New openvpn packages are available for Slackware 15.0 and -current to fix security issues.LinuxSecurity – Security AdvisoriesRead More
Vulnerabilities
CVE-2025-63207 | RVR TEX TEXL-000400 /_Passwd.html access control
A vulnerability has been found in RVR TEX TEXL-000400 and classified as critical. This impacts an unknown function of the
CVE-2025-63209 | ELCA Star Transmitter Remote Control 1.25 /setup.xml information disclosure
A vulnerability was found in ELCA Star Transmitter Remote Control 1.25 and classified as problematic. Affected is an unknown function
CVE-2025-63210 | Newtec Celox UHD CELOXA504/Celox UHD CELOXA820 21.6.13 /celoxservice injection
A vulnerability was found in Newtec Celox UHD CELOXA504 and Celox UHD CELOXA820 21.6.13. It has been classified as problematic.
CVE-2025-64521 | goauthentik up to 2025.8.4/2025.10.1 client_id/client_secret authentication bypass by alternate name
A vulnerability was found in goauthentik authentik up to 2025.8.4/2025.10.1. It has been declared as problematic. Affected by this issue
CVE-2025-64708 | goauthentik up to 2025.8.4/2025.10.1 session expiration (GHSA-ch7q-53v8-73pc)
A vulnerability was found in goauthentik authentik up to 2025.8.4/2025.10.1. It has been rated as problematic. This affects an unknown
CVE-2025-63208 | Bridgetech VB288 Objective QoE Content Extractor 5.6.0-8 /probe/core/setup/passwd information disclosure
A vulnerability categorized as problematic has been discovered in Bridgetech VB288 Objective QoE Content Extractor 5.6.0-8. This vulnerability affects unknown
CVE-2025-65020 | lukevella rallly up to 4.5.3 polls.duplicate pollId improper authorization (GHSA-44w7-pf32-gv5m)
A vulnerability identified as critical has been detected in lukevella rallly up to 4.5.3. This issue affects some unknown processing
CVE-2025-65021 | lukevella rallly up to 4.5.3 pollId improper authorization (GHSA-x7w2-g548-4qg8)
A vulnerability labeled as critical has been found in lukevella rallly up to 4.5.3. Impacted is an unknown function. Executing
CVE-2025-65028 | lukevella rallly up to 4.5.3 participantId improper authorization (GHSA-pchc-v5hg-f5gp)
A vulnerability marked as critical has been reported in lukevella rallly up to 4.5.3. The affected element is an unknown
CVE-2025-65029 | lukevella rallly up to 4.5.3 Endpoint improper authorization (GHSA-f8jc-6746-ww95)
A vulnerability described as critical has been identified in lukevella rallly up to 4.5.3. The impacted element is an unknown
CVE-2025-65030 | lukevella rallly up to 4.5.3 Endpoint improper authorization (GHSA-4j32-25f9-qgfm)
A vulnerability classified as critical has been found in lukevella rallly up to 4.5.3. This affects an unknown function of
CVE-2025-65031 | lukevella rallly up to 4.5.3 Comment Creation Endpoint authorName improper authorization (GHSA-hhfc-6gq7-rrpm)
A vulnerability classified as critical was found in lukevella rallly up to 4.5.3. This impacts an unknown function of the
CVE-2025-65032 | lukevella rallly up to 4.5.3 participantId authorization (GHSA-q9m7-chfx-43xw)
A vulnerability, which was classified as problematic, has been found in lukevella rallly up to 4.5.3. Affected is an unknown
CVE-2025-13315 | Lynxtechnology Twonky Server 8.5.2 Web Service API unprotected alternate channel
A vulnerability, which was classified as critical, was found in Lynxtechnology Twonky Server 8.5.2. Affected by this vulnerability is an
CVE-2025-65089 | xwikisas xwiki-pro-macros up to 1.26.x authorization
A vulnerability has been found in xwikisas xwiki-pro-macros up to 1.26.x and classified as problematic. Affected by this issue is
CVE-2025-65033 | lukevella rallly up to 4.5.3 improper authorization (GHSA-4p93-v53r-vch3)
A vulnerability was found in lukevella rallly up to 4.5.3 and classified as critical. This affects an unknown part. The
CVE-2025-65034 | lukevella rallly up to 4.5.3 pollId authorization (GHSA-5fp2-pv2j-rqpc)
A vulnerability was found in lukevella rallly up to 4.5.3. It has been classified as problematic. This vulnerability affects unknown
CVE-2025-63205 | Bridgetech VB220/VB120/VB330/VB440 6.5.0-9 /probe/core/setup/passwd information disclosure
A vulnerability was found in Bridgetech VB220, VB120, VB330 and VB440 6.5.0-9. It has been declared as problematic. This issue
CVE-2025-13316 | Lynxtechnology Twonky Server 8.5.2 hard-coded key
A vulnerability was found in Lynxtechnology Twonky Server 8.5.2. It has been rated as problematic. Impacted is an unknown function.
