Az amerikai CISA szerint több kiberszereplő is aktívan használ kereskedelmi kémprogramokat mobil üzenetküldő alkalmazások felhasználóinak megcélzására. Ezek a kiberszereplők kifinomult
Vulnerabilities
CVE-2025-51743 | jishenghua JSH_ERP 2.3.1 fastjson addMaterialCategory deserialization
A vulnerability was found in jishenghua JSH_ERP 2.3.1 and classified as critical. This issue affects some unknown processing of the
CVE-2025-51746 | jishenghua JSH_ERP 2.3.1 fastjson addSerialNumber deserialization
A vulnerability was found in jishenghua JSH_ERP 2.3.1. It has been classified as critical. Impacted is an unknown function of
CVE-2025-51745 | jishenghua JSH_ERP 2.3.1 fastjson /role/addcan deserialization
A vulnerability was found in jishenghua JSH_ERP 2.3.1. It has been declared as critical. The affected element is an unknown
CVE-2025-51744 | jishenghua JSH_ERP 2.3.1 fastjson /user/addUser deserialization
A vulnerability was found in jishenghua JSH_ERP 2.3.1. It has been rated as critical. The impacted element is an unknown
CVE-2025-66258 | DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000 XML File cross site scripting
A vulnerability categorized as problematic has been discovered in DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000. This affects
CVE-2025-64983 | SwitchBot Smart Video Doorbell up to 2.01.77 Telnet debug code
A vulnerability identified as critical has been detected in SwitchBot Smart Video Doorbell up to 2.01.77. This impacts an unknown
CVE-2025-66264 | MegaTec ClientMate 6.2.2 CMService.exe unquoted search path
A vulnerability labeled as problematic has been found in MegaTec ClientMate 6.2.2. Affected is an unknown function of the file
CVE-2025-65956 | getformwork up to 2.1.x cross site scripting (GHSA-7j46-f57w-76pj)
A vulnerability marked as problematic has been reported in getformwork formwork up to 2.1.x. Affected by this vulnerability is an
CVE-2025-63735 | Ruckus Unleashed 200.13.6.1.319 guestAccessSubmit.jsp Name cross site scripting
A vulnerability described as problematic has been identified in Ruckus Unleashed 200.13.6.1.319. Affected by this issue is some unknown functionality
CVE-2025-65942 | VictoriaMetrics up to 1.110.22/1.122.7/1.129.0 allocation of resources (GHSA-66jq-2c23-2xh5)
A vulnerability classified as problematic has been found in VictoriaMetrics up to 1.110.22/1.122.7/1.129.0. This affects an unknown part. This manipulation
CVE-2025-9557 | zephyrproject-rtos Zephyr up to 4.2 buffer overflow
A vulnerability classified as critical was found in zephyrproject-rtos Zephyr up to 4.2. This vulnerability affects unknown code. Such manipulation
CVE-2025-9558 | zephyrproject-rtos Zephyr up to 4.2 pb_adv.c gen_prov_start buffer overflow
A vulnerability, which was classified as critical, has been found in zephyrproject-rtos Zephyr up to 4.2. This issue affects the
CVE-2025-55174 | KDE Skanpage up to 25.07.x QIODevice::ReadWrite incorrect provision of specified functionality
A vulnerability, which was classified as problematic, was found in KDE Skanpage up to 25.07.x. Impacted is the function QIODevice::ReadWrite.
CVE-2025-65952 | iiDk-the-actual Console up to 2.7.x path traversal (GHSA-c3f7-xh45-2xc7)
A vulnerability has been found in iiDk-the-actual Console up to 2.7.x and classified as critical. The affected element is an
CVE-2025-64704 | bytecodealliance wasm-micro-runtime up to 2.4.3 unusual condition (GHSA-2f2p-wf5w-82qr)
A vulnerability was found in bytecodealliance wasm-micro-runtime up to 2.4.3 and classified as problematic. The impacted element is an unknown
CVE-2025-64713 | bytecodealliance wasm-micro-runtime up to 2.4.3 memory corruption (GHSA-gvx3-gg3x-rjcx)
A vulnerability was found in bytecodealliance wasm-micro-runtime up to 2.4.3. It has been classified as critical. This affects an unknown
CVE-2025-21621 | GeoServer up to 2.24.x SLD_BODY cross site scripting (GHSA-w66h-j855-qr72)
A vulnerability was found in GeoServer up to 2.24.x. It has been declared as problematic. This impacts an unknown function.
CVE-2025-9191 | Houzez Plugin up to 4.1.6 on WordPress Saved Search saved-search-item.php deserialization
A vulnerability was found in Houzez Plugin up to 4.1.6 on WordPress. It has been rated as critical. Affected is
CVE-2025-9163 | Houzez Plugin up to 4.1.6 on WordPress SVG File houzez_property_img_upload cross site scripting
A vulnerability categorized as problematic has been discovered in Houzez Plugin up to 4.1.6 on WordPress. Affected by this vulnerability
CVE-2025-13698 | Deciso OPNsense diag_backup.php path traversal (ZDI-25-1022)
A vulnerability identified as critical has been detected in Deciso OPNsense. Affected by this issue is some unknown functionality of
CVE-2025-13084 | Opto 22 groov View exposure of sensitive information through metadata (icsa-25-329-04)
A vulnerability labeled as critical has been found in Opto 22 groov View. This affects an unknown part. The manipulation
CVE-2025-64126 | Zenitel TCIV-3+ prior 9.3.3.0 os command injection (icsa-25-329-03)
A vulnerability marked as critical has been reported in Zenitel TCIV-3+. This vulnerability affects unknown code. This manipulation causes os
CVE-2025-64127 | Zenitel TCIV-3+ prior 9.3.3.0 os command injection (icsa-25-329-03)
A vulnerability described as critical has been identified in Zenitel TCIV-3+. This issue affects some unknown processing. Such manipulation leads
CVE-2025-64128 | Zenitel TCIV-3+ prior 9.3.3.0 os command injection (icsa-25-329-03)
A vulnerability classified as critical has been found in Zenitel TCIV-3+. Impacted is an unknown function. Performing manipulation results in
CVE-2025-64129 | Zenitel TCIV-3+ prior 9.3.3.0 out-of-bounds write (icsa-25-329-03)
A vulnerability classified as critical was found in Zenitel TCIV-3+. The affected element is an unknown function. Executing manipulation can
CVE-2025-64130 | Zenitel TCIV-3+ prior 9.3.3.0 cross site scripting (icsa-25-329-03)
A vulnerability, which was classified as problematic, has been found in Zenitel TCIV-3+. The impacted element is an unknown function.
CVE-2025-59390 | Apache Druid up to 34.0.0 Kerberos cryptographic issues
A vulnerability, which was classified as problematic, was found in Apache Druid up to 34.0.0. This affects an unknown function
CVE-2025-66260 | DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000 status_sql.php pg_escape_string sw1/sw2 sql injection
A vulnerability categorized as critical has been discovered in DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000. Affected is
CVE-2025-66253 | DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000 start_upgrade.php exec filename os command injection
A vulnerability identified as critical has been detected in DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000. Affected by
CVE-2025-66259 | DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000 main_ok.php data/hour/time os command injection
A vulnerability labeled as critical has been found in DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000. Affected by
CVE-2025-66255 | DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000 Firmware Upgrade Endpoint upgrade_contents.php unrestricted upload
A vulnerability marked as critical has been reported in DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000. This affects
CVE-2025-62703 | fugue-project fugue up to 0.9.2 fugue/rpc/flask.py _decode deserialization (GHSA-xv5p-fjw5-vrj6)
A vulnerability described as very critical has been identified in fugue-project fugue up to 0.9.2. This vulnerability affects the function
CVE-2025-66252 | DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000 Immutable File unlink infinite loop
A vulnerability classified as problematic has been found in DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000. This issue
CVE-2025-66250 | DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000 status_contents.php unrestricted upload
A vulnerability classified as critical was found in DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000. Impacted is an
SUSE: Kernel Important Bluetooth Disconnect Risk CVE-2023-53673 2025:4237-1
* bsc#1251983 Cross-References: * CVE-2023-53673LinuxSecurity – Security AdvisoriesRead More
SUSE: wget Low Directory Traversal CVE-2025-11564 Advisory 2025:4237-2
* bsc#1253757 Cross-References: * CVE-2025-11563LinuxSecurity – Security AdvisoriesRead More
openSUSE: Kernel Important Bluetooth Disconnect Callback CVE-2023-53673
