Apple has announced it will be opening an all-new store at the Livat Centre shopping mall in Beijing, China on
Vulnerabilities
CVE-2025-13302 | code-projects Courier Management System 1.0 /add-new-officer.php ManagerName sql injection
A vulnerability, which was classified as critical, was found in code-projects Courier Management System 1.0. This affects an unknown part
CVE-2025-13304 | D-Link DWR-M920/DWR-M921/DWR-M960/DWR-M961/DIR-825M 1.01.07/1.1.47 formPingDiagnosticRun host buffer overflow
A vulnerability has been found in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47 and classified as critical. This vulnerability
CVE-2025-13305 | D-Link DWR-M920/DWR-M921/DWR-M960/DIR-822K/DIR-825M 1.01.07 formTracerouteDiagnosticRun host buffer overflow
A vulnerability was found in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07 and classified as critical. This issue affects
CVE-2025-13306 | D-Link DWR-M920/DWR-M921/DIR-822K/DIR-825M 1.1.5 formDebugDiagnosticRun system host command injection
A vulnerability was found in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. It has been classified as critical. Impacted is
Fedora: libxml2 Critical Stack Overflow Issue 2025:5116-2
An update that solves two vulnerabilities can now be installed.LinuxSecurity – Security AdvisoriesRead More
SUSE: libxml2 Moderate Risk of Infinite Recursion – Advisory 2025:4115-1
* bsc#1247850 * bsc#1249076 Cross-References: * CVE-2025-8732LinuxSecurity – Security AdvisoriesRead More
openSUSE: openssh Moderate Code Execution Fix CVE-2025-61984 2025:4112-1
* bsc#1251198 * bsc#1251199 Cross-References: * CVE-2025-61984LinuxSecurity – Security AdvisoriesRead More
openSUSE Leap 15.3: openssh Moderate Threat Update 2025:4112-1
An update that solves two vulnerabilities can now be installed.LinuxSecurity – Security AdvisoriesRead More
openSUSE: Kernel Important Security Update 2025:4111-1 173 Issues Fixed
An update that solves 173 vulnerabilities, contains two features and has 19 security fixes can now be installed.LinuxSecurity – Security
SUSE Security Update 2025:4111-1 Addresses Critical CVE Threats in Kernel
* bsc#1065729 * bsc#1205128 * bsc#1206893 * bsc#1207612 * bsc#1207619LinuxSecurity – Security AdvisoriesRead More
CVE-2025-40936 | Siemens PS IGES Parasolid Translator Component 27.1.215 out-of-bounds (ssa-241605)
A vulnerability was found in Siemens PS IGES Parasolid Translator Component 27.1.215. It has been declared as problematic. This vulnerability
CVE-2025-40834 | Siemens Mendix RichText up to 4.6.0 Widget cross site scripting (ssa-190588)
A vulnerability was found in Siemens Mendix RichText up to 4.6.0. It has been rated as problematic. This issue affects
CVE-2025-11681 | M-Files Server up to 25.6.14925.0 gRPC resource consumption
A vulnerability categorized as problematic has been discovered in M-Files Server. Impacted is an unknown function of the component gRPC
CVE-2025-7711 | Classified Listing Plugin up to 5.0.3 on WordPress Shortcode privilege escalation
A vulnerability identified as critical has been detected in Classified Listing Plugin up to 5.0.3 on WordPress. The affected element
CVE-2025-13297 | itsourcecode Web-Based Internet Laboratory Management System 1.0 /course/controller.php sql injection
A vulnerability labeled as critical has been found in itsourcecode Web-Based Internet Laboratory Management System 1.0. The impacted element is