CVE-2025-65025 | esm-dev esm.sh up to 135 CDN Service path traversal (GHSA-h3mw-4f23-gwpw)
A vulnerability categorized as critical has been discovered in esm-dev esm.sh up to 135. The affected element is an unknown
CVE-2025-65026 | esm-dev esm.sh up to 135 CDN Service module code injection (GHSA-hcpf-qv9m-vfgp)
A vulnerability identified as critical has been detected in esm-dev esm.sh up to 135. The impacted element is an unknown
CVE-2025-65095 | Lookyloo up to 1.35.0 cross site scripting (GHSA-m9g6-23c8-vrxf)
A vulnerability labeled as problematic has been found in Lookyloo up to 1.35.0. This affects an unknown function. The manipulation
CVE-2025-65099 | anthropics claude-code up to 1.0.38 Yarn code injection (GHSA-5hhx-v7f6-x7gv)
A vulnerability marked as critical has been reported in anthropics claude-code up to 1.0.38. This impacts an unknown function of
CVE-2025-63211 | Bridgetech VBC Server & Element Manager up to 6.5.0-10 userSetupDoc addName cross site scripting
A vulnerability described as problematic has been identified in Bridgetech VBC Server & Element Manager up to 6.5.0-10. Affected is
CVE-2025-63206 | Dasan DS2924 1.01.18/1.02.00 Web-based Interface privilege escalation
A vulnerability classified as critical has been found in Dasan DS2924 1.01.18/1.02.00. Affected by this vulnerability is an unknown functionality
CVE-2025-5092 | Gallery with Thumbnail Slider Plugin on WordPress LightGallery JavaScript Library cross site scripting
A vulnerability classified as problematic was found in Gallery with Thumbnail Slider Plugin on WordPress. Affected by this issue is
CVE-2025-5092 | Ibtana Plugin on WordPress LightGallery JavaScript Library cross site scripting
A vulnerability, which was classified as problematic, has been found in Ibtana Plugin on WordPress. This affects an unknown part
CVE-2025-5092 | Image Hover Effects Ultimate Plugin on WordPress LightGallery JavaScript Library cross site scripting
A vulnerability, which was classified as problematic, was found in Image Hover Effects Ultimate Plugin on WordPress. This vulnerability affects
CVE-2025-5092 | LightGallery WP Plugin on WordPress LightGallery JavaScript Library cross site scripting
A vulnerability has been found in LightGallery WP Plugin on WordPress and classified as problematic. This issue affects some unknown
CVE-2025-5092 | OnePress Plugin on WordPress LightGallery JavaScript Library cross site scripting
A vulnerability was found in OnePress Plugin on WordPress and classified as problematic. Impacted is an unknown function of the
CVE-2025-5092 | Grid KIT Portfolio Plugin on WordPress LightGallery JavaScript Library cross site scripting
A vulnerability was found in Grid KIT Portfolio Plugin on WordPress. It has been classified as problematic. The affected element
CVE-2025-5092 | Royal Addons for Elementor Plugin on WordPress LightGallery JavaScript Library cross site scripting
A vulnerability was found in Royal Addons for Elementor Plugin on WordPress. It has been declared as problematic. The impacted
CVE-2025-5092 | TP WooCommerce Product Gallery Plugin on WordPress LightGallery JavaScript Library cross site scripting
A vulnerability was found in TP WooCommerce Product Gallery Plugin on WordPress. It has been rated as problematic. This affects
CVE-2025-65100 | ilbers isar 0.11/0.11-rc1 ISAR_APT_SNAPSHOT_DATE protection mechanism
A vulnerability categorized as problematic has been discovered in ilbers isar 0.11/0.11-rc1. This impacts an unknown function. The manipulation of
CVE-2025-64759 | homarr-labs homarr up to 1.43.2 SVG File cross site scripting
A vulnerability identified as problematic has been detected in homarr-labs homarr up to 1.43.2. Affected is an unknown function of
CVE-2025-13442 | UTT 进取 750W up to 3.2.2-191225 /goform/formPdbUpConfig system policyNames command injection
A vulnerability labeled as critical has been found in UTT 进取 750W up to 3.2.2-191225. Affected by this vulnerability is
