MAL-2025-22446 Malicious code in hiot-messaging (npm)

The package hiot-messaging was found to contain malicious code...

Apache CXF < 3.6.8 / 4.x < 4.0.9 / 4.1.x < 4.1.3 RCE (CVE-2025-48913)

The version of Apache CXF installed on the remote host is affected by remote code execution vulnerability. If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restrict...

IBM WebSphere Application Server Liberty 17.0.0.3 < 25.0.0.9 (7242027)

The version of IBM WebSphere Application Server Liberty running on the remote host is affected by a vulnerability as referenced in the 7242027 advisory. - IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a...

CVE-2025-54465 Hard-coded Credentials Vulnerability in ZKTeco WL20

This vulnerability exists in ZKTeco WL20 due to hard-coded MQTT credentials and endpoints stored in plaintext within the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and analyzing the binary data to retrieve the hard-coded MQTT...

New trends in phishing and scams: how AI and social media are changing the game

Introduction Phishing and scams are dynamic types of online fraud that primarily target individuals, with cybercriminals constantly adapting their tactics to deceive people. Scammers invent new methods and improve old ones, adjusting them to fit current news, trends, and major world events:...

[SECURITY] Fedora 42 Update: matrix-synapse-1.135.2-1.fc42

Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in...

CVE-2025-36124

IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration...

CVE-2025-36124 IBM WebSphere Application Server Liberty bypass security

IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration...

CVE-2025-36124 IBM WebSphere Application Server Liberty bypass security

IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration...

CVE-2025-36124

CVE-2025-36124 is described by IBM security bulletins as a vulnerability in IBM WebSphere Liberty/Liberty-based IBM products where a remote attacker could bypass security restrictions due to JMS messaging configuration not being honored. Connected IBM bulletins show affected products/versions and...

Security Bulletin: Astronomer with IBM is vulnerable to several vulnerabilities

Summary Open source software is used by Astronomer with IBM as part of overall processing functionality. Vulnerability Details CVEID:CVE-2008-1530 DESCRIPTION: GnuPG gpg 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via crafted...

CVE-2025-52913

A vulnerability in the NuPoint Unified Messaging NPM component of Mitel MiCollab through 9.8 SP2 9.8.2.12 could allow an unauthenticated attacker to conduct a path traversal attack due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to...

GHSA-J5PM-7495-QMR3 vulnerabilities

Vulnerabilities for packages: fulcio-fips, nri-redis, opentofu-fips, gatekeeper-fips, kubelet-csr-approver-fips, opentelemetry-collector, licenseclassifier, yace, kubernetes-dashboard-metrics-scraper, kubernetes, nri-memcached, sonobuoy-fips, flux-helm-controller-fips, cilium-fips, http-echo,...

CVE-2025-52913

A vulnerability in the NuPoint Unified Messaging NPM component of Mitel MiCollab through 9.8 SP2 9.8.2.12 could allow an unauthenticated attacker to conduct a path traversal attack due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to...

org.apache.camel:camel-example-cxf (>=2.14.0 <=2.19.5), org.apache.cxf.osgi.itests:org.apache.cxf.osgi.itests (>=3.0.0 <=3.6.11) +17 more potentially affected by CVE-2025-48913 via org.apache.cxf:cxf-rt-transports-jms (>=3.0.0-milestone1 <=3.6.7)

org.apache.cxf:cxf-rt-transports-jms MAVEN version =3.0.0-milestone1, =2.14.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.2.0, =5.0.0.Beta1, =5.0.0.Beta1, =5.0.0.Beta1, =5.0.0.Beta1, =5.5.0.Final and more Source cves: CVE-2025-48913 Source advisory:...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the JMS configuration. An attacker with permissions to configure JMS for Apache CXF can achieve remote code execution by supplying malicious RMI or LDAP URLs in the configuration. Details...

Apache CXF: Untrusted JMS configuration can lead to RCE

If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility. Users are recommended to upgrade to versions 3.6.8...

PT-2025-32386 · Mitel · Micollab +1

Name of the Vulnerable Software and Affected Versions: Mitel MiCollab versions through 9.8 SP2 9.8.2.12 Description: A vulnerability exists in the NuPoint Unified Messaging NPM component that could allow an unauthenticated attacker to conduct a path traversal attack due to insufficient input...

Mitel MiCollab 安全漏洞

Mitel MiCollab is a mobile application that provides voice, video, messaging, audio conferencing, and team collaboration for employees from Mitel Canada. A security vulnerability exists in Mitel MiCollab version 9.8.2.12 and earlier, which stems from insufficient input validation of the NuPoint...

CVE-2025-52913

A vulnerability in the NuPoint Unified Messaging NPM component of Mitel MiCollab through 9.8 SP2 9.8.2.12 could allow an unauthenticated attacker to conduct a path traversal attack due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to...