Trustwave warns the new group aims to spread fear and extort companies for big payouts.SCM feed for Endpoint/Device SecurityRead More
Vulnerabilities
Fedora 42: Qt5 QtWebEngine Critical Bugfix Update 2025-976ccd79ae
Qt 5.15.18 bugfix release. Qt5 WebEngine update to 5.15.19.LinuxSecurity – Security AdvisoriesRead More
Fedora 42: qt5-qtwebview Important Bugfix 2025-976ccd79ae
Qt 5.15.18 bugfix release. Qt5 WebEngine update to 5.15.19.LinuxSecurity – Security AdvisoriesRead More
Fedora 42 qt5-qtwebsockets Bugfix Update: FEDORA-2025-976ccd79ae
Qt 5.15.18 bugfix release. Qt5 WebEngine update to 5.15.19.LinuxSecurity – Security AdvisoriesRead More
Fedora 42: qt5-qtx11extras 5.15.18 Bugfix Update FEDORA-2025-976ccd79ae
Qt 5.15.18 bugfix release. Qt5 WebEngine update to 5.15.19.LinuxSecurity – Security AdvisoriesRead More
Fedora 42: qt5-qtwebkit Bugfix Update FEDORA-2025-976ccd79ae
Qt 5.15.18 bugfix release. Qt5 WebEngine update to 5.15.19.LinuxSecurity – Security AdvisoriesRead More
Mageia 9: Microcode Important AMD Signature Verification CVE-2024-36347
MGASA-2025-0258 – Updated microcode packages fix security vulnerabilityLinuxSecurity – Security AdvisoriesRead More
Mageia 9: net-tools Critical Buffer Overflow Vulnerability MGASA-2025-0259
MGASA-2025-0259 – Updated net-tools packages fix security vulnerabilityLinuxSecurity – Security AdvisoriesRead More
Debian LTS: Unbound Critical Cache Poisoning Vulnerability DLA-4365-1
Yuxiao Wu, Yunyi Zhang, Baojun Liu and Haixin Duan discovered that unbound, a validating, recursive, and caching DNS resolver, was
Mageia 9: libsoup3 Critical DoS Heap Overflow Issues MGASA-2025-0261
MGASA-2025-0261 – Updated libsoup3 & libsoup packages fix security vulnerabilitiesLinuxSecurity – Security AdvisoriesRead More
Mageia 9: MediaWiki Critical XSS Denial of Service Fix MGASA-2025-0260
MGASA-2025-0260 – Updated mediawiki packages fix security vulnerabilitiesLinuxSecurity – Security AdvisoriesRead More
Mageia 9: binutils Important Memory Corruption Issues MGASA-2025-0262
MGASA-2025-0262 – Updated binutils packages fix security vulnerabilitiesLinuxSecurity – Security AdvisoriesRead More
CVE-2025-64164 | Dataease up to 2.10.14 JNDI deserialization (GHSA-q754-4pc2-wjqw)
A vulnerability identified as critical has been detected in Dataease up to 2.10.14. This affects an unknown part of the
CVE-2025-60784 | XiaozhangBang Voluntary Like System 8.8 Pay Module /topfirst.php zhekou improper authorization
A vulnerability labeled as critical has been found in XiaozhangBang Voluntary Like System 8.8. This vulnerability affects unknown code of
CVE-2025-64163 | DataEase up to 2.10.14 server-side request forgery (GHSA-8397-v66p-539m)
A vulnerability marked as critical has been reported in DataEase up to 2.10.14. This issue affects some unknown processing. Performing
CVE-2025-55278 | HCL DevOps Loop 1.0.2 API Authentication Middleware session expiration (KB0124203)
A vulnerability described as critical has been identified in HCL DevOps Loop 1.0.2. Impacted is an unknown function of the
CVE-2025-64171 | 3scale-sre marin3r up to 0.13.3 DiscoveryServiceCertificate authorization (GHSA-gf93-xccm-5g6j)
A vulnerability classified as problematic has been found in 3scale-sre marin3r up to 0.13.3. The affected element is an unknown
CVE-2025-12779 | Amazon WorkSpaces Client up to 2024.8 on Linux Authentication Token exposure of sensitive system information to an unauthorized control sphere (AWS-2025-025)
A vulnerability classified as problematic was found in Amazon WorkSpaces Client up to 2024.8 on Linux. The impacted element is