CVE-2025-10703 | Progress DataDirect Connect for JDBC for Amazon Redshift code injection
A vulnerability classified as critical has been found in Progress DataDirect Connect for JDBC for Amazon Redshift, DataDirect Connect for
CVE-2025-65022 | Portabilis i-Educar up to 2.10.0 agenda.php cod_agenda sql injection (GHSA-4hrj-5gwx-r4w4)
A vulnerability classified as critical was found in Portabilis i-Educar up to 2.10.0. Affected by this vulnerability is an unknown
CVE-2025-10702 | Progress DataDirect Connect for JDBC for Amazon Redshift up to 6.0.0.001392 code injection
A vulnerability, which was classified as critical, has been found in Progress DataDirect Connect for JDBC for Amazon Redshift, DataDirect
CVE-2025-65023 | Portabilis i-Educar up to 2.10.0 funcionario_vinculo_cad.php cod_funcionario_vinculo sql injection (GHSA-8rv6-x8h9-fjfc)
A vulnerability, which was classified as critical, was found in Portabilis i-Educar up to 2.10.0. This affects an unknown part
CVE-2025-65024 | Portabilis i-Educar up to 2.10.0 agenda_admin_cad.php cod_agenda sql injection (GHSA-6c8p-xqcv-rghx)
A vulnerability has been found in Portabilis i-Educar up to 2.10.0 and classified as critical. This vulnerability affects unknown code
CVE-2025-63879 | E-commerce Project up to 1.0 /ecommerce/products.php ID cross site scripting
A vulnerability was found in E-commerce Project up to 1.0 and classified as problematic. This issue affects some unknown processing
CVE-2025-63220 | Sound4 FIRST Firmware manual.sh injection
A vulnerability was found in Sound4 FIRST. It has been classified as critical. Impacted is an unknown function of the
CVE-2025-63223 | Axel StreamerMAX MK II up to 1.0.3 /cgi-bin/gstFcgi.fcgi access control
A vulnerability was found in Axel StreamerMAX MK II up to 1.0.3. It has been declared as critical. The affected
CVE-2025-63221 | Axel Puma up to 1.0.3 /cgi-bin/gstFcgi.fcgi access control
A vulnerability was found in Axel Puma up to 1.0.3. It has been rated as critical. The impacted element is
CVE-2025-63219 | ITEL ISO FM SFN Adapter 2.0.0.0 /home.html user session
A vulnerability categorized as critical has been discovered in ITEL ISO FM SFN Adapter 2.0.0.0. This affects an unknown function
CVE-2025-63224 | Itel DAB Encoder 25aec8d improper authentication
A vulnerability identified as critical has been detected in Itel DAB Encoder 25aec8d. This impacts an unknown function. The manipulation
CVE-2025-12766 | BlackBerry AtHoc 7.21 Management Console authorization
A vulnerability labeled as problematic has been found in BlackBerry AtHoc 7.21. Affected is an unknown function of the component
CVE-2025-63878 | Restaurant Website Restoran 1.0 Contact Form Page sql injection
A vulnerability marked as critical has been reported in Restaurant Website Restoran 1.0. Affected by this vulnerability is an unknown
CVE-2025-34337 | eGovFramework egovframe-common-components up to 4.3.1 Image Upload Endpoint /utl/wed/insertImage.do data authenticity
A vulnerability described as problematic has been identified in eGovFramework egovframe-common-components up to 4.3.1. Affected by this issue is some
CVE-2025-34332 | AudioCodes Fax Server/Auto-Attendant IVR up to 2.6.23 Windows Service ajaxPost.php system default permission
A vulnerability classified as critical has been found in AudioCodes Fax Server and Auto-Attendant IVR up to 2.6.23. This affects
CVE-2025-34331 | AudioCodes Fax Server/Auto-Attendant IVR up to 2.6.23 Endpoint download.php path/filename missing authentication
A vulnerability classified as critical was found in AudioCodes Fax Server and Auto-Attendant IVR up to 2.6.23. This vulnerability affects
CVE-2025-34329 | AudioCodes Fax Server/Auto-Attendant IVR up to 2.6.23 Web Interface ajaxBackupUploadFile.php unrestricted upload
A vulnerability, which was classified as critical, has been found in AudioCodes Fax Server and Auto-Attendant IVR up to 2.6.23.
CVE-2025-34328 | AudioCodes Fax Server/Auto-Attendant IVR up to 2.6.23 on Windows ajaxScript.php unrestricted upload
A vulnerability, which was classified as critical, was found in AudioCodes Fax Server and Auto-Attendant IVR up to 2.6.23 on
CVE-2025-34330 | AudioCodes Fax Server/Auto-Attendant IVR up to 2.6.23 ajaxPromptUploadFile.php unrestricted upload
A vulnerability has been found in AudioCodes Fax Server and Auto-Attendant IVR up to 2.6.23 and classified as critical. The
CVE-2025-34335 | AudioCodes Fax Server/Auto-Attendant IVR up to 2.6.23 License Upload Interface ActivateLicense.php os command injection
A vulnerability was found in AudioCodes Fax Server and Auto-Attendant IVR up to 2.6.23 and classified as critical. The impacted
CVE-2025-34334 | AudioCodes Fax Server/Auto-Attendant IVR up to 2.6.23 Fax Test Interface TestFax.php os command injection
A vulnerability was found in AudioCodes Fax Server and Auto-Attendant IVR up to 2.6.23. It has been classified as critical.
CVE-2025-34336 | eGovFramework egovframe-common-components up to 4.3.1 /utl/wed/insertImage.do unrestricted upload
A vulnerability was found in eGovFramework egovframe-common-components up to 4.3.1. It has been declared as critical. This impacts an unknown
CVE-2025-34333 | AudioCodes Fax Server/Auto-Attendant IVR up to 2.6.23 HTTP Request default permission
A vulnerability was found in AudioCodes Fax Server and Auto-Attendant IVR up to 2.6.23. It has been rated as critical.
CVE-2025-12743 | Google Looker up to 25.13 schemas sql injection (gcp-2025-052)
A vulnerability categorized as critical has been discovered in Google Looker up to 25.13. Affected by this vulnerability is an
CVE-2025-64765 | withastro up to 5.15.7 decodeURI path traversal
A vulnerability identified as critical has been detected in withastro astro up to 5.15.7. Affected by this issue is the
CVE-2025-64757 | withastro up to 5.14.2 Image Optimization Endpoint path traversal
A vulnerability labeled as critical has been found in withastro astro up to 5.14.2. This affects an unknown part of
CVE-2025-64764 | withastro up to 5.15.7 cross site scripting
A vulnerability marked as problematic has been reported in withastro astro up to 5.15.7. This vulnerability affects unknown code. Performing
CVE-2025-65019 | withastro up to 5.15.8 Image Optimization Endpoint isRemoteAllowed cross site scripting
A vulnerability described as problematic has been identified in withastro astro up to 5.15.8. This issue affects the function isRemoteAllowed
CVE-2025-12778 | Ultimate Member Widgets for Elementor Plugin up to 2.3 on WordPress handle_filter_users authorization
A vulnerability classified as problematic has been found in Ultimate Member Widgets for Elementor Plugin up to 2.3 on WordPress.
