An update that fixes one vulnerability is now available.LinuxSecurity – Security AdvisoriesRead More
Vulnerabilities
CVE-2025-62353 | Windsurf IDE path traversal
A vulnerability classified as critical has been found in Windsurf IDE. The impacted element is an unknown function. Performing manipulation
CVE-2025-58747 | langgenius dify up to 1.9.1 MCP OAuth authorization_url cross site scripting
A vulnerability classified as problematic was found in langgenius dify up to 1.9.1. This affects an unknown function of the
CVE-2025-26625 | Git LFS up to 3.7.0 link following
A vulnerability, which was classified as critical, has been found in Git LFS up to 3.7.0. This impacts an unknown
CVE-2025-49655 | Keras up to 3.11.2 TorchModuleWrapper deserialization
A vulnerability, which was classified as critical, was found in Keras up to 3.11.2. Affected is the function TorchModuleWrapper. The
CVE-2025-60279 | Illia Cloud illia-Builder up to 4.8.4 API server-side request forgery
A vulnerability has been found in Illia Cloud illia-Builder up to 4.8.4 and classified as problematic. Affected by this vulnerability
CVE-2025-62356 | Qodo Gen IDE path traversal
A vulnerability was found in Qodo Gen IDE and classified as critical. Affected by this issue is some unknown functionality.
CVE-2025-48087 | Jason C. Memberlite Shortcodes Plugin up to 1.4.1 on WordPress cross site scripting
A vulnerability was found in Jason C. Memberlite Shortcodes Plugin up to 1.4.1 on WordPress. It has been classified as
CVE-2025-60361 | Radare2 up to 5.9.8 bochs_open memory leak
A vulnerability was found in Radare2 up to 5.9.8. It has been declared as problematic. This vulnerability affects the function
openSUSE: pgadmin4 Important COOP Vulnerability Fix 2025:03625-1
An update that solves one vulnerability can now be installed.LinuxSecurity – Security AdvisoriesRead More
openSUSE 15.3: Kernel Important Security Fixes for 84 Issues – 2025:03626-1
An update that solves 84 vulnerabilities and has 15 security fixes can now be installed.LinuxSecurity – Security AdvisoriesRead More
openSUSE: expat Important Memory Amplification Issue Advisory 2025:03624-1
An update that solves one vulnerability can now be installed.LinuxSecurity – Security AdvisoriesRead More
openSUSE: pgadmin4 Important Cross-Origin Security Fix CVE-2025-9636
* bsc#1249151 Cross-References: * CVE-2025-9636LinuxSecurity – Security AdvisoriesRead More
Debian 11: Firefox-ESR Critical Issues Addressed DLA-4335-1 CVE-2025-11708
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of
SUSE: expat Important Memory Amplification Vulnerability CVE-2025-59375
* bsc#1249584 Cross-References: * CVE-2025-59375LinuxSecurity – Security AdvisoriesRead More
CVE-2025-11908 | Shenzhen Ruiming Technology Streamax Crocus 1.3.40 FileDir.do?Action=Upload uploadFile unrestricted upload
A vulnerability, which was classified as critical, has been found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The affected element
CVE-2025-11909 | Shenzhen Ruiming Technology Streamax Crocus 1.3.40 RepairRecord.do?Action=QueryLast queryLast orderField sql injection
A vulnerability, which was classified as critical, was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The impacted element is
CVE-2025-11910 | Shenzhen Ruiming Technology Streamax Crocus 1.3.40 MemoryState.do?Action=Query query orderField sql injection
A vulnerability has been found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40 and classified as critical. This affects the function
CVE-2025-11911 | Shenzhen Ruiming Technology Streamax Crocus 1.3.40 DeviceFault.do?Action=Query sortField sql injection
A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40 and classified as critical. This impacts the function Query
CVE-2025-11912 | Shenzhen Ruiming Technology Streamax Crocus 1.3.40 DeviceState.do?Action=Query orderField sql injection
A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. It has been classified as critical. Affected is the
CVE-2025-11913 | Shenzhen Ruiming Technology Streamax Crocus 1.3.40 Service.do?Action=Download download Path path traversal
A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. It has been declared as critical. Affected by this
