PT-2025-36549

Name of the Vulnerable Software and Affected Versions: SAP ABAP Reports affected versions not specified Description: Due to missing input validation in ABAP reports, an attacker with high privilege access could delete the content of arbitrary database tables if the tables are not protected by an...

PT-2025-36815

Name of the Vulnerable Software and Affected Versions: PressTigers ZIP Code Based Content Protection versions through 1.0.0 Description: The software contains a SQL injection issue due to improper neutralization of special elements used in an SQL command. This allows for SQL injection...

PT-2025-36891

Name of the Vulnerable Software and Affected Versions Windows Server Message Block SMB versions prior to September 2025 Patch Tuesday Description The SMB Server may be susceptible to relay attacks depending on the configuration. Successful exploitation of this issue could allow an attacker to...

Siemens User Management Component (UMC)

SUMMARY Siemens' User Management Component UMC is affected by multiple vulnerabilities that could allow an unauthenticated remote attacker to execute arbitrary code or to cause a denial of service condition. Siemens has released a new version for User Management Component UMC and recommends to...

Siemens Industrial Edge Management

SUMMARY Industrial Edge Management is affected by a vulnerability that could allow a remote attacker to cause a denial of service condition. Siemens recommends specific countermeasures for products where fixes are not, or not yet available. 2. GENERAL RECOMMENDATIONS As a general security...

Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP7)

This update for the Linux Kernel 6.4.0-15070073 fixes several issues. The following security issues were fixed: CVE-2025-38087: net/sched: fix use-after-free in tapriodevnotifier bsc1245504. CVE-2025-38001: netsched: hfsc: Address reentrant enqueue adding class to eltree twice bsc1244235...

SUSE-SU-2025:03106-1 Security update for the Linux Kernel RT (Live Patch 0 for SLE 15 SP7)

This update for the Linux Kernel 6.4.0-1507005 fixes several issues. The following security issues were fixed: - CVE-2025-38087: net/sched: fix use-after-free in tapriodevnotifier bsc1245504. - CVE-2025-38001: netsched: hfsc: Address reentrant enqueue adding class to eltree twice bsc1244235. -...

SUSE-SU-2025:03105-1 Security update for the Linux Kernel RT (Live Patch 13 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506001044 fixes several issues. The following security issue was fixed: - CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU bsc1246030...

CVE-2025-57815 Fides Lacks Brute-Force Protections on Authentication Endpoints

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Admin UI login endpoint relies on a general IP-based rate limit for all API traffic and lacks specific anti-automation controls designed to protect against brute-force attacks. This could allow attackers to...

CVE-2025-57815

CVE-2025-57815 (Fides) describes a lack of anti-automation protections on the Admin UI login endpoint prior to version 2.69.1, enabling brute-force style credential testing (credential stuffing/password spraying) against accounts with weak or compromised passwords. Affected product: Fides (Open S...

GHSA-7Q62-R88R-J5GW Fides has a Lack of Brute-Force Protections on Authentication Endpoints

Summary The Fides Admin UI login endpoint relies on a general IP-based rate limit for all API traffic and lacks specific anti-automation controls designed to protect against brute-force attacks. This could allow attackers to conduct credential testing attacks, such as credential stuffing or...

SUSE-SU-2025:03100-1 Security update for the Linux Kernel RT (Live Patch 6 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506001020 fixes several issues. The following security issues were fixed: - CVE-2025-38087: net/sched: fix use-after-free in tapriodevnotifier bsc1245504. - CVE-2025-21999: proc: fix UAF in procgetinode bsc1242579. - CVE-2025-38001: netsched: hfsc: Address...

kernel-rt security update

An update is available for kernel-rt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel-rt packages provide the Real Time Linux Kernel, which enables...

RLSA-2025:13589 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages...

WordPress ZIP Code Based Content Protection plugin <= 1.0.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by RoyTdd in WordPress Plugin ZIP Code Based Content Protection versions = 1.0.0...

Google Android elevation of privilege vulnerability (CNVD-2025-29703)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to a logic error in the updateState function in ContentProtectionTogglePreferenceController.java, which can be exploited by an attacker to elevate...

PT-2025-36508

Name of the Vulnerable Software and Affected Versions: Fides versions prior to 2.69.1 Description: Fides is an open-source privacy engineering platform. The Admin UI login endpoint relies on a general IP-based rate limit and lacks specific anti-automation controls, potentially allowing attackers ...

ROS-20250908-08

A vulnerability in the JSSE component of the Oracle Java SE software platform is related to insufficient validation of the of input data. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to modify, delete and read protected information using th...

gve: prevent ethtool ops after shutdown

...

CVE-2025-32345

In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges...