Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2025:0070-1 Rating: important References: 1237071 1237343 Cross-References: CVE-2025-0999 CVE-2025-1006 CVE-2025-1426 Affected Products: openSUSE Backports SLE-15-SP6 An update that fixes three vulnerabilities is...

Azure Linux 3.0 Security Update: avahi (CVE-2024-52616)

The version of avahi installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-52616 advisory. - A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup,...

Photon OS 4.0: Openssl PHSA-2025-4.0-0758

An update of the openssl package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0758. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2025-25299 Cross-site scripting (XSS) in the real-time collaboration package

CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. During a recent internal audit, a Cross-Site Scripting XSS vulnerability was discovered in the CKEditor 5 real-time collaboration package. This vulnerability affects user markers, which represent users' positions within...

CVE-2025-25299

CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. During a recent internal audit, a Cross-Site Scripting XSS vulnerability was discovered in the CKEditor 5 real-time collaboration package. This vulnerability affects user markers, which represent users' positions within...

CVE-2025-26618

Erlang is a programming language and runtime system for building massively scalable soft real-time systems with requirements on high availability. OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang. Packet si...

CVE-2025-26618 SSH SFTP packet size not verified properly in Erlang OTP

Erlang is a programming language and runtime system for building massively scalable soft real-time systems with requirements on high availability. OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang. Packet si...

CVE-2025-1447 kasuganosoras Pigeon index.php server-side request forgery

A vulnerability was found in kasuganosoras Pigeon 1.0.177. It has been declared as critical. This vulnerability affects unknown code of the file /pigeon/imgproxy/index.php. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. Upgrading t...

CLSA-2025-1739820848 mysql: Fix of 129 CVEs

Update to MySQL 8.0.40 - CVEs fixed: CVE-2024-21201 CVE-2024-21236 CVE-2024-21230 CVE-2024-21160 CVE-2024-21196 CVE-2024-21239 CVE-2024-21173 CVE-2024-21193 CVE-2024-21159 CVE-2024-21135 CVE-2024-20996 CVE-2024-21166 CVE-2024-21157 CVE-2024-21231 CVE-2024-21199 CVE-2024-21207 CVE-2024-21194...

Creative SVG File Upload to Local File Inclusion Vulnerability Affecting 90,000 Sites Patched in Jupiter X Core WordPress Plugin

📢Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

AZL-56977 CVE-2025-1372 affecting package elfutils for versions less than 0.189-4

A vulnerability was found in GNU elfutils 0.192. It has been declared as critical. Affected by this vulnerability is the function dumpdatasection/printstringsection of the file readelf.c of the component eu-readelf. The manipulation of the argument z/x leads to buffer overflow. An attack has to b...

PT-2025-9210

Name of the Vulnerable Software and Affected Versions FFmpeg versions up to 6e26f57f672b05e7b8b052007a83aef99dc81ccb Description A problematic vulnerability has been found in FFmpeg, affecting the function audio element obu of the file libavformat/iamf parse.c of the component IAMF File Handler...

CVE-2025-23419 affecting package nginx for versions less than 1.22.1-13

CVE-2025-23419 affecting package nginx for versions less than 1.22.1-13. A patched version of the package is available...

SUSE CVE-2023-0045

The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ibprctlset function updates the Thread Information Flags TIFs for the task and updates the SPECCTRL MSR on the function speculationctrlupdate, but the IBPB is only issued on the next schedul...

CVE-2023-50358

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later...

CVE-2025-24976

Distribution is a toolkit to pack, ship, store, and deliver container content. Systems running registry versions 3.0.0-beta.1 through 3.0.0-rc.2 with token authentication enabled may be vulnerable to an issue in which token authentication allows an attacker to inject an untrusted signing key in a...

CVE-2025-1178 GNU Binutils ld libbfd.c bfd_putl64 memory corruption

A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. Affected by this vulnerability is the function bfdputl64 of the file libbfd.c of the component ld. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is...

Security Updates for Microsoft SharePoint Server 2016 (February 2025)

The Microsoft SharePoint Server 2016 installation on the remote host is missing security updates. It is, therefore, affected by a Remote Code Execution Vulnerability %NASLMINLEVEL 70300 C Tenable, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid216137;...

CVE-2025-21689

In the Linux kernel, the following vulnerability has been resolved: USB: serial: quatech2: fix null-ptr-deref in qt2processreadurb This patch addresses a null-ptr-deref in qt2processreadurb due to an incorrect bounds check in the following: if newport serial-numports deverr&port-dev, "%s - port...

Azure Linux 3.0 Security Update: kernel (CVE-2024-38583)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-38583 advisory. - In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free of timer for...