CVE-2025-13433 | Muse Group MuseHub 2.1.0.1567 Windows Service Muse.Updater.exe unquoted search path
A vulnerability classified as problematic was found in Muse Group MuseHub 2.1.0.1567. The affected element is an unknown function of
CVE-2025-13434 | jameschz Hush Framework 2.0 HTTP Host Header Util.php $_SERVER[‘HOST’] http headers for scripting syntax
A vulnerability, which was classified as problematic, has been found in jameschz Hush Framework 2.0. The impacted element is an
CVE-2025-13435 | Dreampie Resty up to 1.3.1.SNAPSHOT HttpClient HttpClient.java request filename path traversal
A vulnerability, which was classified as critical, was found in Dreampie Resty up to 1.3.1.SNAPSHOT. This affects the function Request
CVE-2025-13410 | Campcodes Retro Basketball Shoes Online Store 1.0 /admin/receipt.php tid sql injection
A vulnerability, which was classified as critical, was found in Campcodes Retro Basketball Shoes Online Store 1.0. Affected is an
CVE-2025-13411 | Campcodes Retro Basketball Shoes Online Store 1.0 admin_football.php product_image unrestricted upload
A vulnerability has been found in Campcodes Retro Basketball Shoes Online Store 1.0 and classified as critical. Affected by this
CVE-2025-13412 | Campcodes Retro Basketball Shoes Online Store 1.0 /admin/admin_running.php product_name cross site scripting
A vulnerability was found in Campcodes Retro Basketball Shoes Online Store 1.0 and classified as problematic. Affected by this issue
CVE-2025-13415 | icret EasyImages up to 2.8.6 SVG Image /app/upload.php File cross site scripting (Issue 260)
A vulnerability was found in icret EasyImages up to 2.8.6. It has been classified as problematic. This affects an unknown
CVE-2025-63243 | Pixeon WebLaudos 25.1 URL loginAlterarSenha.asp sle_sSenha cross site scripting
A vulnerability was found in Pixeon WebLaudos 25.1. It has been declared as problematic. This vulnerability affects unknown code of
CVE-2025-13420 | itsourcecode Human Resource Management System 1.0 EventStore.php eventSubject sql injection
A vulnerability was found in itsourcecode Human Resource Management System 1.0. It has been rated as critical. This issue affects
CVE-2025-13421 | itsourcecode Human Resource Management System 1.0 NoticeStore.php noticeDesc sql injection
A vulnerability categorized as critical has been discovered in itsourcecode Human Resource Management System 1.0. Impacted is an unknown function
CVE-2025-13422 | freeprojectscodes Sports Club Management System 1.0 change_s_pwd.php login_id sql injection
A vulnerability identified as critical has been detected in freeprojectscodes Sports Club Management System 1.0. The affected element is an
CVE-2025-13423 | Campcodes Retro Basketball Shoes Online Store 1.0 /admin/admin_product.php product_image unrestricted upload
A vulnerability labeled as critical has been found in Campcodes Retro Basketball Shoes Online Store 1.0. The impacted element is
CVE-2025-13424 | Campcodes Supplier Management System 1.0 /admin/add_product.php txtProductName sql injection
A vulnerability marked as critical has been reported in Campcodes Supplier Management System 1.0. This affects an unknown function of
CVE-2025-63218 | Axel WOLF1MS/WOLF2MS up to 1.0.3 /cgi-bin/gstFcgi.fcgi access control
A vulnerability described as critical has been identified in Axel WOLF1MS and WOLF2MS up to 1.0.3. This impacts an unknown
CVE-2025-12472 | Google Looker up to 25.10.21 race condition (gcp-2025-052)
A vulnerability identified as critical has been detected in Google Looker up to 25.10.21. This vulnerability affects unknown code. This
CVE-2025-10437 | Eksagate Webpack Management System up to 20251119 sql injection
A vulnerability labeled as critical has been found in Eksagate Webpack Management System up to 20251119. This issue affects some
CVE-2025-12592 | Vivotek FD7131-VVTK up to 0500b default credentials
A vulnerability marked as very critical has been reported in Vivotek FD7131-VVTK, FD7131-VVTK, FD7141-VVTK, IP7131-VVTK, IP7133-VVTK, IP7134-VVTK, IP7135-VVTK, IP7137-VVTK, IP7138-VVTK,
CVE-2024-8527 | Automated Logic WebCTRL up to 9.0 URL Parameter redirect
A vulnerability described as problematic has been identified in Automated Logic WebCTRL up to 9.0. The affected element is an
CVE-2025-0421 | Shopside up to 05022025 ui layer
A vulnerability classified as problematic has been found in Shopside up to 05022025. The impacted element is an unknown function.
