PT-2025-5804

Name of the Vulnerable Software and Affected Versions: Defense Platform Home Edition versions 3.9.51.x and earlier Description: The issue is related to an unprotected Windows messaging channel, also known as 'Shatter'. This allows an attacker to send a specially crafted message to a specific...

CVE-2022-41271

An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration PI - version 7.50. This user can make use of an open naming and directory API to access services that could perform unauthorized operations. The vulnerability...

CVE-2024-47130

The goTenna Pro App allows unauthenticated attackers to remotely update the local public keys used for P2P and group messages. It is advised to update your app to the current release for enhanced encryption protocols...

CVE-2024-23615

A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 10.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root...

CVE-2024-23614

A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 9.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root...

PT-2025-20013 · Git +1 · Tarantool

Name of the Vulnerable Software and Affected Versions: LuaJIT affected versions not specified Description: The LuaJIT software contains a heap-buffer-overflow vulnerability. The crash occurs within the lj strfmt pushvf function, which is called by err msgv and lj err msg. Recommendations: At the...

CVE-2024-0875

A stored cross-site scripting XSS vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the 'inputBody' field in the Secure Messaging feature, which can then be sent to other users. When the recipient views the malicious message, the payload is...

CVE-2025-1015

The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the address book,...

PT-2025-34811 · Telpo · Telpo Mdm

Name of the Vulnerable Software and Affected Versions: Telpo MDM versions 1.4.6 through 1.4.9 Description: The Telpo MDM Android platform stores sensitive administrator credentials and MQTT server connection details IP/port in plaintext within log files on the device's external storage. This allo...

USN-7243-1 vlc vulnerability

It was discovered that VLC incorrectly handled memory when reading an MMS stream. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code...

CVE-2024-45336 vulnerabilities

Vulnerabilities for packages: cloudnative-pg-fips, k8s-device-plugin-fips, kube-logging-operator, undock, crossplane-provider-sql, harbor, vertical-pod-autoscaler, vitess, falcosidekick-fips, crossplane-provider-sql-fips, rancher-loglevel, azure-aad-pod-identity-mic, skopeo,...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2022-49035: media: s5pcec: limit msg.len to CECMAXMSGSIZE bsc1215304. CVE-2024-53146: NFSD: Prevent a potential integer overflow bsc1234853. CVE-2024-53156: wif...

PT-2025-2886 · Sungrow · Sungrow Winet-Sv200

Name of the Vulnerable Software and Affected Versions: SunGrow WiNet-SV200 versions 0.001.00.P027 and earlier Description: The issue is related to a stack-based buffer overflow that occurs when parsing MQTT messages, due to missing checks on the bounds of MQTT topics. This can lead to a buffer...

CVE-2025-23798

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Eliott Robson Mass Messaging in BuddyPress allows Reflected XSS. This issue affects Mass Messaging in BuddyPress: from n/a through 2.2.1...

CVE-2025-23798

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ElbowRobo Mass Messaging in BuddyPress mass-messaging-in-buddypress allows Reflected XSS.This issue affects Mass Messaging in BuddyPress: from n/a through = 2.2.1...

CVE-2025-23798 WordPress Mass Messaging in BuddyPress Plugin <= 2.2.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ElbowRobo Mass Messaging in BuddyPress mass-messaging-in-buddypress allows Reflected XSS.This issue affects Mass Messaging in BuddyPress: from n/a through = 2.2.1...

CVE-2025-23798 WordPress Mass Messaging in BuddyPress Plugin <= 2.2.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ElbowRobo Mass Messaging in BuddyPress mass-messaging-in-buddypress allows Reflected XSS.This issue affects Mass Messaging in BuddyPress: from n/a through = 2.2.1...

WordPress plugin Mass Messaging in BuddyPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

A week in security (January 13 &#8211; January 19)

Last week on Malwarebytes Labs: iMessage text gets recipient to disable phishing protection so they can be phished The new rules for AI and encrypted messaging, with Mallory Knodel Lock and Code S06E01 Insurance company accused of using secret software to illegally collect and sell location data ...

PT-2025-2827 · Ibm · Ibm App Connect Enterprise

Name of the Vulnerable Software and Affected Versions: IBM App Connect Enterprise versions 12.0.1.0 through 12.0.7.0 IBM App Connect Enterprise version 13.0.1.0 Description: The issue allows a privileged user to obtain JMS credentials under certain configurations. This is related to improper...