Insufficient Verification of Data Authenticity

Overview org.springframework.security:spring-security-oauth2-jose is a provides security services for the Spring IO Platform. Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the withIssuerLocation component. An attacker can bypass intended...

CVE-2025-62483

Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a disclosure of information via network access...

CVE-2025-62482

Cross-site scripting in Zoom Workplace for Windows before version 6.5.10 may allow an unauthenticated user to impact integrity via network access...

CVE-2025-62483 Zoom Clients - Improper Removal of Sensitive Information

Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a disclosure of information via network access...

CVE-2025-62482 Zoom Workplace for Windows - Cross-site Scripting

Cross-site scripting in Zoom Workplace for Windows before version 6.5.10 may allow an unauthenticated user to impact integrity via network access...

CVE-2025-30662 Zoom Workplace VDI Plugin macOS Universal Installer - Symlink Following

Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network access...

CVE-2025-30662 Zoom Workplace VDI Plugin macOS Universal Installer - Symlink Following

Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network access...

EUVD-2025-175306

Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network access...

CVE-2025-64741 Zoom Workplace for Android - Improper Authorization Handling

Improper authorization handling in Zoom Workplace for Android before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access...

PT-2025-46838

Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a disclosure of information via network access...

PT-2025-46714

Name of the Vulnerable Software and Affected Versions Zoom Workplace VDI Client for Windows versions prior to 6.3.14 Zoom Workplace VDI Client for Windows versions prior to 6.4.12 Zoom Workplace VDI Client for Windows versions prior to 6.5.10 Description A flaw exists in the installer for Zoom...

Zoom Workplace < 6.5.10 Vulnerability (ZSB-25044)

The version of Zoom Workplace installed on the remote host is prior to 6.5.10. It is, therefore, affected by a vulnerability as referenced in the ZSB-25044 advisory. - Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information...

OESA-2025-2493 qt5-qtimageformats security update

The core Qt Gui library by default supports reading and writing image files of the most common file formats: PNG, JPEG, BMP, GIF and a few more, ref. Reading and Writing Image Files. The Qt Image Formats add-on module provides optional support for other image file formats. Security Fixes: When...

Linux Distros Unpatched Vulnerability : CVE-2023-47233

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The brcm80211 component in the Linux kernel through 6.5.10 has a brcmfcfg80211detach use-after-free in the device unplugging disconnect the USB by hotplug code...

Security advisory: Recently reported incomplete cleanup issue in Qt's Schannel handling can impact Qt

There is a "Incomplete Cleanup" problem in Qt’s Schannel handling when it is used to provide a server handling incoming TLS connections. This has been assigned the CVE id CVE-2025-6338. Affected versions: This issue affects only the Schannel functionality on Windows if it is turned on in Qt 5.15...

UBUNTU-CVE-2025-5683

When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash. This issue affects Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. This is fixed in 6.5.10, 6.8.5 and 6.9.1...

CVE-2024-48937

Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows XSS. JavaScript code in the short description of the SLA field in Activity Dialogues is executed...

CVE-2024-48938

Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email. Parsing the content of emails where HTML code is copied from Microsoft Word could lead to high CPU usage and block the parsing process...

CVE-2024-48937

Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows XSS. JavaScript code in the short description of the SLA field in Activity Dialogues is executed...

CVE-2024-48938

Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email. Parsing the content of emails where HTML code is copied from Microsoft Word could lead to high CPU usage and block the parsing process...