CVE-2025-13298 | itsourcecode Web-Based Internet Laboratory Management System 1.0 controller.php sql injection
A vulnerability marked as critical has been reported in itsourcecode Web-Based Internet Laboratory Management System 1.0. This affects an unknown
CVE-2025-13299 | itsourcecode Web-Based Internet Laboratory Management System 1.0 /user/controller.php sql injection
A vulnerability described as critical has been identified in itsourcecode Web-Based Internet Laboratory Management System 1.0. This impacts an unknown
CVE-2025-13300 | itsourcecode Web-Based Internet Laboratory Management System 1.0 /settings/controller.php sql injection
A vulnerability classified as critical has been found in itsourcecode Web-Based Internet Laboratory Management System 1.0. Affected is an unknown
CVE-2025-13301 | itsourcecode Web-Based Internet Laboratory Management System 1.0 /subject/controller.php sql injection
A vulnerability classified as critical was found in itsourcecode Web-Based Internet Laboratory Management System 1.0. Affected by this vulnerability is
Fedora 41: Critical Alert for python-pdfminer Arbitrary Code Execution
Backport security fix for GHSA-wf5f-4jwr-ppcp / CVE-2025-64512LinuxSecurity – Security AdvisoriesRead More
Fedora 41: xmedcon CVE Fixes Upgrade 0.25.3 Advisory FEDORA-2025-9d4a8ab586
upgraded to 0.25.3 fixes open bugs, CVEs, etcLinuxSecurity – Security AdvisoriesRead More
CVE-2025-13163 | Digiwin EasyFlow GP up to 5.8.11.1.0810112/8.1.1.2 insufficiently protected credentials
A vulnerability identified as problematic has been detected in Digiwin EasyFlow GP up to 5.8.11.1.0810112/8.1.1.2. This vulnerability affects unknown code.
CVE-2025-13164 | Digiwin EasyFlow GP up to 5.8.11.1.0810112 insufficiently protected credentials
A vulnerability labeled as problematic has been found in Digiwin EasyFlow GP up to 5.8.11.1.0810112. This issue affects some unknown
CVE-2025-13165 | Digiwin EasyFlow GP up to 5.7.7.2/5.8.11.1.0810112/8.1.1.2 allocation of resources
A vulnerability marked as critical has been reported in Digiwin EasyFlow GP up to 5.7.7.2/5.8.11.1.0810112/8.1.1.2. Impacted is an unknown function.
CVE-2025-13285 | itsourcecode Online Voting System 1.0 /login.php Username sql injection
A vulnerability described as critical has been identified in itsourcecode Online Voting System 1.0. The affected element is an unknown
CVE-2025-13286 | itsourcecode Online Voting System 1.0 ajax.php?action=save_user ID sql injection
A vulnerability classified as critical has been found in itsourcecode Online Voting System 1.0. The impacted element is an unknown
CVE-2025-13287 | itsourcecode Online Voting System 1.0 index.php?page=categories id/category sql injection
A vulnerability classified as critical was found in itsourcecode Online Voting System 1.0. This affects an unknown function of the
CVE-2025-13288 | Tenda CH22 1.0.0.1 /goform/PPTPUserSetting fromPptpUserSetting delno buffer overflow
A vulnerability, which was classified as critical, has been found in Tenda CH22 1.0.0.1. This impacts the function fromPptpUserSetting of
CVE-2025-13289 | 1000projects Design & Development of Student Database Management System SubjectDetails.php sql injection
A vulnerability, which was classified as critical, was found in 1000projects Design & Development of Student Database Management System 1.0.