CVE-2024-8528 | Automated Logic WebCTRL up to 9.0 GET Parameter cross site scripting
A vulnerability classified as problematic was found in Automated Logic WebCTRL up to 9.0. This affects an unknown function of
CVE-2025-11963 | Saysis StarCities up to 1.1.60 cross site scripting
A vulnerability, which was classified as problematic, has been found in Saysis StarCities up to 1.1.60. This impacts an unknown
CVE-2025-13400 | Tenda CH22 1.0.0.1 /goform/WrlExtraGet formWrlExtraGet chkHz buffer overflow
A vulnerability was found in Tenda CH22 1.0.0.1. It has been classified as critical. Affected is the function formWrlExtraGet of
CVE-2025-11446 | upKeeper Solutions upKeeper Manager up to 5.2.11 log file
A vulnerability was found in upKeeper Solutions upKeeper Manager up to 5.2.11. It has been declared as problematic. Affected by
CVE-2025-58412 | Fortinet FortiADC up to 7.2.8/7.4.9/7.6.3/8.0.0 cross site scripting (FG-IR-25-736)
A vulnerability was found in Fortinet FortiADC up to 7.2.8/7.4.9/7.6.3/8.0.0. It has been rated as problematic. Affected by this issue
CVE-2025-64408 | Apache Causeway up to 3.4.0/4.0.0-M1 URL Parameter deserialization
A vulnerability categorized as critical has been discovered in Apache Causeway up to 3.4.0/4.0.0-M1. This affects an unknown part of
CVE-2025-13397 | mrubyc up to 3.4 src/alloc.c mrbc_raw_realloc ptr null pointer dereference (Issue 244)
A vulnerability was found in mrubyc up to 3.4 and classified as problematic. This impacts the function mrbc_raw_realloc of the
CVE-2025-13396 | code-projects Courier Management System 1.0 /add-office.php OfficeName sql injection
A vulnerability has been found in code-projects Courier Management System 1.0 and classified as critical. This affects an unknown function
Mageia 9: Flatpak Critical Access Issue Advisory MGASA-2025-0303
MGASA-2025-0303 – Updated flatpak & bubblewrap packages fix security vulnerabilityLinuxSecurity – Security AdvisoriesRead More
Mageia 9: CUPS-Filters Critical Heap Overflow Fix MGASA-2025-0304
MGASA-2025-0304 – Updated cups-filters packages fix security vulnerabilitiesLinuxSecurity – Security AdvisoriesRead More
Mageia 9: Thunderbird Important Race Condition Spoofing MGASA-2025-0305
MGASA-2025-0305 – Updated thunderbird packages fix security vulnerabilitiesLinuxSecurity – Security AdvisoriesRead More
CVE-2025-13051 | ASUSTOR ABP/AES uncontrolled search path
A vulnerability categorized as problematic has been discovered in ASUSTOR ABP and AES. Affected is an unknown function. Executing manipulation
CVE-2025-12119 | MongoDB C Driver/PHP Driver mongoc_bulk_operation_t expired pointer dereference
A vulnerability identified as problematic has been detected in MongoDB C Driver and PHP Driver. Affected by this vulnerability is
CVE-2025-12852 | NEC RakurakuMusen Start EX uncontrolled search path
A vulnerability labeled as problematic has been found in NEC RakurakuMusen Start EX. Affected by this issue is some unknown
CVE-2025-13225 | Tanium TanOS prior 1.8.4.0229/1.8.5.0262 denial of service (TAN-2025-036)
A vulnerability marked as problematic has been reported in Tanium TanOS. This affects an unknown part. This manipulation causes denial
CVE-2025-13206 | GiveWP Plugin up to 4.13.0 on WordPress Name cross site scripting
A vulnerability described as problematic has been identified in GiveWP Plugin up to 4.13.0 on WordPress. This vulnerability affects unknown