CVE-2025-64114 | MacWarrior clipbucket-v5 up to 5.5.2-#151 sql injection (GHSA-4g7x-j562-8g69)
A vulnerability, which was classified as critical, has been found in MacWarrior clipbucket-v5 up to 5.5.2-#151. This affects an unknown
CVE-2025-61994 | GROWI up to 7.2.9 cross site scripting
A vulnerability, which was classified as problematic, was found in GROWI up to 7.2.9. This impacts an unknown function. Such
CVE-2025-63585 | OSSN Open Source Social Network 8.6 status timestamp sql injection
A vulnerability has been found in OSSN Open Source Social Network 8.6 and classified as critical. Affected is an unknown
openSUSE Tumbleweed: OpenSMTPD Moderate Update Vulnerability 2025:15700-1
An update that solves one vulnerability can now be installed.LinuxSecurity – Security AdvisoriesRead More
openSUSE: java-1_8_0-openjdk Moderate Issues 2025:15701-1 CVE-2025-53057/66
An update that solves 2 vulnerabilities can now be installed.LinuxSecurity – Security AdvisoriesRead More
Fedora: kernel-devel-5.17.8-3.2 Critical Vulnerability Patch 2025:15703-2
An update that solves 83 vulnerabilities can now be installed.LinuxSecurity – Security AdvisoriesRead More
openSUSE Tumbleweed: Zellij Moderate Security Issue Update 2025:15704-1
An update that solves one vulnerability can now be installed.LinuxSecurity – Security AdvisoriesRead More
openSUSE: kubecolor Moderate Fix for CVE-2025-47912 and CVE-2025-58185
An update that solves 2 vulnerabilities can now be installed.LinuxSecurity – Security AdvisoriesRead More
CVE-2025-55343 | Quipux up to 4.0.1 busqueda/busqueda.php sql injection
A vulnerability classified as critical has been found in Quipux up to 4.0.1. Affected by this vulnerability is an unknown
CVE-2025-55342 | Quipux up to 4.0.1 cambiar_password_olvido_validar.php txt_login information disclosure
A vulnerability classified as problematic was found in Quipux up to 4.0.1. Affected by this issue is some unknown functionality
CVE-2025-31954 | HCL iAutomate 6.5.1/6.5.2 get request method with sensitive query strings (KB0125011)
A vulnerability, which was classified as problematic, has been found in HCL iAutomate 6.5.1/6.5.2. This affects an unknown part. Performing
CVE-2025-10907 | WSO2 API Manager SOAP Admin Service unrestricted upload
A vulnerability, which was classified as critical, was found in WSO2 API Manager, Open Banking IAM, Open Banking AM, API
CVE-2023-43000 | Apple macOS/iOS and iPadOS/Safari Web Content use after free
A vulnerability has been found in Apple macOS, iOS and iPadOS and Safari and classified as critical. This issue affects
CVE-2025-56232 | GOG Galaxy 2.0.0.2 certificate validation
A vulnerability was found in GOG Galaxy 2.0.0.2 and classified as critical. Impacted is an unknown function. The manipulation results
CVE-2025-11093 | WSO2 Micro Integrator Script Mediator Engine code injection
A vulnerability was found in WSO2 Micro Integrator, API Manager, Enterprise Integrator, Universal Gateway, API Control Plane, Traffic Manager, Open
CVE-2025-55341 | Quipux up to 4.0.1 anexos/anexos_nuevo.php asocImgRad cross site scripting
A vulnerability was found in Quipux up to 4.0.1. It has been declared as problematic. The impacted element is an
CVE-2025-43418 | Apple iOS/iPadOS up to 18.7.1 information disclosure
A vulnerability was found in Apple iOS and iPadOS up to 18.7.1. It has been rated as problematic. This affects
CVE-2025-63416 | SelfBest Platform 2023.3 Chat /admin/users cross site scripting
A vulnerability categorized as problematic has been discovered in SelfBest Platform 2023.3. This impacts an unknown function of the file