CVE-2025-65073 | OpenStack Keystone up to 26.0.0/27.0.0/28.0.0 /v3/ec2tokens authorization
A vulnerability has been found in OpenStack Keystone up to 26.0.0/27.0.0/28.0.0 and classified as problematic. Affected by this vulnerability is
CVE-2025-13290 | code-projects Simple Food Ordering System 1.0 /saveorder.php ID sql injection
A vulnerability was found in code-projects Simple Food Ordering System 1.0 and classified as critical. Affected by this issue is
CVE-2025-13291 | Campcodes Supplier Management System 1.0 confirm_order.php ID sql injection
A vulnerability was found in Campcodes Supplier Management System 1.0. It has been classified as critical. This affects an unknown
Fedora 43: Suricata Critical Security Bugfix FEDORA-2025-a366512b23
Upstream security/bugfix release.LinuxSecurity – Security AdvisoriesRead More
Fedora 43: FVWM3 1.1.4 Important Security Advisory CVE-2025-47906
FVWM3 ver. 1.1.4LinuxSecurity – Security AdvisoriesRead More
Fedora 43: xmedcon 0.25.3 Critical Fix for Open Bugs and CVEs
upgraded to 0.25.3 fixes open bugs, CVEs, etcLinuxSecurity – Security AdvisoriesRead More
Fedora 42 Python-Pdfminer Critical Advisory on Arbitrary Code Execution
Backport security fix for GHSA-wf5f-4jwr-ppcp / CVE-2025-64512LinuxSecurity – Security AdvisoriesRead More
Fedora 42: Suricata Advisory 2025-0490389cb0 – Security Update
upstream bugfix/security releaseLinuxSecurity – Security AdvisoriesRead More
Fedora 42 Advisory: xmedcon 0.25.3 Critical Update for CVE-2025-2581
upgraded to 0.25.3 fixes open bugs, CVEs, etcLinuxSecurity – Security AdvisoriesRead More
CVE-2025-9501 | W3 Total Cache Plugin up to 2.8.12 on WordPress _parse_dynamic_mfunc os command injection (EUVD-2025-197764)
A vulnerability has been found in W3 Total Cache Plugin up to 2.8.12 on WordPress and classified as critical. This
CVE-2025-10460 | BEIMS Contractor Web 5.7 /BEIMSWeb/contractor.asp sql injection
A vulnerability was found in BEIMS Contractor Web 5.7 and classified as critical. This impacts an unknown function of the
CVE-2025-13283 | Chunghwa Telecom TenderDocTransfer prior 0.41.159 cross-site request forgery (EUVD-2025-197759)
A vulnerability was found in Chunghwa Telecom TenderDocTransfer. It has been classified as problematic. Affected is an unknown function. This
CVE-2025-13284 | ThinPLUS os command injection (EUVD-2025-197757)
A vulnerability was found in ThinPLUS. It has been declared as critical. Affected by this vulnerability is an unknown functionality.
CVE-2025-13282 | Chunghwa Telecom TenderDocTransfer prior 0.41.159 cross-site request forgery
A vulnerability was found in Chunghwa Telecom TenderDocTransfer. It has been rated as problematic. Affected by this issue is some
CVE-2025-60022 | KDDI ‘デジラアプリ’ App prior 80.10.00 on iOS certificate validation (EUVD-2025-197765)
A vulnerability categorized as critical has been discovered in KDDI ‘デジラアプリ’ App on iOS. This affects an unknown part. Executing
CVE-2025-13276 | g33kyrash Online-Banking-System up to 12dbfa690e5af649fb72d2e5d3674e88d6743455 /index.php Username sql injection
A vulnerability described as critical has been identified in g33kyrash Online-Banking-System up to 12dbfa690e5af649fb72d2e5d3674e88d6743455. This vulnerability affects unknown code of
CVE-2025-13277 | code-projects Nero Social Networking Site 1.0 /friendsphoto.php ID sql injection
A vulnerability classified as critical has been found in code-projects Nero Social Networking Site 1.0. This issue affects some unknown
CVE-2025-13278 | projectworlds Advanced Library Management System 1.0 borrowed_book_search.php datefrom/dateto sql injection
A vulnerability classified as critical was found in projectworlds Advanced Library Management System 1.0. Impacted is an unknown function of
CVE-2025-13279 | code-projects Nero Social Networking Site 1.0 /profilefriends.php ID sql injection
A vulnerability, which was classified as critical, has been found in code-projects Nero Social Networking Site 1.0. The affected element
