kernel: crypto: seqiv - Handle EBUSY correctly

In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Handle EBUSY correctly As it is seqiv only handles the special return value of EINPROGERSS, which means that in all other cases it will free data related to the request. However, as the caller of seqiv may specify...

RHEL 7 : kernel (RHSA-2025:21063)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21063 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: HID: core: fix...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990882)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990882 advisory. In the Linux kernel, the following vulnerability has been resolved: genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline The absence of IRQDMOVEPCNT...

Malicious code in zain-soto97-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ba2cd5b25bac11c37c4d882531ce1ecabc4817c022881b88520a9ac81dd53b7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Important: Red Hat Security Advisory: qt6-qtsvg security update

An update for qt6-qtsvg is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

EUVD-2025-60966

The Progress Bar Blocks for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-leve...

CVE-2025-12880 Progress Bar Blocks for Gutenberg <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG

The Progress Bar Blocks for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-leve...

CVE-2025-12880 Progress Bar Blocks for Gutenberg <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG

The Progress Bar Blocks for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-leve...

PT-2025-46240

Name of the Vulnerable Software and Affected Versions SAP CommonCryptoLib affected versions not specified Description SAP CommonCryptoLib does not perform necessary boundary checks during pre-authentication parsing of manipulated ASN.1 data over the network. This can lead to memory corruption and...

PT-2025-46298

Name of the Vulnerable Software and Affected Versions Progress Bar Blocks for Gutenberg plugin for WordPress versions prior to 1.0.1 Description The Progress Bar Blocks for Gutenberg plugin for WordPress is susceptible to Stored Cross-Site Scripting through SVG File uploads. Insufficient input...

PT-2025-46324

Name of the Vulnerable Software and Affected Versions Blocksy Companion plugin for WordPress versions up to and including 2.1.19 Description The Blocksy Companion plugin for WordPress is susceptible to authenticated arbitrary file upload due to insufficient file type validation. Specifically, the...

SUSE-SU-2025:4036-1 Security update for the Linux Kernel (Live Patch 32 for SUSE Linux Enterprise 15 SP4)

This update for the SUSE Linux Enterprise kernel 5.14.21-150400.24.136 fixes various security issues The following security issues were fixed: - CVE-2022-50252: igb: Do not free qvector unless new one was allocated bsc1249847. - CVE-2024-53164: net: sched: fix ordering of qlen adjustment...

SUSE-SU-2025:4024-1 Security update for the Linux Kernel (Live Patch 63 for SUSE Linux Enterprise 12 SP5)

This update for the SUSE Linux Enterprise kernel 4.12.14-122.237 fixes various security issues The following security issues were fixed: - CVE-2022-50252: igb: Do not free qvector unless new one was allocated bsc1249847. - CVE-2025-38617: net/packet: fix a race in packetsetring and packetnotifier...

Lucee Administration Panel Login Form Detected

Lucee Administration Panel has been detected on the target web application. This may present an attacker with an exploit vector which could be leveraged using other techniques, such as a Brute-Force or Dictionary Attack, allowing an attacker to gain access to administrative functionality. No sour...

Security update for the Linux Kernel (Live Patch 61 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059218 fixes several issues. The following security issues were fixed: CVE-2022-50248: wifi: iwlwifi: mvm: fix double free on tx path bsc1249841. CVE-2025-38664: ice: Fix a null pointer dereference in icecopyandinitpkg bsc1248631. CVE-2022-50252: igb: ...

CVE-2025-64343

conda Constructor is a tool that enables users to create installers for conda package collections. In versions 3.12.2 and below, the installation directory inherits permissions from its parent directory. Outside of restricted directories, the permissions are very permissive and often allow write...

CVE-2025-64343 (conda) Constructor: Excessive permissions during and after installation

conda Constructor is a tool that enables users to create installers for conda package collections. In versions 3.12.2 and below, the installation directory inherits permissions from its parent directory. Outside of restricted directories, the permissions are very permissive and often allow write...

EUVD-2025-38241

conda Constructor is a tool that enables users to create installers for conda package collections. In versions 3.12.2 and below, the installation directory inherits permissions from its parent directory. Outside of restricted directories, the permissions are very permissive and often allow write...

CVE-2025-64343 (conda) Constructor: Excessive permissions during and after installation

conda Constructor is a tool that enables users to create installers for conda package collections. In versions 3.12.2 and below, the installation directory inherits permissions from its parent directory. Outside of restricted directories, the permissions are very permissive and often allow write...

CVE-2025-64343

CVE-2025-64343 affects the conda Constructor tool. In versions 3.12.2 and earlier, the installation directory inherits permissions from its parent, and outside restricted directories those permissions can permit write access by authenticated users. Any logged-in user could modify during installat...