SUSE SLED15 / SLES15 Security Update : ImageMagick (SUSE-SU-2025:02801-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02801-1 advisory. - CVE-2025-53014: Fixed an off-by-one error may cause an out-of-bounds memory access bsc1246530 -...

Malicious code in filename-id (npm)

The package filename-id was found to contain malicious code...

MAL-2025-20552 Malicious code in filename-id (npm)

The package filename-id was found to contain malicious code...

brick-browser (>=0.0.0 <=0.0.14), brick-node (>=0.0.0 <=0.0.17) potentially affected by unknown CVE via filename-id (=0.0.0)

filename-id NPM version =0.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on filename-id and may be impacted: - brick-browser =0.0.0, =0.0.0, =0.0.17 Source cves: unknown CVE Source advisory: OSV:MAL-2025-20552...

MAL-2025-20534 Malicious code in file-alb-um-zip-new-mp3-345273-dancing-with-the-devil-the-art-of-starting-over-ox6x8-trglkl (npm)

The package file-alb-um-zip-new-mp3-345273-dancing-with-the-devil-the-art-of-starting-over-ox6x8-trglkl was found to contain malicious code...

CVE-2025-54389 AIDE improper output neutralization vulnerability

AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamp...

USN-7697-1: AIDE vulnerabilities

Rajesh Pangare discovered that AIDE incorrectly handled filenames. A local attacker could possibly use this issue to bypass the detection of malicious files. CVE-2025-54389 Rajesh Pangare discovered that AIDE incorrectly handled extended file attributes. A local attacker could possibly use this...

USN-7697-1 aide vulnerabilities

Rajesh Pangare discovered that AIDE incorrectly handled filenames. A local attacker could possibly use this issue to bypass the detection of malicious files. CVE-2025-54389 Rajesh Pangare discovered that AIDE incorrectly handled extended file attributes. A local attacker could possibly use this...

Security update for ImageMagick

This update for ImageMagick fixes the following issues: CVE-2025-53014: Fixed an off-by-one error may cause an out-of-bounds memory access bsc1246530 CVE-2025-53015: Fixed specific XMP file conversion may cause an infinite loop bsc1246531 CVE-2025-53019: Fixed format specifiers in a filename...

SUSE-SU-2025:02801-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2025-53014: Fixed an off-by-one error may cause an out-of-bounds memory access bsc1246530 - CVE-2025-53015: Fixed specific XMP file conversion may cause an infinite loop bsc1246531 - CVE-2025-53019: Fixed format specifiers in a filenam...

CVE-2025-54701

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Unicamp unicamp allows PHP Local File Inclusion.This issue affects Unicamp: from n/a through = 2.6.3...

CVE-2025-54700

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Makeaholic allows PHP Local File Inclusion. This issue affects Makeaholic: from n/a through 1.8.4...

CVE-2025-52728

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WebCodingPlace Responsive Posts Carousel Pro responsive-posts-carousel-pro allows PHP Local File Inclusion.This issue affects Responsive Posts Carousel Pro: from n/a through = 15...

CVE-2025-49271

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in GravityWP GravityWP - Merge Tags gravitywp-merge-tags allows PHP Local File Inclusion.This issue affects GravityWP - Merge Tags: from n/a through = 1.4.4...

CVE-2025-3703

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in wipeoutmedia CSS & JavaScript Toolbox css-javascript-toolbox allows PHP Local File Inclusion.This issue affects CSS & JavaScript Toolbox: from n/a through 12.0.3...

CVE-2025-32288

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows PHP Local File Inclusion.This issue affects RT-Theme 18 | Extensions: from n/a through = 2.4...

CVE-2025-25174

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in beeteam368 BeeTeam368 Extensions beeteam368-extensions allows PHP Local File Inclusion.This issue affects BeeTeam368 Extensions: from n/a through = 1.9.4...

CVE-2025-25172

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in beeteam368 VidMov vidmov allows PHP Local File Inclusion.This issue affects VidMov: from n/a through = 1.9.4...

CVE-2025-24766

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in wproyal News Magazine X news-magazine-x allows PHP Local File Inclusion.This issue affects News Magazine X: from n/a through = 1.2.37...

CVE-2025-54701 WordPress Unicamp Theme <= 2.6.3 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Unicamp unicamp allows PHP Local File Inclusion.This issue affects Unicamp: from n/a through = 2.6.3...