CVE-2025-13280 | CodeAstro Simple Inventory System 1.0 Login /index.php Username sql injection
A vulnerability, which was classified as critical, was found in CodeAstro Simple Inventory System 1.0. The impacted element is an
Debian: Thunderbird Critical Arbitrary Code Exec Update DLA-4372-1
Multiple security issues were discovered in Thunderbird, which could potentially result in the execution of arbitrary code or bypass of
Debian: Thunderbird Critical Code Execution Flaws DSA-6059-1
Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. For the oldstable distribution
CVE-2025-13269 | Campcodes School Fees Payment Management System 1.0 ajax.php?action=save_payment ID sql injection
A vulnerability was found in Campcodes School Fees Payment Management System 1.0. It has been classified as critical. The impacted
CVE-2025-13270 | Campcodes School Fees Payment Management System 1.0 ajax.php?action=save_course ID sql injection
A vulnerability was found in Campcodes School Fees Payment Management System 1.0. It has been declared as critical. This affects
CVE-2025-13271 | Campcodes School Fees Payment Management System 1.0 /ajax.php?action=login Username sql injection
A vulnerability was found in Campcodes School Fees Payment Management System 1.0. It has been rated as critical. This impacts
CVE-2025-13272 | Campcodes School Fees Payment Management System 1.0 /manage_course.php ID sql injection
A vulnerability categorized as critical has been discovered in Campcodes School Fees Payment Management System 1.0. Affected is an unknown
CVE-2025-13273 | Campcodes School Fees Payment Management System 1.0 ajax.php?action=delete_payment ID sql injection
A vulnerability identified as critical has been detected in Campcodes School Fees Payment Management System 1.0. Affected by this vulnerability
CVE-2025-13274 | Campcodes School Fees Payment Management System 1.0 ajax.php?action=delete_fees ID sql injection
A vulnerability labeled as critical has been found in Campcodes School Fees Payment Management System 1.0. Affected by this issue
CVE-2025-13275 | Iqbolshoh php-business-website up to 10677743a8dfc281f85291a27cf63a0bce043c24 /admin/about.php unrestricted upload
A vulnerability marked as critical has been reported in Iqbolshoh php-business-website up to 10677743a8dfc281f85291a27cf63a0bce043c24. This affects an unknown part of
CVE-2025-13265 | lsfusion platform up to 6.1 ZipUtils.java unpackFile path traversal (Issue 1545)
A vulnerability, which was classified as critical, has been found in lsfusion platform up to 6.1. This vulnerability affects the
CVE-2025-13266 | wwwlike vlife up to 2.0.1 VLifeApi SysFileApi.java create fileName path traversal
A vulnerability, which was classified as problematic, was found in wwwlike vlife up to 2.0.1. This issue affects the function
CVE-2025-13267 | SourceCodester Dental Clinic Appointment Reservation System 1.0 /success.php username/password sql injection
A vulnerability has been found in SourceCodester Dental Clinic Appointment Reservation System 1.0 and classified as critical. Impacted is an
CVE-2025-13268 | Dromara dataCompare up to 1.0.1 JDBC URL DbconfigServiceImpl.java DbConfig injection
A vulnerability was found in Dromara dataCompare up to 1.0.1 and classified as critical. The affected element is the function
CVE-2025-12482 | ameliabooking Booking for Appointments and Events Calendar Plugin sql injection
A vulnerability, which was classified as critical, has been found in ameliabooking Booking for Appointments and Events Calendar Plugin up
CVE-2025-13252 | shsuishang ShopSuite ModulithShop up to 45a99398cec3b7ad7ff9383694f0b53339f2d35a RSA/OAuth2/Database hard-coded credentials
A vulnerability, which was classified as critical, was found in shsuishang ShopSuite ModulithShop up to 45a99398cec3b7ad7ff9383694f0b53339f2d35a. Affected by this issue
CVE-2025-13253 | projectworlds Advanced Library Management System 1.0 /add_librarian.php Username sql injection
A vulnerability has been found in projectworlds Advanced Library Management System 1.0 and classified as critical. This affects an unknown