CVE-2025-5770 | WSO2 Identity Server/API Manager/API Control Plane Authentication Endpoint cross site scripting
A vulnerability identified as problematic has been detected in WSO2 Identity Server, API Manager and API Control Plane. Affected is
CVE-2025-56231 | Tonec Internet Download Manager up to 6.42.41.1 certificate validation
A vulnerability labeled as critical has been found in Tonec Internet Download Manager up to 6.42.41.1. Affected by this vulnerability
CVE-2025-63417 | SelfBest Platform 2023.3 Chat Message cross site scripting
A vulnerability marked as problematic has been reported in SelfBest Platform 2023.3. Affected by this issue is some unknown functionality
CVE-2025-63418 | SelfBest Platform 2023.3 cross site scripting
A vulnerability described as problematic has been identified in SelfBest Platform 2023.3. This affects an unknown part. Such manipulation leads
CVE-2025-10853 | WSO2 Open Banking IAM Management Console cross site scripting
A vulnerability classified as problematic has been found in WSO2 Open Banking IAM, API Manager, Identity Server, Open Banking AM,
CVE-2025-12360 | Better Find and Replace Plugin up to 1.7.7 on WordPress API rtafar_ajax authorization
A vulnerability classified as critical was found in Better Find and Replace Plugin up to 1.7.7 on WordPress. This issue
CVE-2025-12471 | Hubbub Lite Plugin up to 1.36.0 on WordPress dpsp_list_attention_search cross site scripting
A vulnerability, which was classified as problematic, has been found in Hubbub Lite Plugin up to 1.36.0 on WordPress. Impacted
CVE-2025-31133 | opencontainers runc Mount race condition
A vulnerability, which was classified as problematic, was found in opencontainers runc. The affected element is an unknown function of
CVE-2025-52565 | opencontainers runc Config File /dev/console access control
A vulnerability has been found in opencontainers runc and classified as critical. The impacted element is an unknown function of
CVE-2025-52881 | opencontainers runc access control
A vulnerability was found in opencontainers runc and classified as critical. This affects an unknown function. Such manipulation leads to
CVE-2025-62596 | youki access control
A vulnerability was found in youki. It has been classified as critical. This impacts an unknown function. Performing manipulation results
CVE-2025-62161 | youki Mount race condition
A vulnerability was found in youki. It has been declared as problematic. Affected is an unknown function of the component
CVE-2025-11268 | Strong Testimonials Plugin up to 3.2.16 on WordPress Shortcode Remote Code Execution
A vulnerability was found in Strong Testimonials Plugin up to 3.2.16 on WordPress. It has been rated as critical. Affected
CVE-2025-63334 | PocketVJ CP PocketVJ-CP-v3 pvj 3.9.1 POST Parameter submit_opacity.php opacityValue os command injection
A vulnerability categorized as critical has been discovered in PocketVJ CP PocketVJ-CP-v3 pvj 3.9.1. Affected by this issue is some
CVE-2025-20377 | Cisco Packaged Contact Center Enterprise API Endpoint information disclosure (cisco-sa-cc-mult-vuln-gK4TFXSn)
A vulnerability described as problematic has been identified in Cisco Packaged Contact Center Enterprise, Unified Contact Center Enterprise, Unified Contact
CVE-2025-46365 | Dell CloudLink up to 8.1.0 command injection (dsa-2025-374)
A vulnerability classified as critical has been found in Dell CloudLink up to 8.1.0. This affects an unknown function. The
CVE-2025-46424 | Dell CloudLink up to 8.1 a cryptographic primitive with a risky implementation (dsa-2025-374)