CVE-2025-11914 | Shenzhen Ruiming Technology Streamax Crocus 1.3.40 DeviceFileReport.do?Action=Download download FilePath path traversal
A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. It has been rated as critical. Affected by this
CVE-2023-28815 | Hikvision iSecure Center command injection
A vulnerability classified as critical was found in Hikvision iSecure Center. Impacted is an unknown function. Such manipulation leads to
CVE-2023-28814 | Hikvision iSecure Center File unrestricted upload
A vulnerability classified as critical has been found in Hikvision iSecure Center. This issue affects some unknown processing of the
Mageia 9: Varnish Important DoS Threat MGASA-2025-0239 CVE-2025-8671
MGASA-2025-0239 – Updated varnish & lighttpd packages fix security vulnerabilityLinuxSecurity – Security AdvisoriesRead More
CVE-2025-55087 | Eclipse NextX Duo up to 6.4.3 snmp Addon improper validation of specified index, position, or offset in input (GHSA-v474-mv4g-v8cx)
A vulnerability categorized as critical has been discovered in Eclipse NextX Duo up to 6.4.3. Affected is an unknown function
CVE-2025-11902 | yanyutao0402 ChanCMS up to 3.3.2 /cms/article/findField cid sql injection
A vulnerability identified as critical has been detected in yanyutao0402 ChanCMS up to 3.3.2. Affected by this vulnerability is the
CVE-2025-11903 | yanyutao0402 ChanCMS up to 3.3.2 /cms/article/update cid sql injection
A vulnerability labeled as critical has been found in yanyutao0402 ChanCMS up to 3.3.2. Affected by this issue is the
CVE-2025-11904 | yanyutao0402 ChanCMS up to 3.3.2 /cms/model/hasUse ID sql injection
A vulnerability marked as critical has been reported in yanyutao0402 ChanCMS up to 3.3.2. This affects the function hasUse of
CVE-2025-11905 | yanyutao0402 ChanCMS up to 3.3.2 gather.js getArticle code injection
A vulnerability described as critical has been identified in yanyutao0402 ChanCMS up to 3.3.2. This vulnerability affects the function getArticle
Ubuntu 20.04 LTS: MuPDF Critical Memory Issues Denial of Service USN-7825-1
Several security issues were fixed in MuPDF.LinuxSecurity – Security AdvisoriesRead More
CVE-2024-42192 | HCL Traveler for Microsoft Outlook 3.0.14 insufficiently protected credentials (KB0124066)
A vulnerability classified as problematic has been found in HCL Traveler for Microsoft Outlook 3.0.14. This impacts an unknown function.
CVE-2025-6894 | Moxa OnCell G4302-LTE4 unnecessary privileges
A vulnerability classified as critical was found in Moxa EDR-G9010, EDR-8010, EDF-G1002-BP, TN-4900, NAT-102, NAT-108 and OnCell G4302-LTE4. Affected is
CVE-2025-6892 | Moxa OnCell G4302-LTE4 API Endpoint authorization
A vulnerability, which was classified as very critical, has been found in Moxa EDR-G9010, EDR-8010, EDF-G1002-BP, TN-4900, NAT-102, NAT-108 and
CVE-2025-62506 | MinIO up to RELEASE.2025-04-03T14-56-28Z Security Token Service authorization (GHSA-jjjj-jwhf-8rgr)
A vulnerability, which was classified as critical, was found in MinIO. Affected by this issue is some unknown functionality of
CVE-2025-11898 | Flowring Agentflow 4.0 path traversal
A vulnerability has been found in Flowring Agentflow 4.0 and classified as problematic. This affects an unknown part. This manipulation
CVE-2025-11899 | Flowring Agentflow 4.0 hard-coded key
A vulnerability was found in Flowring Agentflow 4.0 and classified as critical. This vulnerability affects unknown code. Such manipulation leads
CVE-2025-11849 | Mammoth up to 1.10.x /dev/random path traversal (SNYK-JS-MAMMOTH-13554470)
A vulnerability was found in Mammoth up to 1.10.x. It has been classified as critical. This issue affects some unknown
CVE-2025-6949 | Moxa OnCell G4302-LTE4 unnecessary privileges
A vulnerability was found in Moxa EDR-G9010, EDR-8010, EDF-G1002-BP, TN-4900, NAT-102, NAT-108 and OnCell G4302-LTE4. It has been declared as
CVE-2025-6950 | Moxa OnCell G4302-LTE4 hard-coded credentials
A vulnerability was found in Moxa EDR-G9010, EDR-8010, EDF-G1002-BP, TN-4900, NAT-102, NAT-108 and OnCell G4302-LTE4. It has been rated as
CVE-2025-6893 | Moxa OnCell G4302-LTE4 /api/v1/setting/data unnecessary privileges
A vulnerability categorized as very critical has been discovered in Moxa EDR-G9010, EDR-8010, EDF-G1002-BP, TN-4900, NAT-102, NAT-108 and OnCell G4302-LTE4.
