org.apache.camel:camel-example-cxf (>=2.14.0 <=2.19.5), org.apache.cxf.osgi.itests:org.apache.cxf.osgi.itests (>=3.0.0 <=3.6.11) +17 more potentially affected by CVE-2025-48913 via org.apache.cxf:cxf-rt-transports-jms (>=3.0.0-milestone1 <=3.6.7)

org.apache.cxf:cxf-rt-transports-jms MAVEN version =3.0.0-milestone1, =2.14.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.2.0, =5.0.0.Beta1, =5.0.0.Beta1, =5.0.0.Beta1, =5.0.0.Beta1, =5.5.0.Final and more Source cves: CVE-2025-48913 Source advisory:...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the JMS configuration. An attacker with permissions to configure JMS for Apache CXF can achieve remote code execution by supplying malicious RMI or LDAP URLs in the configuration. Details...

Apache CXF: Untrusted JMS configuration can lead to RCE

If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility. Users are recommended to upgrade to versions 3.6.8...

PT-2025-32386 · Mitel · Micollab +1

Name of the Vulnerable Software and Affected Versions: Mitel MiCollab versions through 9.8 SP2 9.8.2.12 Description: A vulnerability exists in the NuPoint Unified Messaging NPM component that could allow an unauthenticated attacker to conduct a path traversal attack due to insufficient input...

CVE-2025-52913

A vulnerability in the NuPoint Unified Messaging NPM component of Mitel MiCollab through 9.8 SP2 9.8.2.12 could allow an unauthenticated attacker to conduct a path traversal attack due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to...

Mitel MiCollab 安全漏洞

Mitel MiCollab is a mobile application that provides voice, video, messaging, audio conferencing, and team collaboration for employees from Mitel Canada. A security vulnerability exists in Mitel MiCollab version 9.8.2.12 and earlier, which stems from insufficient input validation of the NuPoint...

Important: Red Hat Security Advisory: Red Hat AMQ Broker 7.13.1 release and security update

Red Hat AMQ Broker 7.13.1 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

BIT-MOODLE-2024-43438 Moodle: idor in feedback non-respondents report allows messaging arbitrary site users

A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report...

Transcript Franking for Encrypted Messaging

Message franking is an indispensable abuse mitigation tool for end-to-end encrypted E2EE messaging platforms. With it, users who receive harmful content can securely report that content to platform moderators. However, while real-world deployments of reporting require the disclosure of multiple...

Devolutions Server 访问控制错误漏洞

Devolutions Server is an application from Devolutions Canada Inc. It provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server versions 2025.2.4.0 and earlier and 2025.1.11.0 and earlier, which stems from improper access contro...

Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord

Cryptocurrency users are the target of an ongoing social engineering campaign that employs fake startup companies to trick users into downloading malware that can drain digital assets from both Windows and macOS systems. "These malicious operations impersonate AI, gaming, and Web3 firms using...

Deepfake criminals impersonate Marco Rubio to uncover government secrets

Deepfake attacks aren't just for recruitment and banking fraud; they've now reached the highest levels of government. News emerged this week of an AI-powered attack that impersonated US Secretary of State Marco Rubio. Authorities don't know who was behind the incident. A US State Department cable...

CVE-2025-49846

wire-ios is an iOS client for the Wire secure messaging application. From Wire iOS 3.111.1 to before 3.124.1, messages that were visible in the view port have been logged to the iOS system logs in clear text. Wire application logs created and managed by the application itself were not affected,...

CVE-2025-49846 wire-ios accidentally logs message contents

wire-ios is an iOS client for the Wire secure messaging application. From Wire iOS 3.111.1 to before 3.124.1, messages that were visible in the view port have been logged to the iOS system logs in clear text. Wire application logs created and managed by the application itself were not affected,...

The vulnerability of the Mattermost instant messaging application, related to incorrect authentication, allows a hacker to disclose protected information.

The vulnerability of the Mattermost instant messaging application is related to improper authentication. Exploiting this vulnerability can allow a malicious actor to disclose protected information...

Security Bulletin: Upgraded higher version of cometD in Maximo IT 9.1

Summary Upgraded heigher version of cometD in Maximo IT 9.1 Vulnerability Details CVEID:CVE-2022-24721 DESCRIPTION: CometD is a scalable comet implementation for web messaging. In any version prior to 5.0.11, 6.0.6, and 7.0.6, internal usage of Oort and Seti channels is improperly authorized, so...

[SECURITY] Fedora 41 Update: gotify-desktop-1.3.7-5.fc41

Small Gotify daemon to receive messages and forward them as desktop notificat ions. Read Gotify messages, and forward them as standard desktop notification . Forward message priority. Auto reconnect if server connection is lost and g et missed messages. Automatically download, cache, and show app...

Malicious code in messaging-client-lite (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-5436 Malicious code in messaging-client-lite (npm)

The package communicates with a domain associated with malicious activity...

Moodle 4.3.x < 4.3.12 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is 4.1.x prior to 4.1.18 or 4.3.x prior to 4.3.12 or 4.4.x prior to 4.4.8 or 4.5.x prior to 4.5.4. It is, therefore, affected by multiple vulnerabilities : - Additional checks were required to ensure users can on...