A vulnerability classified as critical was found in Dell CloudLink up to 8.1. This impacts an unknown function. The manipulation
CVE-2025-46366 | Dell CloudLink up to 8.1.0 credentials storage (dsa-2025-374)
A vulnerability, which was classified as problematic, has been found in Dell CloudLink up to 8.1.0. Affected is an unknown
CVE-2025-59716 | ownCloud Guests up to 0.12.4 Mail Address /apps/guests/register/ showPasswordForm observable response discrepancy
A vulnerability, which was classified as problematic, was found in ownCloud Guests up to 0.12.4. Affected by this vulnerability is
CVE-2025-30479 | Dell CloudLink up to 8.1 os command injection (dsa-2025-374)
A vulnerability has been found in Dell CloudLink up to 8.1 and classified as critical. Affected by this issue is
CVE-2025-45379 | Dell CloudLink up to 8.1 os command injection (dsa-2025-374)
A vulnerability was found in Dell CloudLink up to 8.1 and classified as critical. This affects an unknown part. Executing
CVE-2025-46364 | Dell CloudLink up to 8.1.0 CLI privileges management (dsa-2025-374)
A vulnerability was found in Dell CloudLink up to 8.1.0. It has been classified as critical. This vulnerability affects unknown
CVE-2025-57244 | OpenKM Community Edition 6.3.12 User Account Creation Interface Name cross site scripting
A vulnerability was found in OpenKM Community Edition 6.3.12. It has been declared as problematic. This issue affects some unknown
CVE-2025-10713 | WSO2 Enterprise Integrator XML Parser xml external entity reference
A vulnerability was found in WSO2 Enterprise Integrator, API Control Plane, Universal Gateway, Traffic Manager, API Manager, Identity Server, Open
CVE-2025-43990 | Dell Command Monitor 10.9/10.10.0 unnecessary privileges (dsa-2025-414)
A vulnerability categorized as critical has been discovered in Dell Command Monitor 10.9/10.10.0. The affected element is an unknown function.
CVE-2025-12563 | Blog2Social Plugin up to 8.6.0 on WordPress theuploadVideo unrestricted upload
A vulnerability identified as critical has been detected in Blog2Social Plugin up to 8.6.0 on WordPress. The impacted element is
CVE-2025-11271 | Easy Digital Downloads Plugin up to 3.5.2 on WordPress Transaction ID Remote Code Execution
A vulnerability labeled as critical has been found in Easy Digital Downloads Plugin up to 3.5.2 on WordPress. This affects
CVE-2025-10691 | Easy Email Subscription Plugin up to 1.3 on WordPress show_editsub_page cross-site request forgery
A vulnerability marked as problematic has been reported in Easy Email Subscription Plugin up to 1.3 on WordPress. This impacts
CVE-2025-12560 | Blog2Social Plugin up to 8.6.0 on WordPress getFullContent post_url server-side request forgery
A vulnerability described as critical has been identified in Blog2Social Plugin up to 8.6.0 on WordPress. Affected is the function
CVE-2025-64458 | Django up to 4.2.25/5.1.13/5.2.7 on Windows algorithmic complexity
A vulnerability was found in Django up to 4.2.25/5.1.13/5.2.7 on Windows and classified as problematic. The impacted element is the
CVE-2025-63601 | Snipe-IT up to 8.3.2 Backup File privilege escalation
A vulnerability was found in Snipe-IT up to 8.3.2. It has been classified as critical. This affects an unknown function
CVE-2025-64459 | Django up to 4.2.25/5.1.13/5.2.7 QuerySet.filter/QuerySet.exclude/QuerySet.get sql injection
A vulnerability was found in Django up to 4.2.25/5.1.13/5.2.7. It has been declared as critical. This impacts the function QuerySet.filter/QuerySet.exclude/QuerySet.get.