An update that solves one vulnerability can now be installed.LinuxSecurity – Security AdvisoriesRead More
Debian: pdfminer Critical CVE-2025-64512 Code Execution Risk Advisory
A vulnerability was discovered in pdfminer, a tool for extracting information from PDF documents, which may result in the execution
Mageia 9: webkit2 Important Remote Access Issues MGASA-2025-0313
MGASA-2025-0313 – Updated webkit2 packages fix security vulnerabilitiesLinuxSecurity – Security AdvisoriesRead More
openSUSE: curl Moderate Security Update CVE-2025-11563 SUSE-SU-2025:4236-1
An update that solves one vulnerability can now be installed.LinuxSecurity – Security AdvisoriesRead More
openSUSE: buildah Important DoS Fix SUSE-SU-2025:4229-1 CVE-2025-47913
An update that solves one vulnerability can now be installed.LinuxSecurity – Security AdvisoriesRead More
openSUSE: Crucial Privilege Escalation Patch CVE-2025-11561 2025:4231-1
An update that solves one vulnerability and has one security fix can now be installed.LinuxSecurity – Security AdvisoriesRead More
SUSE: sssd Important Security Fix for Privilege Escalation CVE-2025-11561
* bsc#1244325 * bsc#1251827 Cross-References: * CVE-2025-11561LinuxSecurity – Security AdvisoriesRead More
SUSE: sssd Important Privilege Escalation Risk CVE-2025-11561 2025:4232-1
* bsc#1244325 * bsc#1251827 Cross-References: * CVE-2025-11561LinuxSecurity – Security AdvisoriesRead More
SUSE: Kernel Important Security Patch for Multiple Issues 2025:4230-1
* bsc#1242882 * bsc#1245778 * bsc#1251983 Cross-References:LinuxSecurity – Security AdvisoriesRead More
SUSE: Buildah Important Execution Issue CVE-2025-47913 Advisory 2025:4229-1
* bsc#1253598 Cross-References: * CVE-2025-47913LinuxSecurity – Security AdvisoriesRead More
Oracle Linux 8: ELSA-2025-21917 Kernel Moderate Update DoS Risks
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:LinuxSecurity – Security AdvisoriesRead More
Oracle Linux 8: ELSA-2025-21977 libssh Important Buffer Overflow Fix
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:LinuxSecurity – Security AdvisoriesRead More
CVE-2025-64050 | Redaxo CMS 5.20.0 Template Management code injection
A vulnerability classified as critical has been found in Redaxo CMS 5.20.0. The affected element is an unknown function of
CVE-2025-36134 | IBM Sterling B2B Integrator/Sterling File Gateway up to 6.1.2.7/6.2.0.5/6.2.1.1 sensitive cookie with improper samesite attribute
A vulnerability classified as problematic was found in IBM Sterling B2B Integrator and Sterling File Gateway up to 6.1.2.7/6.2.0.5/6.2.1.1. The
CVE-2025-65084 | Ashlar-Vellum Cobalt/Xenon/Argon/Lithium/Cobalt Share up to 12.6.1204.207 out-of-bounds write (icsa-25-329-01)
A vulnerability, which was classified as critical, has been found in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium and Cobalt Share up
CVE-2025-65085 | Ashlar-Vellum Cobalt/Xenon/Argon/Lithium/Cobalt Share up to 12.6.1204.207 heap-based overflow (icsa-25-329-01)
A vulnerability, which was classified as critical, was found in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium and Cobalt Share up to
CVE-2025-63729 | Syrotech SY-GPON-1110-WDONT SYRO_3.7L_3.1.02-240517 information disclosure
A vulnerability has been found in Syrotech SY-GPON-1110-WDONT SYRO_3.7L_3.1.02-240517 and classified as problematic. Affected is an unknown function. The manipulation
CVE-2025-64061 | Primakon Pi Portal 1.0.18 /api/v2/users improper authorization
A vulnerability was found in Primakon Pi Portal 1.0.18 and classified as problematic. Affected by this vulnerability is an unknown
CVE-2025-13483 | SiRcom SMART Alert SiSA 3.0.48 Backend API missing authentication (icsa-25-329-06)
A vulnerability was found in SiRcom SMART Alert SiSA 3.0.48. It has been classified as critical. Affected by this issue
CVE-2025-64066 | Primakon Pi Portal 1.0.18 REST Endpoint /api/v2/user/register improper authorization
A vulnerability was found in Primakon Pi Portal 1.0.18. It has been declared as critical. This affects an unknown part
CVE-2025-40890 | Nozomi Guardian/CMC up to 25.3.x Dashboards cross site scripting
A vulnerability was found in Nozomi Guardian and CMC up to 25.3.x. It has been rated as problematic. This vulnerability
CVE-2025-0248 | HCL iNotes cross site scripting (KB0127032)
A vulnerability categorized as problematic has been discovered in HCL iNotes. This issue affects some unknown processing. Executing manipulation can
CVE-2025-60739 | Ilevia EVE X1 Server /bh_web_backend cross-site request forgery