CVE-2025-13254 | projectworlds Advanced Library Management System 1.0 /add_member.php roll_number sql injection
A vulnerability was found in projectworlds Advanced Library Management System 1.0 and classified as critical. This vulnerability affects unknown code
CVE-2025-13255 | projectworlds Advanced Library Management System 1.0 /book_search.php book_pub/book_title sql injection
A vulnerability was found in projectworlds Advanced Library Management System 1.0. It has been classified as critical. This issue affects
CVE-2025-13256 | projectworlds Advanced Library Management System 1.0 /borrow.php roll_number sql injection
A vulnerability was found in projectworlds Advanced Library Management System 1.0. It has been declared as critical. Impacted is an
CVE-2025-13257 | itsourcecode Inventory Management System 1.0 index.php?view=edit ID sql injection
A vulnerability was found in itsourcecode Inventory Management System 1.0. It has been rated as critical. The affected element is
CVE-2025-13258 | Tenda AC20 up to 16.03.08.12 /goform/WifiExtraSet wpapsk_crypto buffer overflow
A vulnerability categorized as critical has been discovered in Tenda AC20 up to 16.03.08.12. The impacted element is an unknown
CVE-2025-13259 | Campcodes Supplier Management System 1.0 edit_unit.php ID sql injection
A vulnerability identified as critical has been detected in Campcodes Supplier Management System 1.0. This affects an unknown function of
CVE-2025-13260 | Campcodes Supplier Management System 1.0 edit_product.php cmbProductUnit sql injection
A vulnerability labeled as critical has been found in Campcodes Supplier Management System 1.0. This impacts an unknown function of
CVE-2025-13261 | lsfusion platform up to 6.1 DownloadFileRequestHandler.java DownloadFileRequestHandler Version path traversal (Issue 1543)
A vulnerability marked as problematic has been reported in lsfusion platform up to 6.1. Affected is the function DownloadFileRequestHandler of
CVE-2025-13262 | lsfusion platform up to 6.1 UploadFileRequestHandler.java UploadFileRequestHandler sid path traversal (Issue 1544)
A vulnerability described as critical has been identified in lsfusion platform up to 6.1. Affected by this vulnerability is the
CVE-2025-13263 | SourceCodester Online Magazine Management System 1.0 /categories.php c sql injection
A vulnerability classified as critical has been found in SourceCodester Online Magazine Management System 1.0. Affected by this issue is
CVE-2025-13264 | SourceCodester Online Magazine Management System 1.0 /view_magazine.php ID sql injection
A vulnerability classified as critical was found in SourceCodester Online Magazine Management System 1.0. This affects an unknown part of
Slackware 15.0: xpdf Critical Fix for Buffer Overflow SSA:2025-319-01
New xpdf packages are available for Slackware 15.0 and -current to fix security issues.LinuxSecurity – Security AdvisoriesRead More
Fedora 42: bind9-next Critical DNSSEC Issues Fix 2025-d9f9394ecd
Update to 9.21.14 (rhbz#2394406) Security Fixes: DNSSEC validation fails if matching but invalid DNSKEY is found. (CVE-2025-8677) Address various spoofing
Fedora 42: luksmeta Update CVE-2025-11568 Severity Informational
New upstream release v10 Fix: CVE-2025-11568LinuxSecurity – Security AdvisoriesRead More
Fedora 41: LUKSData Integrity Restoration Update CVE-2025-11678
New upstream release v10 Fix: CVE-2025-11568LinuxSecurity – Security AdvisoriesRead More
Fedora 43: bind9-next Security Update CVE-2025-8677 Cache Poisoning
Update to 9.21.14 (rhbz#2394406) Security Fixes: DNSSEC validation fails if matching but invalid DNSKEY is found. (CVE-2025-8677) Address various spoofing
Fedora 43: chrome Significant Vulnerability Alert CVE-2025-13042
Update to 142.0.7444.162 * High CVE-2025-13042: Inappropriate implementation in V8LinuxSecurity – Security AdvisoriesRead More
openSUSE: MozillaFirefox Moderate Security Issues Advisory 2025:15735-1