CVE-2025-47151 | Entr’ouvert Lasso 2.5.1/2.8.2 SAML Response lasso_node_impl_init_from_xml type confusion (TALOS-2025-2193)
A vulnerability was found in Entr’ouvert Lasso 2.5.1/2.8.2. It has been rated as critical. Affected is the function lasso_node_impl_init_from_xml of
CVE-2025-60753 | libarchive bsdtar up to 3.8.0 tar/subst.c apply_substitution resource consumption (Issue 2725)
A vulnerability categorized as problematic has been discovered in libarchive bsdtar up to 3.8.0. Affected by this vulnerability is the
CVE-2025-46404 | Entr’ouvert Lasso 2.5.1 SAML Response lasso_provider_verify_saml_signature null pointer dereference (TALOS-2025-2194)
A vulnerability identified as problematic has been detected in Entr’ouvert Lasso 2.5.1. Affected by this issue is the function lasso_provider_verify_saml_signature
CVE-2025-46705 | Entr’ouvert Lasso 2.5.1/2.8.2 SAML Response g_assert_not_reached assertion (TALOS-2025-2196)
A vulnerability labeled as critical has been found in Entr’ouvert Lasso 2.5.1/2.8.2. This affects the function g_assert_not_reached of the component
CVE-2025-46784 | Entr’ouvert Lasso 2.5.1 SAML Response lasso_node_init_from_message_with_format memory leak (TALOS-2025-2195)
A vulnerability marked as problematic has been reported in Entr’ouvert Lasso 2.5.1. This vulnerability affects the function lasso_node_init_from_message_with_format of the
CVE-2025-45378 | Dell CloudLink up to 8.1.2 os command injection (dsa-2025-374)
A vulnerability described as critical has been identified in Dell CloudLink up to 8.1.2. This issue affects some unknown processing.
CVE-2025-63248 | wkeyuan DWSurvey 6.14.0 Questionnaire ID access control
A vulnerability classified as critical has been found in wkeyuan DWSurvey 6.14.0. Impacted is an unknown function of the component
CVE-2025-57130 | ZwiiCMS up to 13.6.07 HTTP access control
A vulnerability classified as critical was found in ZwiiCMS up to 13.6.07. The affected element is an unknown function of
CVE-2025-61304 | Dynatrace ActiveGate Ping Extension up to 1.016 IP Address os command injection
A vulnerability, which was classified as critical, has been found in Dynatrace ActiveGate Ping Extension up to 1.016. The impacted
CVE-2025-20375 | Cisco Unified Contact Center Express up to UCCX 15.0.1 Web UI unrestricted upload (cisco-sa-cc-mult-vuln-gK4TFXSn)
A vulnerability, which was classified as critical, was found in Cisco Unified Contact Center Express. This affects an unknown function
CVE-2025-20354 | Cisco Unified Contact Center Express up to UCCX 15.0.1 RMI unrestricted upload (cisco-sa-cc-unauth-rce-QeN8h7mQ)
A vulnerability has been found in Cisco Unified Contact Center Express and classified as critical. This impacts an unknown function
CVE-2025-20374 | Cisco Unified Contact Center Express up to UCCX 15.0.1 Web UI path traversal (cisco-sa-cc-mult-vuln-gK4TFXSn)
A vulnerability was found in Cisco Unified Contact Center Express and classified as critical. Affected is an unknown function of
CVE-2025-20376 | Cisco Unified Contact Center Express up to UCCX 15.0.1 Web UI unrestricted upload (cisco-sa-cc-mult-vuln-gK4TFXSn)
A vulnerability was found in Cisco Unified Contact Center Express. It has been classified as critical. Affected by this vulnerability
CVE-2025-20358 | Cisco Unified Contact Center Express up to UCCX 15.0.1 Editor Application missing authentication (cisco-sa-cc-unauth-rce-QeN8h7mQ)
A vulnerability was found in Cisco Unified Contact Center Express. It has been declared as critical. Affected by this issue
CVE-2025-20305 | Cisco Identity Services Engine Software up to 3.4.0 Web-based Management Interface insufficient granularity of access control (cisco-sa-ise-multiple-vulns-O9BESWJH)
A vulnerability was found in Cisco Identity Services Engine Software. It has been rated as problematic. This affects an unknown
CVE-2025-20343 | Cisco Identity Services Engine Software 3.4.0 RADIUS comparison (cisco-sa-ise-radsupress-dos-8YF3JThh)
A vulnerability categorized as critical has been discovered in Cisco Identity Services Engine Software 3.4.0. This vulnerability affects unknown code
CVE-2025-20289 | Cisco Identity Services Engine Software up to 3.4.0 cross site scripting (cisco-sa-ise-multiple-vulns-O9BESWJH)
A vulnerability identified as problematic has been detected in Cisco Identity Services Engine Software. This issue affects some unknown processing.