A vulnerability identified as problematic has been detected in Ilevia EVE X1 Server. Impacted is an unknown function of the
CVE-2025-64049 | Redaxo CMS 5.20.0 Module Management cross site scripting
A vulnerability labeled as problematic has been found in Redaxo CMS 5.20.0. The affected element is an unknown function of
CVE-2025-33198 | NVIDIA DGX Spark GB10 SROOT Firmware sensitive information in resource not removed before reuse
A vulnerability marked as problematic has been reported in NVIDIA DGX Spark GB10. The impacted element is an unknown function
CVE-2025-33200 | NVIDIA DGX Spark GB10 SROOT Firmware sensitive information in resource not removed before reuse
A vulnerability described as problematic has been identified in NVIDIA DGX Spark GB10. This affects an unknown function of the
CVE-2025-33204 | NVIDIA NeMo Framework NLP/LLM code injection
A vulnerability classified as critical has been found in NVIDIA NeMo Framework. This impacts an unknown function of the component
CVE-2025-64063 | Primakon Pi Portal 1.0.18 API Endpoint direct request
A vulnerability classified as critical was found in Primakon Pi Portal 1.0.18. Affected is an unknown function of the component
CVE-2025-64065 | Primakon Pi Portal 1.0.18 /api/V2/pp_udfv_admin access control
A vulnerability, which was classified as critical, has been found in Primakon Pi Portal 1.0.18. Affected by this vulnerability is
CVE-2025-33197 | NVIDIA DGX Spark GB10 SROOT Firmware null pointer dereference
A vulnerability, which was classified as problematic, was found in NVIDIA DGX Spark GB10. Affected by this issue is some
CVE-2025-33199 | NVIDIA DGX Spark GB10 SROOT Firmware control flow
A vulnerability has been found in NVIDIA DGX Spark GB10 and classified as problematic. This affects an unknown part of
CVE-2025-33205 | NVIDIA NeMo Framework inclusion of functionality from untrusted control sphere
A vulnerability was found in NVIDIA NeMo Framework and classified as critical. This vulnerability affects unknown code. Such manipulation leads
CVE-2025-64064 | Primakon Pi Portal 1.0.18 PATCH Request /api/v2/pp_users PP_SECURITY_PROFILE_ID access control
A vulnerability was found in Primakon Pi Portal 1.0.18. It has been classified as critical. This issue affects some unknown
CVE-2025-33203 | NVIDIA NeMo Agent ToolKit UI for Web API Endpoint server-side request forgery
A vulnerability was found in NVIDIA NeMo Agent ToolKit UI for Web. It has been declared as critical. Impacted is
CVE-2025-33189 | NVIDIA DGX Spark GB10 SROOT Firmware out-of-bounds write
A vulnerability was found in NVIDIA DGX Spark GB10. It has been rated as critical. The affected element is an
CVE-2025-61167 | SIGB PMB 8.0.1.14 ajax_selector.php id/datas sql injection
A vulnerability categorized as critical has been discovered in SIGB PMB 8.0.1.14. The impacted element is an unknown function of
CVE-2025-33187 | NVIDIA DGX Spark GB10 SROOT Firmware privileges management
A vulnerability identified as critical has been detected in NVIDIA DGX Spark GB10. This affects an unknown function of the
CVE-2025-33196 | NVIDIA DGX Spark GB10 SROOT Firmware sensitive information in resource not removed before reuse
A vulnerability labeled as problematic has been found in NVIDIA DGX Spark GB10. This impacts an unknown function of the
CVE-2025-64067 | Primakon Primakon Pi Portal 1.0.18 API Endpoint user_id/project_id information disclosure
A vulnerability marked as problematic has been reported in Primakon Primakon Pi Portal 1.0.18. Affected is an unknown function of
CVE-2025-33188 | NVIDIA DGX Spark GB10 privileges management
A vulnerability described as critical has been identified in NVIDIA DGX Spark GB10. Affected by this vulnerability is an unknown
CVE-2025-33190 | NVIDIA DGX Spark GB10 SROOT Firmware out-of-bounds write
A vulnerability classified as critical has been found in NVIDIA DGX Spark GB10. Affected by this issue is some unknown
CVE-2025-33193 | NVIDIA DGX Spark GB10 SROOT Firmware integrity check
A vulnerability classified as problematic was found in NVIDIA DGX Spark GB10. This affects an unknown part of the component
CVE-2025-33194 | NVIDIA DGX Spark GB10 SROOT Firmware incorrect behavior order: validate before canonicalize
A vulnerability, which was classified as problematic, has been found in NVIDIA DGX Spark GB10. This vulnerability affects unknown code
CVE-2025-33195 | NVIDIA DGX Spark GB10 SROOT Firmware memory corruption
