CVE-2023-53926 PHPJabbers Simple CMS 5.0 SQL Injection via Column Parameter

PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads through the 'column' parameter in the index.php endpoint to potentially extract or modify database...

Important: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

PT-2025-54577

Name of the Vulnerable Software and Affected Versions Google Chrome affected versions not specified Description A flaw exists in the JavaScript engine V8 within the Google Chrome browser, relating to incorrect security checks for standard elements. Successful exploitation could allow a remote...

tika-core: tika-parsers: tika-parser-pdf-module: Apache Tika core, Apache Tika parsers, Apache Tika PDF parser module: Update to CVE-2025-54988 to expand scope of artifacts affected

A XML External Entity XXE injection vulnerability was found in the Apache Tika framework's PDF parsing functionality. It could allow a remote, unauthenticated attacker to exploit the system by providing a specially crafted PDF containing an XFA XML Forms Architecture file. This flaw could lead to...

CLSA-2025-1765451524 Fix CVE(s): CVE-2025-53057, CVE-2025-53066, CVE-2025-61748

OpenJDK 8u472 release - CVE-2025-53057: fix unauthorized remote data-modification - CVE-2025-53066: fix unauthorized remote data access - CVE-2025-61748: fix limited remote unauthorized data modification - Release notes: https://mail.openjdk.org/pipermail/jdk8u-dev/2025-October/thread.html...

Qnap QTS and QuTS hero Improper Neutralization of CRLF Sequences (CVE-2024-48868)

An improper neutralization of CRLF sequences 'CRLF Injection' vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in the following version...

Qnap QTS and QuTS hero Use of Externally-Controlled Format String (CVE-2024-50396)

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QT...

CLSA-2025-1765386044 Fix CVE(s): CVE-2025-53057, CVE-2025-53066, CVE-2025-61748

OpenJDK 8u472 release - CVE-2025-53057: fix unauthorized remote data-modification - CVE-2025-53066: fix unauthorized remote data access - CVE-2025-61748: fix limited remote unauthorized data modification - Release notes: https://mail.openjdk.org/pipermail/jdk8u-dev/2025-October/thread.html...

kernel: NFS: Fix a race when updating an existing write

A flaw use after free in the Linux kernel NFS functionality was found in the way connected user sends malicious data to the server. A remote user could use this flaw to crash the system...

ComposioHQ has a directory traversal vulnerability

Directory Traversal vulnerability in ComposioHQ v.0.7.20 allows a remote attacker to obtain sensitive information via the downloadfileordir function...

Advisory ROSA-SA-2025-3112

Software: cairo 1.15.12 OS: ROSA Virtualization 2.1 packageevrstring: cairo-1.15.12-6.rv3 CVE-ID: CVE-2020-35492 BDU-ID: 2021-03445 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the image-compositor.c component of the Cairo vector graphics library is related to a data stack buffer overflow...

Advisory ROSA-SA-2025-3110

Software: ncurses 6.1 OS: ROSA Virtualization 2.1 packageevrstring: ncurses-6.1-10.20180224.0.1.rv3 CVE-ID: CVE-2021-39537 BDU-ID: 2023-07626 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the nccaptoinfo function of the captoinfo.c component of the Ncurses terminal I/O control library involve...

CVE-2025-58488

Improper verification of source of a communication channel in SmartTouchCall prior to version 1.0.1.1 allows remote attackers to access sensitive information. User interaction is required for triggering this vulnerability...

CVE-2025-58488

The connected Red Hat, NVD, CVE Registry, and vendor records confirm CVE-2025-58488 affects Samsung SmartTouchCall prior to version 1.0.1.1. The root cause is improper verification of the origin of a communication channel, which could allow a remote attacker to access sensitive information. Explo...

CVE-2025-58488

Improper verification of source of a communication channel in SmartTouchCall prior to version 1.0.1.1 allows remote attackers to access sensitive information. User interaction is required for triggering this vulnerability...

openjdk: Enhance Path Factories (Oracle CPU 2025-10)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle...

Peppol-py is vulnerable to XXE attacks due to Saxon configuration

Peppol-py before 1.1.1 allows XXE attacks because of the Saxon configuration. When validating XML-based invoices, the XML parser could read files from the filesystem and expose their content to a remote host...

CVE-2025-66371

Peppol-py before 1.1.1 allows XXE attacks because of the Saxon configuration. When validating XML-based invoices, the XML parser could read files from the filesystem and expose their content to a remote host...

EUVD-2025-199852

Peppol-py before 1.1.1 allows XXE attacks because of the Saxon configuration. When validating XML-based invoices, the XML parser could read files from the filesystem and expose their content to a remote host...

CVE-2025-59369

A SQL injection vulnerability has been identified in bwdpi. A remote, authenticated attacker could leverage this vulnerability to potentially execute arbitrary SQL queries, leading to unauthorized data access. Refer to the 'Security Update for ASUS Router Firmware' section on the ASUS Security...