CVE-2025-20303 | Cisco Identity Services Engine Software up to 3.4.0 Web-based Management Interface cross site scripting (cisco-sa-ise-multiple-vulns-O9BESWJH)
A vulnerability labeled as problematic has been found in Cisco Identity Services Engine Software. Impacted is an unknown function of
CVE-2025-20304 | Cisco Identity Services Engine Software up to 3.4.0 Web-based Management Interface cross site scripting (cisco-sa-ise-multiple-vulns-O9BESWJH)
A vulnerability marked as problematic has been reported in Cisco Identity Services Engine Software. The affected element is an unknown
Cisco Identity Services Engine Reflected Cross-Site Scripting and Information Disclosure Vulnerabilities
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote
Cisco Unified Contact Center Express Remote Code Execution Vulnerabilities
Multiple vulnerabilities in the Java Remote Method Invocation (RMI) process of Cisco Unified Contact Center Express (Unified CCX) could allow
Multiple Cisco Contact Center Products Vulnerabilities
Multiple vulnerabilities in Cisco Unified Contact Center Express (Unified CCX), Cisco Unified Contact Center Enterprise (Unified CCE), Cisco Packaged Contact
Cisco Identity Services Engine RADIUS Suppression Denial of Service Vulnerability
A vulnerability in the RADIUS setting Reject RADIUS requests from clients with repeated failures on Cisco Identity Services Engine (ISE)
CVE-2025-61084 | MDaemon 23.5.2 Header From
A vulnerability classified as problematic was found in MDaemon 23.5.2. This vulnerability affects unknown code of the component Header Handler.
CVE-2025-3125 | WSO2 Identity Server Admin Service Endpoint CarbonAppUploader unrestricted upload
A vulnerability, which was classified as critical, has been found in WSO2 Identity Server, Enterprise Integrator, Open Banking IAM, Identity
CVE-2025-52602 | HCL BigFix Query up to 4.10.x HTTP GET Endpoint exposure of private personal information to an unauthorized actor (KB0124950)
A vulnerability, which was classified as problematic, was found in HCL BigFix Query up to 4.10.x. Impacted is an unknown
CVE-2025-10683 | Easy Email Subscription Plugin up to 1.3 on WordPress uid sql injection
A vulnerability has been found in Easy Email Subscription Plugin up to 1.3 on WordPress and classified as critical. The
SUSE: tiff Important Buffer Overflow Vulnerability CVE-2025-9900
* bsc#1250413 Cross-References: * CVE-2025-9900LinuxSecurity – Security AdvisoriesRead More
CVE-2024-12125 | Red Hat 3Scale Developer Portal Readonly access control
A vulnerability described as critical has been identified in Red Hat 3Scale Developer Portal. Affected by this issue is some
CVE-2025-12745 | QuickJS up to eb2c89087def1829ed99630cb14b549d7a98408c quickjs.c js_array_buffer_slice heap-based overflow (Issue 451)
A vulnerability classified as critical has been found in QuickJS up to eb2c89087def1829ed99630cb14b549d7a98408c. This affects the function js_array_buffer_slice of the
CVE-2025-55108 | BMC Control-M/Agent 9.0.18/9.0.19/9.0.20/9.0.21/9.0.22 missing authentication
A vulnerability marked as critical has been reported in BMC Control-M and Agent 9.0.18/9.0.19/9.0.20/9.0.21/9.0.22. Affected by this vulnerability is an
Fedora 43: rust-tikv-jemallocator Critical Memory Risk 2025-4154ea83d0
uv / python-uv-build 0.9.5 https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md ruff 0.14.2 https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md Pydantic 2.12.3LinuxSecurity – Security AdvisoriesRead More
Fedora 43: Critical Buffer Overflow Vulnerability in rust-tikv-jemalloc-sys
uv / python-uv-build 0.9.5 https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md ruff 0.14.2 https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md Pydantic 2.12.3LinuxSecurity – Security AdvisoriesRead More