A vulnerability, which was classified as critical, was found in NVIDIA DGX Spark GB10. This issue affects some unknown processing
CVE-2025-33191 | NVIDIA DGX Spark GB10 SROOT Firmware denial of service
A vulnerability has been found in NVIDIA DGX Spark GB10 and classified as problematic. Impacted is an unknown function of
CVE-2025-33192 | NVIDIA DGX Spark GB10 SROOT Firmware unchecked return value to null pointer dereference
A vulnerability was found in NVIDIA DGX Spark GB10 and classified as problematic. The affected element is an unknown function
CVE-2025-64062 | Primakon Pi Portal 1.0.18 /api/V2/pp_users?email improper authentication
A vulnerability was found in Primakon Pi Portal 1.0.18. It has been classified as critical. The impacted element is an
CVE-2025-61168 | SIGB PMB 8.0.1.14 cms_rest.php deserialization
A vulnerability was found in SIGB PMB 8.0.1.14. It has been declared as critical. This affects an unknown function of
CVE-2025-65960 | Contao CMS up to 4.13.56/5.3.41/5.6.4 Template::once Required type distinction
A vulnerability was found in Contao CMS up to 4.13.56/5.3.41/5.6.4. It has been rated as problematic. This impacts the function
SUSE: Moderate Update for govulncheck-vulndb – 2025:4220-1 Released
* jsc#PED-11136 Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6LinuxSecurity – Security AdvisoriesRead More
Fedora: secfix-check-security Moderate Patch 2025:6789-1
An update that contains one feature can now be installed.LinuxSecurity – Security AdvisoriesRead More
openSUSE 15.3/15.6: Python39 Low Severity Issues Resolved 2025:4221-1
An update that solves two vulnerabilities can now be installed.LinuxSecurity – Security AdvisoriesRead More
openSUSE Leap 15.3: SUSE-SU-2025:4221-1 Low Threat Fix for python39
* bsc#1251305 * bsc#1252974 Cross-References: * CVE-2025-6075LinuxSecurity – Security AdvisoriesRead More
UBUNTU: Critical Spoofing Vulnerability Mitigation 2025:3333-2
* bsc#1252379 * bsc#1252380 Cross-References: * CVE-2025-40778LinuxSecurity – Security AdvisoriesRead More
Critical Linux Kernel Issues Impacting Raspberry Pi on Ubuntu 24.04 LTS
Several security issues were fixed in the Linux kernel.LinuxSecurity – Security AdvisoriesRead More
CVE-2025-13595 | CIBELES AI Plugin up to 1.10.8 on WordPress actualizador_git.php unrestricted upload
A vulnerability marked as critical has been reported in CIBELES AI Plugin up to 1.10.8 on WordPress. This issue affects
CVE-2025-13597 | AI Feeds Plugin up to 1.0.11 on WordPress actualizador_git.php unrestricted upload
A vulnerability described as critical has been identified in AI Feeds Plugin up to 1.0.11 on WordPress. Impacted is an
CVE-2025-59369 | ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102 bwdpi sql injection
A vulnerability was found in ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102 and classified as critical. This affects an unknown function of the component
CVE-2025-59370 | ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102 bwdpi os command injection
A vulnerability was found in ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102. It has been classified as critical. This impacts an unknown function of
CVE-2025-59371 | ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102 IFTTT random values
A vulnerability was found in ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102. It has been declared as critical. Affected is an unknown function of
CVE-2025-59372 | ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102 path traversal
A vulnerability was found in ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102. It has been rated as critical. Affected by this vulnerability is an
CVE-2025-59365 | ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102 stack-based overflow
A vulnerability categorized as critical has been discovered in ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102. Affected by this issue is some unknown functionality.
CVE-2025-59366 | ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102 AiCloud path traversal
A vulnerability identified as critical has been detected in ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102. This affects an unknown part of the component
CVE-2025-59368 | ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102 AiCloud integer underflow
A vulnerability labeled as critical has been found in ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102. This vulnerability affects unknown code of the component