CVE-2025-55092 | Eclipse NetX Duo up to 6.4.3 Networking Support _nx_ipv4_option_process out-of-bounds (GHSA-vwh7-h99r-fvwq)
A vulnerability identified as problematic has been detected in Eclipse NetX Duo up to 6.4.3. This affects the function _nx_ipv4_option_process
CVE-2025-55093 | Eclipse NetX Duo up to 6.4.3 Networking Support _nx_ipv4_packet_receive buffer over-read (GHSA-c9pq-93jp-w649)
A vulnerability labeled as critical has been found in Eclipse NetX Duo up to 6.4.3. This impacts the function _nx_ipv4_packet_receive
CVE-2025-55097 | Eclipse USBX up to 6.4.2 USB Support _ux_host_class_audio_streaming_sampling_get out-of-bounds
A vulnerability marked as problematic has been reported in Eclipse USBX up to 6.4.2. Affected is the function _ux_host_class_audio_streaming_sampling_get of
CVE-2025-55098 | Eclipse USBX up to 6.4.2 USB Support _ux_host_class_audio_device_type_get out-of-bounds
A vulnerability described as problematic has been identified in Eclipse USBX up to 6.4.2. Affected by this vulnerability is the
CVE-2025-55099 | Eclipse USBX up to 6.4.2 USB Support _ux_host_class_audio_alternate_setting_locate frequency out-of-bounds
A vulnerability classified as problematic has been found in Eclipse USBX up to 6.4.2. Affected by this issue is the
CVE-2025-55096 | Eclipse NetX Duo up to 6.4.2 USB Support _ux_host_class_hid_report_descriptor_get integer underflow
A vulnerability classified as problematic was found in Eclipse NetX Duo up to 6.4.2. This affects the function _ux_host_class_hid_report_descriptor_get of
CVE-2025-55100 | Eclipse USBX up to 6.4.2 USB Support _ux_host_class_audio10_sam_parse_func out-of-bounds
A vulnerability, which was classified as problematic, has been found in Eclipse USBX up to 6.4.2. This vulnerability affects the
CVE-2025-11900 | HGiga iSherlock os command injection
A vulnerability, which was classified as critical, was found in HGiga iSherlock. This issue affects some unknown processing. Such manipulation
CVE-2025-62504 | Envoy up to 1.33.11/1.34.9/1.35.5/1.36.1 per_connection_buffer_limit_bytes use after free (GHSA-gcxr-6vrp-wff3)
A vulnerability has been found in Envoy up to 1.33.11/1.34.9/1.35.5/1.36.1 and classified as critical. Impacted is the function per_connection_buffer_limit_bytes. Performing
CVE-2025-55094 | Eclipse NetX Duo up to 6.4.3 Networking Support _nx_icmpv6_validate_options out-of-bounds
A vulnerability was found in Eclipse NetX Duo up to 6.4.3 and classified as problematic. The affected element is the
CVE-2025-60358 | Radare2 up to 5.9.8 _load_relocations memory leak
A vulnerability was found in Radare2 up to 5.9.8. It has been classified as problematic. The impacted element is the
CVE-2025-11896 | Xpdf up to 4.05 UseCMap recursion
A vulnerability was found in Xpdf up to 4.05. It has been declared as problematic. This affects the function UseCMap.
