SUSE-SU-2025:02491-1 Security update 5.0.5 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - Security issues fixed: - CVE-2024-38822: Fixed Minion token validation bsc1244561 - CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 - CVE-2024-38824: Fixed directory...

DB-GPT 命令注入漏洞

DB-GPT is an AWEL and agent-based AI native data application development framework open-sourced by eosphoros. A security vulnerability exists in DB-GPT version 0.7.0, which stems from a file upload vulnerability in agent.hub.controller.refreshplugins that could lead to the execution of arbitrary...

Malicious code in vitejs-plugin-refresh (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 243a4e663f29ec03aed634b87165dccaf6f345b2e1c92479b95ef6fd28474ba5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5970 Malicious code in vitejs-plugin-refresh (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 243a4e663f29ec03aed634b87165dccaf6f345b2e1c92479b95ef6fd28474ba5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-53642

haxcms-nodejs and haxcms-php are backends for HAXcms. The logout function within the application does not terminate a user's session or clear their cookies. Additionally, the application issues a refresh token when logging out. This vulnerability is fixed in 11.0.6...

CVE-2025-53642

haxcms-nodejs and haxcms-php are backends for HAXcms. The logout function within the application does not terminate a user's session or clear their cookies. Additionally, the application issues a refresh token when logging out. This vulnerability is fixed in 11.0.6...

CVE-2025-53642 haxcms-nodejs and haxcms-php Improperly Terminate Sessions

haxcms-nodejs and haxcms-php are backends for HAXcms. The logout function within the application does not terminate a user's session or clear their cookies. Additionally, the application issues a refresh token when logging out. This vulnerability is fixed in 11.0.6...

CVE-2025-53642 haxcms-nodejs and haxcms-php Improperly Terminate Sessions

haxcms-nodejs and haxcms-php are backends for HAXcms. The logout function within the application does not terminate a user's session or clear their cookies. Additionally, the application issues a refresh token when logging out. This vulnerability is fixed in 11.0.6...

CVE-2025-53642

The CVE concerns haxcms-nodejs and haxcms-php backends for HAXcms. The logout flow does not terminate the user session or clear cookies, and a refresh token is issued on logout, enabling potential continued access. Affected versions are haxcms-nodejs and haxcms-php prior to 11.0.6. The issue is m...

CVE-2025-53642 haxcms-nodejs and haxcms-php Improperly Terminate Sessions

haxcms-nodejs and haxcms-php are backends for HAXcms. The logout function within the application does not terminate a user's session or clear their cookies. Additionally, the application issues a refresh token when logging out. This vulnerability is fixed in 11.0.6...

PT-2025-29270 · Unknown · Hax Cms Php +1

Name of the Vulnerable Software and Affected Versions: haxcms-nodejs versions prior to 11.0.6 haxcms-php versions prior to 11.0.6 Description: The logout function does not properly terminate user sessions or clear cookies. A refresh token is issued during logout, potentially allowing continued...

SUSE CVE-2025-38312

In the Linux kernel, the following vulnerability has been resolved: fbdev: core: fbcvt: avoid division by 0 in fbcvthperiod In fbfindmodecvt, iff mode-refresh somehow happens to be 0x80000000, cvt.frefresh will become 0 when multiplying it by 2 due to overflow. It's then passed to fbcvthperiod,...

AZL-64979 CVE-2025-38312 affecting package kernel for versions less than 6.6.96.1-1

In the Linux kernel, the following vulnerability has been resolved: fbdev: core: fbcvt: avoid division by 0 in fbcvthperiod In fbfindmodecvt, iff mode-refresh somehow happens to be 0x80000000, cvt.frefresh will become 0 when multiplying it by 2 due to overflow. It's then passed to fbcvthperiod,...

DEBIAN-CVE-2025-38312

In the Linux kernel, the following vulnerability has been resolved: fbdev: core: fbcvt: avoid division by 0 in fbcvthperiod In fbfindmodecvt, iff mode-refresh somehow happens to be 0x80000000, cvt.frefresh will become 0 when multiplying it by 2 due to overflow. It's then passed to fbcvthperiod,...

CVE-2025-38312 fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod()

In the Linux kernel, the following vulnerability has been resolved: fbdev: core: fbcvt: avoid division by 0 in fbcvthperiod In fbfindmodecvt, iff mode-refresh somehow happens to be 0x80000000, cvt.frefresh will become 0 when multiplying it by 2 due to overflow. It's then passed to fbcvthperiod,...

CVE-2025-53099

CVE-2025-53099 affects Sentry prior to 25.5.0. A race condition in handling of OAuth authorization codes could allow a malicious OAuth app to maintain persistence on a user’s account via timed requests/redirect flows and multiple authorization codes. The issue is mitigated by upgrading self-hoste...

MAL-2025-5529 Malicious code in vite-plugin-next-refresh (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9098ebfb041888a88d100e173f83f951824eb6f393098d122919bb472a320dc0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

The vulnerability of the refresh_cache_worker() function in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the refreshcacheworker function in the Linux operating system’s kernel is related to errors that occur after deallocation. Exploiting this vulnerability can allow an attacker to cause a service failure...

Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 45. Security issues fixed: Oracle April 15 2025 CPU bsc1242208 CVE-2025-21587: unauthorized access, deletion and modification of critical data via the JSSE component bsc1241274. CVE-2025-30691:...

SUSE-SU-2025:01770-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 45. Security issues fixed: - Oracle April 15 2025 CPU bsc1242208 CVE-2025-21587: unauthorized access, deletion and modification of critical data via the JSSE component bsc1241274. CVE-2025-30691...