PT-2025-53391

Name of the Vulnerable Software and Affected Versions Pexip Infinity versions 32.0 through 37.1 Description Pexip Infinity, in specific configurations of OTJ One Touch Join for Teams SIP Guest Join, exhibits improper input validation within the OTJ service. This flaw allows a remote attacker to...

PT-2025-52569

Name of the Vulnerable Software and Affected Versions WP Affiliate Disclosure versions through 1.2.6 Description A security issue exists in WP Affiliate Disclosure wp-affiliate-disclosure. The details of the issue are not specified. Recommendations Update WP Affiliate Disclosure to a version late...

[SECURITY] Fedora 43 Update: checkpointctl-1.4.1-1.fc43

The checkpointctl command can be used for in-depth analysis of container checkpoints created with Podman and Kubernetes...

[SECURITY] Fedora 43 Update: vips-8.17.3-1.fc43

VIPS is an image processing library. It is good for very large images even larger than the amount of RAM in your machine, and for working with color. This package should be installed if you want to use a program compiled against VIPS...

CVE-2025-46278

The issue was addressed with improved handling of caches. This issue is fixed in macOS Tahoe 26.2. An app may be able to access protected user data...

GROWI vulnerable to cross-site request forgery

Overview GROWI provided by GROWI, Inc. contains the following vulnerability. Cross-site request forgery CWE-352 - CVE-2025-64700 GROWI, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and GROWI, Inc. coordinated under the Information Security...

Security Bulletin: NVIDIA NeMo Framework - December 2025

NVIDIA has released a software update for NVIDIA® NeMo Framework. To protect your system, clone or update this software to version 2.5.3 or later from NVIDIA/NeMo Framework on NVIDIA GitHub and pypi. Go to NVIDIA Product Security...

SUSE SLES12 Security Update : ucode-intel (SUSE-SU-2025:03052-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03052-1 advisory. - Intel CPU Microcode was updated to the 20250812 release bsc1248438 - CVE-2025-20109: Improper Isolation or Compartmentalization in the strea...

EUVD-2025-203298

A flaw has been found in DecoCMS Mesh up to 1.0.0-alpha.31. Affected by this vulnerability is the function createTool of the file packages/sdk/src/mcp/teams/api.ts of the component Workspace Domain Handler. This manipulation of the argument domain causes improper access controls. The attack can b...

EUVD-2025-203173

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data...

RHSA-2025:23139 Red Hat Security Advisory: libsoup3 security update

Bulletin has no description...

PT-2025-50978

A security vulnerability has been detected in Qualitor up to 8.24.73. The impacted element is an unknown function of the file /Qualitor/html/bc/bcdocumento9/biblioteca/request/viewDocumento.php. Such manipulation of the argument cdscript leads to cross site scripting. It is possible to launch the...

RHSA-2025:23070 Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Product Security and Bug Fix Update

Bulletin has no description...

Huawei EulerOS: Security Advisory for cmake (EulerOS-SA-2025-2517)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-56464

IBM QRadar SIEM 7.5 - 7.5.0 UP14 IF01 is affected by an information disclosure vulnerability involving exposure of directory information. IBM has addressed this vulnerability in the latest update...

WebAuthn app was updated based on public key

None...

BIT-ACTIVEMQ-2022-41678 Apache ActiveMQ: Insufficient API restrictions on Jolokia allow authenticated users to perform RCE

Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandlerhandlePostRequest is able to create JmxRequest...

BIT-ACTIVEMQ-2020-26217 Remote Code Execution in XStream

XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist i...

Advisory ROSA-SA-2025-3092

Software: squid 3.5.20 OS: rosa-server79 unaffected versions = squid-3.5.20-17.0.9.res7.13 affected versions squid-3.5.20-17.0.9.res7.13 CVE-ID: CVE-2025-54574 BDU-ID: 2025-09345 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the Squid proxy server is related to a buffer overflow in dynamic...

CVE-2025-61228

An issue in Shirt Pocket SuperDuper! V.3.10 and before allows a local attacker to execute arbitrary code via the software update mechanism...