CVE-2025-11895 | Binary MLM Plan Plugin up to 3.0 on WordPress Shortcode /bmp-account-detail/ bmp_user_payout_detail_of_current_user ID resource injection
A vulnerability was found in Binary MLM Plan Plugin up to 3.0 on WordPress. It has been rated as critical.
Debian 11: DLA-4334-1 pgpool2 Important Auth Bypass CVE-2025-46801
An authentication bypass was found in n pgpool-II, the connection pool server and replication proxy for PostgreSQL. For Debian 11
openSUSE Tumbleweed: python311-ldap Moderate Security Update 2025:15637-1
An update that solves 2 vulnerabilities can now be installed.LinuxSecurity – Security AdvisoriesRead More
CVE-2025-60641 | Vfront 0.99.52 mexcel.php mexcel deserialization
A vulnerability categorized as problematic has been discovered in Vfront 0.99.52. The affected element is an unknown function of the
CVE-2025-36128 | IBM MQ 9.1/9.2/9.3/9.4 Slowloris release of resource
A vulnerability identified as critical has been detected in IBM MQ 9.1/9.2/9.3/9.4. The impacted element is an unknown function. The
CVE-2025-61924 | PrestaShopCorp ps_checkout Module up to 4.4.0/5.0.4 on PrestaShop array_search incomplete blacklist (GHSA-wvpg-4wrh-5889)
A vulnerability labeled as critical has been found in PrestaShopCorp ps_checkout Module up to 4.4.0/5.0.4 on PrestaShop. This affects the
CVE-2025-34513 | Ilevia Srl. EVE X1 Server up to 4.7.18.0 mbus_build_from_csv.php os command injection
A vulnerability marked as critical has been reported in Ilevia Srl. EVE X1 Server up to 4.7.18.0. This impacts an
CVE-2025-62423 | MacWarrior clipbucket-v5 up to 5.5.2 login_as_user.php sql injection (GHSA-3wpr-jprj-52fc)
A vulnerability described as critical has been identified in MacWarrior clipbucket-v5 up to 5.5.2. Affected is an unknown function of
CVE-2025-34514 | Ilevia EVE X1 Server up to 4.7.18.0 exec os command injection
A vulnerability classified as critical has been found in Ilevia EVE X1 Server up to 4.7.18.0. Affected by this vulnerability
CVE-2025-34517 | Ilevia EVE X1 Server up to 4.7.18.0 get_file_content.php path traversal
A vulnerability classified as critical was found in Ilevia EVE X1 Server up to 4.7.18.0. Affected by this issue is
CVE-2025-34518 | Ilevia EVE X1 Server up to 4.7.18.0 get_file_content.php path traversal
A vulnerability, which was classified as critical, has been found in Ilevia EVE X1 Server up to 4.7.18.0. This affects
CVE-2025-58051 | Nextcloud Tables up to 0.7.5/0.8.7/0.9.4 behavioral workflow (GHSA-wpp5-4w35-pxq6)
A vulnerability, which was classified as problematic, was found in Nextcloud Tables up to 0.7.5/0.8.7/0.9.4. This vulnerability affects unknown code.
