.2.7. The impacted element is the function cancel_delayed_work_syn

  

CVE-2023-53239 | Linux Kernel up to 5.4.234/5.10.172/5.15.98/6.1.15/6.2.2 mdp5 null pointer dereference

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 5.4.234/5.10.172/5.15.98/6.1.15/6.2.2. This affects an unknown

  

CVE-2023-53238 | Linux Kernel up to 6.4.7 phy hisi_inno_phy_probe out-of-bounds write

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.4.7. This impacts the function hisi_inno_phy_probe

  

CVE-2022-50316 | Linux Kernel up to 6.0.15/6.1.1 Orangefs orangefs_sysfs_init memory leak

A vulnerability has been found in Linux Kernel up to 6.0.15/6.1.1 and classified as critical. Affected is the function orangefs_sysfs_init

  

CVE-2022-50317 | Linux Kernel up to 6.0.2 ge_b850v3_resgiter null pointer dereference

A vulnerability was found in Linux Kernel up to 6.0.2 and classified as critical. Affected by this vulnerability is the

  

CVE-2025-57248 | SumatraPDF 3.5.2 libmupdf.dll DataPool::has_data null pointer dereference (Issue 5035)

A vulnerability was found in SumatraPDF 3.5.2. It has been classified as problematic. Affected by this issue is the function

  

CVE-2022-50327 | Linux Kernel up to 5.4.296/5.10.240/5.15.189/6.0.15/6.1.1 ACPI acpi_fetch_acpi_dev null pointer dereference

A vulnerability was found in Linux Kernel up to 5.4.296/5.10.240/5.15.189/6.0.15/6.1.1. It has been declared as critical. This affects the function

  

CVE-2023-53234 | Linux Kernel up to 6.2.4 watchdog_cdev_register memory leak

A vulnerability was found in Linux Kernel up to 6.2.4. It has been rated as critical. This vulnerability affects the

  

CVE-2022-50331 | Linux Kernel up to 5.15.75/6.0.5 wwan_hwsim_dev_new memory leak

A vulnerability categorized as critical has been discovered in Linux Kernel up to 5.15.75/6.0.5. This issue affects the function wwan_hwsim_dev_new.

  

CVE-2022-50325 | Linux Kernel up to 6.0.15/6.1.1 ASoC memcpy_fromio buffer overflow

A vulnerability identified as critical has been detected in Linux Kernel up to 6.0.15/6.1.1. Impacted is the function memcpy_fromio of

  

CVE-2022-50320 | Linux Kernel up to 5.15.74/5.19.16/6.0.2 acpi_os_map_memory stack-based overflow

A vulnerability labeled as critical has been found in Linux Kernel up to 5.15.74/5.19.16/6.0.2. The affected element is the function

  

CVE-2025-58046 | Dataease up to 2.10.12 JDBC getJdbc deserialization (GHSA-mvwc-x8x9-46c3)

A vulnerability marked as critical has been reported in Dataease up to 2.10.12. The impacted element is the function getJdbc

  

CVE-2023-53236 | Linux Kernel up to 6.2.10 mm/gup.c try_grab_folio memory corruption

A vulnerability described as critical has been identified in Linux Kernel up to 6.2.10. This affects the function try_grab_folio of

  

CVE-2022-50328 | Linux Kernel up to 5.10.149/5.15.74/5.19.16/6.0.2 jbd2 jbd2_fc_wait_bufs use after free

A vulnerability classified as critical has been found in Linux Kernel up to 5.10.149/5.15.74/5.19.16/6.0.2. This impacts the function jbd2_fc_wait_bufs of

  

CVE-2023-53205 | Linux Kernel up to 5.15.120/6.1.38/6.4.3 KVM out-of-bounds

A vulnerability classified as critical was found in Linux Kernel up to 5.15.120/6.1.38/6.4.3. Affected is an unknown function of the

  

CVE-2022-50312 | Linux Kernel up to 6.0.2 drivers memory leak

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.0.2. Affected by this vulnerability

  

CVE-2025-58045 | Dataease up to 2.10.12 JDBC Connection rmi server-side request forgery (GHSA-fmq3-6xhc-r845)

A vulnerability, which was classified as critical, was found in Dataease up to 2.10.12. Affected by this issue is some

  

CVE-2025-43793 | Liferay Portal/DXP improper validation of specified quantity in input

A vulnerability has been found in Liferay Portal and DXP and classified as problematic. This affects an unknown part. Performing

  

CVE-2025-52053 | TOTOLINK X6000R 9.4.0cu.1360_B20241207 sub_417D74 file_name command injection

A vulnerability was found in TOTOLINK X6000R 9.4.0cu.1360_B20241207 and classified as critical. This vulnerability affects the function sub_417D74. Executing manipulation

  

CVE-2025-52048 | Frappe up to 14.96.9/15.71.x tag.py add_tag dt sql injection (GHSA-mggw-6xqj-rphj)

A vulnerability was found in Frappe up to 14.96.9/15.71.x. It has been classified as critical. This issue affects the function

  

CVE-2025-36082 | IBM OpenPages 9.0/9.1 web browser cache containing sensitive information

A vulnerability was found in IBM OpenPages 9.0/9.1. It has been declared as problematic. Impacted is an unknown function. The

  

CVE-2025-6202 | SK Hynix DDR5 denial of service

A vulnerability was found in SK Hynix DDR5. It has been rated as problematic. The affected element is an unknown

  

CVE-2025-10491 | MongoDB Server up to 6.0.24/7.0.20/8.0.4 on Windows MSI Installation access control

A vulnerability categorized as critical has been discovered in MongoDB Server up to 6.0.24/7.0.20/8.0.4 on Windows. The impacted element is