An update that solves 16 vulnerabilities can now be installed.LinuxSecurity – Security AdvisoriesRead More
openSUSE Tumbleweed: Chromedriver Moderate Update CVE-2025-13042
An update that solves one vulnerability can now be installed.LinuxSecurity – Security AdvisoriesRead More
Debian: DSA-6058-1 lasso Critical Denial of Service CVE-2025-46404
Keane O’Kelley discovered several vulnerabilities in lasso, a library implementing Liberty Alliance and SAML protocols, which could result in denial
Mageia 9: apache-commons-lang3 Important Stack Overflow Bug MGASA-2025-0293
MGASA-2025-0293 – Updated apache-commons-lang3 & apache-commons-lang packages fix security vulnerabilityLinuxSecurity – Security AdvisoriesRead More
Mageia 9: Fix for spdlog Resource Usage MGASA-2025-0294 CVE-2025-6140
MGASA-2025-0294 – Updated spdlog packages fix security vulnerabilityLinuxSecurity – Security AdvisoriesRead More
Mageia 9: Notice on Botan2 CVE-2024-50384 Denial of Service MGASA-2025-0296
MGASA-2025-0295 – Updated botan2 packages fix security vulnerabilitiyLinuxSecurity – Security AdvisoriesRead More
Mageia: Apache Commons FileUpload Important DoS Advisory MGASA-2025-0296
MGASA-2025-0296 – Updated apache-commons-fileupload packages fix security vulnerabilityLinuxSecurity – Security AdvisoriesRead More
Mageia: yelp Important Remote Code Exec CVE-2025-3155 Advisory 2025-0297
MGASA-2025-0297 – Updated yelp & yelp-xsl packages fix security vulnerabilityLinuxSecurity – Security AdvisoriesRead More
Mageia 9: Critical Cleartext Vulnerability in Stardict CVE-2025-55014
MGASA-2025-0298 – Updated stardict packages fix security vulnerabilityLinuxSecurity – Security AdvisoriesRead More
CVE-2025-13247 | PHPGurukul Tourism Management System 1.0 /admin/user-bookings.php uid sql injection
A vulnerability labeled as critical has been found in PHPGurukul Tourism Management System 1.0. The affected element is an unknown
CVE-2025-13248 | SourceCodester Patients Waiting Area Queue Management System 1.0 api_patient_schedule.php appointmentID sql injection
A vulnerability marked as critical has been reported in SourceCodester Patients Waiting Area Queue Management System 1.0. The impacted element
CVE-2025-13249 | Jiusi OA up to 20251102 OfficeServer Interface OfficeServer?isAjaxDownloadTemplate=false FileData unrestricted upload
A vulnerability described as critical has been identified in Jiusi OA up to 20251102. This affects an unknown function of
CVE-2025-13250 | WeiYe-Jing datax-web up to 2.1.2 Job remove/update/pause/start/triggerJob access control
A vulnerability classified as critical has been found in WeiYe-Jing datax-web up to 2.1.2. This impacts the function remove/update/pause/start/triggerJob of
CVE-2025-13251 | WeiYe-Jing datax-web up to 2.1.2 sql injection
A vulnerability classified as critical was found in WeiYe-Jing datax-web up to 2.1.2. Affected is an unknown function. Executing manipulation
CVE-2025-12983 | GitLab Community Edition/Enterprise Edition up to 18.3.5/18.4.3/18.5.1 Markdown memory allocation (Patch 296257)
A vulnerability, which was classified as problematic, has been found in GitLab Community Edition and Enterprise Edition up to 18.3.5/18.4.3/18.5.1.
CVE-2025-11865 | GitLab Enterprise Edition up to 18.3.5/18.4.3/18.5.1 authorization (Patch 561399)
A vulnerability, which was classified as problematic, was found in GitLab Enterprise Edition up to 18.3.5/18.4.3/18.5.1. This impacts an unknown
CVE-2025-7000 | GitLab Community Edition/Enterprise Edition up to 18.3.5/18.4.3/18.5.1 Merge Request insertion of sensitive information into sent data (Patch 553129)
A vulnerability has been found in GitLab Community Edition and Enterprise Edition up to 18.3.5/18.4.3/18.5.1 and classified as problematic. Affected
CVE-2025-2615 | GitLab Community Edition/Enterprise Edition up to 18.3.5/18.4.3/18.5.1 Websocket Connection insertion of sensitive information into sent data (Patch 526360)
A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 18.3.5/18.4.3/18.5.1 and classified as problematic. Affected by