CVE-2025-61909 | Icinga icinga2 up to 2.13.12/2.14.6/2.15.0 PID File Parser unnecessary privileges (ID 10527)
A vulnerability has been found in Icinga icinga2 up to 2.13.12/2.14.6/2.15.0 and classified as problematic. This issue affects some unknown
CVE-2025-61330 | H3C Magic Telnet Service /etc/shadow weak password
A vulnerability was found in H3C Magic and classified as critical. Impacted is an unknown function of the file /etc/shadow
CVE-2025-62416 | Bagisto up to 2.3.7 Product Description code injection (GHSA-527q-4wqv-g9wj)
A vulnerability was found in Bagisto up to 2.3.7. It has been classified as critical. The affected element is an
CVE-2025-61907 | Icinga icinga2 up to 2.13.12/2.14.6/2.15.0 Global Variable /v1/objects information disclosure (GHSA-gg32-w9rm-vp2v)
A vulnerability was found in Icinga icinga2 up to 2.13.12/2.14.6/2.15.0. It has been declared as problematic. The impacted element is
CVE-2025-34512 | Ilevia EVE X1 Server up to 4.7.18.0 index.php cross site scripting
A vulnerability was found in Ilevia EVE X1 Server up to 4.7.18.0. It has been rated as problematic. This affects
CVE-2025-60855 | Reolink Video Doorbell WiFi DB_566128M5MP_W signature verification
A vulnerability categorized as critical has been discovered in Reolink Video Doorbell WiFi DB_566128M5MP_W. This impacts an unknown function. The
CVE-2025-11493 | ConnectWise Automate code download
A vulnerability identified as critical has been detected in ConnectWise Automate. Affected is an unknown function. This manipulation causes download
CVE-2025-62417 | Bagisto up to 2.3.7 csv injection (GHSA-jqrp-58fv-w8cq)
A vulnerability labeled as critical has been found in Bagisto up to 2.3.7. Affected by this vulnerability is an unknown
CVE-2025-34255 | D-Link Nuclias Connect up to 1.3.1.4 Forgot Password data.exist observable response discrepancy
A vulnerability marked as problematic has been reported in D-Link Nuclias Connect up to 1.3.1.4. Affected by this issue is
CVE-2025-34254 | D-Link Nuclias Connect up to 1.3.1.4 error.message observable response discrepancy
A vulnerability described as problematic has been identified in D-Link Nuclias Connect up to 1.3.1.4. This affects an unknown part.
CVE-2025-61908 | Icinga icinga2 up to 2.13.12/2.14.6/2.15.0 API Endpoint null pointer dereference (GHSA-v9jg-xqhj-f43g)
A vulnerability classified as problematic has been found in Icinga icinga2 up to 2.13.12/2.14.6/2.15.0. This vulnerability affects unknown code of
CVE-2025-62409 | Envoy up to 1.33.9/1.34.8/1.35.4/1.36.0 null pointer dereference (GHSA-pq33-4jxh-hgm3)
A vulnerability classified as problematic was found in Envoy up to 1.33.9/1.34.8/1.35.4/1.36.0. This issue affects some unknown processing. The manipulation
CVE-2025-61923 | PrestaShopCorp ps_checkout Module up to 4.4.0/5.0.4 on PrestaShop path traversal (GHSA-fpxp-pfqm-x54w)
A vulnerability, which was classified as critical, has been found in PrestaShopCorp ps_checkout Module up to 4.4.0/5.0.4 on PrestaShop. Impacted
CVE-2025-34515 | Ilevia EVE X1 Server up to 4.7.18.0 sync_project.sh unnecessary privileges
A vulnerability, which was classified as very critical, was found in Ilevia EVE X1 Server up to 4.7.18.0. The affected
CVE-2025-34516 | Ilevia EVE X1 Server up to 4.7.18.0 default credentials
A vulnerability has been found in Ilevia EVE X1 Server up to 4.7.18.0 and classified as very critical. The impacted
CVE-2025-34519 | Ilevia EVE X1 Server up to 4.7.18.0 risky encryption
A vulnerability was found in Ilevia EVE X1 Server up to 4.7.18.0 and classified as problematic. This affects an unknown
CVE-2025-62415 | Bagisto up to 2.3.7 TinyMCE Image Upload cross site scripting (GHSA-67px-r26w-598x)
A vulnerability was found in Bagisto up to 2.3.7. It has been classified as problematic. This impacts an unknown function
CVE-2025-62418 | Bagisto up to 2.3.7 TinyMCE Image Upload cross site scripting (GHSA-fg89-g389-p346)
A vulnerability was found in Bagisto up to 2.3.7. It has been declared as problematic. Affected is an unknown function
CVE-2025-11492 | ConnectWise Automate up to 2022.11 cleartext transmission
