Important: Red Hat Security Advisory: OpenShift Container Platform 4.14.57 CNF IBU extras update

An update for ibu components is available for Red Hat OpenShift Container Platform 4.14. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the extra ibu container...

[SECURITY] [DLA 4353-1] xorg-server security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4353-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz October 29, 2025 https://wiki.debian.org/LTS -...

PT-2025-45348

Name of the Vulnerable Software and Affected Versions containerd versions 0.1.0 through 1.7.28 containerd versions 2.0.0-beta.0 through 2.0.6 containerd versions 2.1.0-beta.0 through 2.1.4 containerd versions 2.2.0-beta.0 through 2.2.0-rc.1 Description containerd is an open-source container runti...

CVE-2025-12247

A weakness has been identified in Hasleo Backup Suite up to 5.2. Impacted is an unknown function of the component HasleoImageMountService/HasleoBackupSuiteService. This manipulation causes unquoted search path. The attack is restricted to local execution. The attack's complexity is rated as high...

CVE-2025-12203

A weakness has been identified in givanz Vvveb up to 1.0.7.3. This issue affects the function sanitizeFileName of the file system/functions.php of the component Code Editor. Executing a manipulation of the argument File can lead to path traversal. The attack can be launched remotely. The exploit...

CVE-2025-61795

Improper Resource Shutdown or Release vulnerability in Apache Tomcat. If an error occurred including exceeding limits during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to...

CVE-2025-55752

Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the...

CVE-2025-12247

A weakness has been identified in Hasleo Backup Suite up to 5.2. Impacted is an unknown function of the component HasleoImageMountService/HasleoBackupSuiteService. This manipulation causes unquoted search path. The attack is restricted to local execution. The attack's complexity is rated as high...

CVE-2025-12247 Hasleo Backup Suite HasleoImageMountService/HasleoBackupSuiteService unquoted search path

A weakness has been identified in Hasleo Backup Suite up to 5.2. Impacted is an unknown function of the component HasleoImageMountService/HasleoBackupSuiteService. This manipulation causes unquoted search path. The attack is restricted to local execution. The attack's complexity is rated as high...

EUVD-2025-36136

A weakness has been identified in Hasleo Backup Suite up to 5.2. Impacted is an unknown function of the component HasleoImageMountService/HasleoBackupSuiteService. This manipulation causes unquoted search path. The attack is restricted to local execution. The attack's complexity is rated as high...

CVE-2025-12247

CVE-2025-12247 affects Hasleo Backup Suite (up to version 5.2) and specifically the components HasleoImageMountService/HasleoBackupSuiteService. The issue is an unquoted search path in these components, enabling local exploitation. Impact is described as local access with high complexity, and exp...

Malicious Package

Overview cooler-loans-api-get is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

EUVD-2025-36065

A weakness has been identified in givanz Vvveb up to 1.0.7.3. This issue affects the function sanitizeFileName of the file system/functions.php of the component Code Editor. Executing manipulation of the argument File can lead to path traversal. The attack can be launched remotely. The exploit ha...

CVE-2025-12203 givanz Vvveb Code Editor functions.php sanitizeFileName path traversal

A weakness has been identified in givanz Vvveb up to 1.0.7.3. This issue affects the function sanitizeFileName of the file system/functions.php of the component Code Editor. Executing a manipulation of the argument File can lead to path traversal. The attack can be launched remotely. The exploit...

[SECURITY] [DLA 4347-1] intel-microcode security update

Debian LTS Advisory DLA-4347-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost October 25, 2025 https://wiki.debian.org/LTS Package : intel-microcode Version : 3.20250812.1deb11u1 CVE ID : CVE-2025-20053 CVE-2025-20109 CVE-2025-21090 CVE-2025-22839 CVE-2025-22840...

CVE-2016-15048

AMTT Hotel Broadband Operation System HiBOS contains an unauthenticated command injection vulnerability in the /manager/radius/serverping.php endpoint. The application constructs a shell command that includes the user-supplied ip parameter and executes it without proper validation or escaping. An...

[SECURITY] [DLA 4344-1] gdk-pixbuf security update

Debian LTS Advisory DLA-4344-1 [email protected] https://www.debian.org/lts/security/ Carlos Henrique Lima Melara October 22, 2025 https://wiki.debian.org/LTS Package : gdk-pixbuf Version : 2.42.2+dfsg-1+deb11u4 CVE ID : CVE-2025-7345 Debian Bug : 1109262 A vulnerability was found in...

PT-2025-43150

Name of the Vulnerable Software and Affected Versions designthemes Solar Energy versions through 3.5 Description The software contains a flaw due to deserialization of untrusted data, which can lead to object injection. Recommendations Versions prior to 3.5 should be updated...

Security Bulletin: Vulnerability in IBM WebSphere Application (CVE-2025-36124) affects IBM PowerVM Novalink.

Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-36124 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.20.0 security and extras update

Red Hat OpenShift Container Platform release 4.20.0 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.20. Red Hat Product Security has rated this update as having a security impact of...