CVE-2025-48445 Commerce Eurobank (Redirect) - Moderately critical - Access bypass - SA-CONTRIB-2025-066

Incorrect Authorization vulnerability in Drupal Commerce Eurobank Redirect allows Functionality Misuse.This issue affects Commerce Eurobank Redirect: from 0.0.0 before 2.1.1...

CVE-2025-48445

CVE-2025-48445 is an Incorrect Authorization vulnerability in Drupal Commerce Eurobank (Redirect) that allows functionality misuse. Affected versions are 0.0.0 through 2.1.0 (officially noted as before 2.1.1); the issue enables bypassing authorization controls to perform unauthorized actions with...

[SECURITY] Fedora 42 Update: qt6-qtscxml-6.9.1-1.fc42

The Qt SCXML module provides functionality to create state machines from SCXM L files. This includes both dynamically creating state machines loading the SCXML file and instantiating states and transitions and generating a C++ file that has a class implementing the state machine. It also contains...

[SECURITY] Fedora 42 Update: kddockwidgets-1.7.0-23.fc42

Qt dock widget library written by KDAB, suitable for replacing QDockWidget and implementing advanced functionalities missing in Qt...

OS Command Injection

@haxtheweb/haxcms-nodejs is vulnerable to OS command injection. The vulnerability is due to insufficient input validation in the gitImportSite functionality, which allows attacker-controlled input to reach the procopen function through a crafted URL string...

PT-2025-25231 · Ibm · Ibm Cognos Analytics

Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.2.0 through 12.0.4 Description: The issue allows a privileged user to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within...

CVE-2025-5985

A vulnerability was found in code-projects School Fees Payment System 1.0 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to improper authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may ...

CVE-2025-49133 Libtpms contains a possible out-of-bound access and abort due to HMAC signing issue

Libtpms is a library that targets the integration of TPM functionality into hypervisors, primarily into Qemu. Libtpms, which is derived from the TPM 2.0 reference implementation code published by the Trusted Computing Group, is prone to a potential out of bounds OOB read vulnerability. The...

CVE-2025-49133

The CVE-2025-49133 entry affects libtpms, a TPM functionality library for virtual machines, with a flaw in CryptHmacSign that pairs signKey (ALG_KEYEDHASH) with inScheme (ECC/RSA) leading to an out-of-bounds read. The issue can be triggered by sending malicious TPM 2.0 commands to a vTPM (swtpm) ...

CVE-2024-13089 Authenticated RCE in update functionality in Guardian/CMC before 24.6.0

An OS command injection vulnerability within the update functionality may allow an authenticated administrator to execute unauthorized arbitrary OS commands. Users with administrative privileges may upload update packages to upgrade the versions of Nozomi Networks Guardian and CMC. While these...

CVE-2024-13089 Authenticated RCE in update functionality in Guardian/CMC before 24.6.0

An OS command injection vulnerability within the update functionality may allow an authenticated administrator to execute unauthorized arbitrary OS commands. Users with administrative privileges may upload update packages to upgrade the versions of Nozomi Networks Guardian and CMC. While these...

June 10, 2025—KB5060998 (OS Build 10240.21034)

June 10, 2025—KB5060998 OS Build 10240.21034 Important Windows updates do not install Microsoft Store application updates. If you are an enterprise user, see Microsoft Store apps - Configuration Manager. If you are a consumer user, see Get updates for apps and games in Microsoft Store. For...

June 10, 2025—Hotpatch KB5060525 (OS Build 20348.3745)

June 10, 2025—Hotpatch KB5060525 OS Build 20348.3745 Improvements and fixes This security update includes quality improvements. The following summary outlines key issues addressed by the KB update after you install it. This update makes miscellaneous security improvements to internal OS...

PT-2025-24647 · Nozomi Networks · Nozomi Networks Guardian +1

Name of the Vulnerable Software and Affected Versions: Nozomi Networks Guardian and CMC affected versions not specified Description: An OS command injection issue exists within the update functionality, potentially allowing authenticated administrators to execute unauthorized arbitrary OS command...

Authenticated RCE in update functionality in Guardian/CMC before 24.6.0

Summary An OS command injection vulnerability within the update functionality may allow an authenticated administrator to execute unauthorized arbitrary OS commands. Impact Users with administrative privileges may upload update packages to upgrade the versions of Nozomi Networks Guardian and CMC...

CVE-2025-48139 WordPress StyleAI <= 1.0.4 - Broken Access Control Vulnerability

Missing Authorization vulnerability in relentlo StyleAI allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects StyleAI: from n/a through 1.0.4...

LLMs Caught in the Crossfire: Malware Requests and Jailbreak Challenges

The widespread adoption of Large Language Models LLMs has heightened concerns about their security, particularly their vulnerability to jailbreak attacks that leverage crafted prompts to generate malicious outputs. While prior research has been conducted on general security capabilities of LLMs,...

ALSA-2025:8686 Moderate: glibc security update

The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cache daemon nscd used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fixes: glibc:...

CVE-2025-49599

Huawei EG8141A5 devices through V5R019C00S100, EG8145V5 devices through V5R019C00S100, and EG8145V5-V2 devices through V5R021C00S184 allow the Epuser account to disable ONT firewall functionality, e.g., to remove the default blocking of the SSH and TELNET TCP ports, aka HWNO-56Q3...

SCGAgent: Recreating the Benefits of Reasoning Models for Secure Code Generation with Agentic Workflows

Large language models LLMs have seen widespread success in code generation tasks for different scenarios, both everyday and professional. However current LLMs, despite producing functional code, do not prioritize security and may generate code with exploitable vulnerabilities. In this work, we...