A vulnerability was found in ConnectWise Automate. It has been rated as problematic. Affected by this vulnerability is an unknown
CVE-2025-61789 | Icinga icingadb-web up to 1.1.3/1.2.2 observable response discrepancy (GHSA-w57j-28jc-8429)
A vulnerability categorized as problematic has been discovered in Icinga icingadb-web up to 1.1.3/1.2.2. Affected by this issue is some
CVE-2025-61922 | PrestaShopCorp ps_checkout Module up to 4.4.0/5.0.4 on PrestaShop Express Checkout improper authentication (GHSA-54hq-mf6h-48xh)
A vulnerability identified as critical has been detected in PrestaShopCorp ps_checkout Module up to 4.4.0/5.0.4 on PrestaShop. This affects an
CVE-2025-62425 | element-hq matrix-authentication-service up to 1.4.0 unverified password change (GHSA-6wfp-jq3r-j9xh)
A vulnerability labeled as critical has been found in element-hq matrix-authentication-service up to 1.4.0. This vulnerability affects unknown code. Executing
CVE-2025-62412 | LibreNMS up to 25.9.x Alert Rules Page cross site scripting (GHSA-6g2v-66ch-6xmh)
A vulnerability marked as problematic has been reported in LibreNMS up to 25.9.x. This issue affects some unknown processing of
CVE-2025-61554 | BitVisor VirtIO Network Device Emulation denial of service
A vulnerability described as problematic has been identified in BitVisor. Impacted is an unknown function of the component VirtIO Network
CVE-2025-61553 | BitVisor VirtIO Network Device Emulation out-of-bounds write (ID 48090711)
A vulnerability classified as critical has been found in BitVisor. The affected element is an unknown function of the component
CVE-2025-62407 | Frappe up to 14.97.x/15.82.x redirect (GHSA-j9jr-qrpj-g855)
A vulnerability classified as problematic was found in Frappe up to 14.97.x/15.82.x. The impacted element is an unknown function. Such
CVE-2025-62427 | angular-cli up to 19.2.17/20.3.5/21.0.0-next.7 createRequestUrl server-side request forgery (GHSA-q63q-pgmf-mxhr)
A vulnerability, which was classified as critical, has been found in angular-cli up to 19.2.17/20.3.5/21.0.0-next.7. This affects the function createRequestUrl.
CVE-2025-62428 | Drawing-Captcha-APP prior 1.2.5-alpha-patch Header /register Host redirect (ID 30)
A vulnerability, which was classified as problematic, was found in Drawing-Captcha-APP. This impacts an unknown function of the file /register
CVE-2025-61514 | SageMath CoCalc SVG File Parser unrestricted upload
A vulnerability has been found in SageMath CoCalc and classified as critical. Affected is an unknown function of the component
CVE-2025-62586 | OPEXUS FOIAXpress 11.1.0/11.12.3.0/11.13.1.0 missing authentication
A vulnerability was found in OPEXUS FOIAXpress 11.1.0/11.12.3.0/11.13.1.0 and classified as critical. Affected by this vulnerability is an unknown functionality.
CVE-2025-60639 | gsigel14 Atlas-EPIC 2025-05-26 hard-coded credentials
A vulnerability was found in gsigel14 Atlas-EPIC 2025-05-26. It has been classified as critical. Affected by this issue is some
CVE-2025-62413 | emqx MQTTX 1.12.0 MQTT cross site scripting (GHSA-29gf-9r9v-j4m3)
A vulnerability was found in emqx MQTTX 1.12.0. It has been declared as problematic. This affects an unknown part of
CVE-2025-62414 | Bagisto up to 2.3.7 Create New Customer cross site scripting (GHSA-r9xj-mvqf-jm7w)
A vulnerability was found in Bagisto up to 2.3.7. It has been rated as problematic. This vulnerability affects unknown code
CVE-2025-62411 | LibreNMS up to 25.9.x Alert Rules Page cross site scripting (GHSA-frc6-pwgr-c28w)
A vulnerability categorized as problematic has been discovered in LibreNMS up to 25.9.x. This issue affects some unknown processing of
CVE-2025-34253 | D-Link Nuclias Connect up to 1.3.1.4 Network cross site scripting
A vulnerability identified as problematic has been detected in D-Link Nuclias Connect up to 1.3.1.4. Impacted is an unknown function.
CVE-2025-11465 | Ashlar-Vellum Cobalt CO File Parser use after free
A vulnerability labeled as critical has been found in Ashlar-Vellum Cobalt. The affected element is an unknown function of the