EUVD-2025-202990

The Kirim.Email WooCommerce Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9. This is due to missing nonce validation on the plugin's settings page. This makes it possible for unauthenticated attackers to modify the plugin's...

GHSA-8FRV-Q972-9RQ5 cggmp24 and cggmp21 are vulnerable to signature forgery through altered presignatures

Impact This attack is against presignatures used in very specific context: Presignatures + HD wallets derivation: security level reduces to 85 bits \ Previously users could generate a presignature, and then choose a HD derivation path while issuing a partial signature via...

CVE-2025-66017 CGGMP21 presignatures can be used in the way that significantly reduces security

CGGMP24 is a state-of-art ECDSA TSS protocol that supports 1-round signing requires 3 preprocessing rounds, identifiable abort, and a key refresh protocol. In versions 0.6.3 and prior of cggmp21 and version 0.7.0-alpha.1 of cggmp24, presignatures can be used in the way that significantly reduces...

EUVD-2025-3984

Malicious code in bioql PyPI...

EUVD-2022-50737

Malicious code in bioql PyPI...

SUSE-SU-2025:02282-1 Security update for umoci

This update for umoci fixes the following issues: Update to umoci v0.5.0. Upstream changelog is available from bsc1243388 A security flaw was found in the OCI image-spec, where it is possible to cause a blob with one media-type to be interpreted as a different media-type. As umoci is not a regist...

CVE-2025-38040 serial: mctrl_gpio: split disable_ms into sync and no_sync APIs

In the Linux kernel, the following vulnerability has been resolved: serial: mctrlgpio: split disablems into sync and nosync APIs The following splat has been observed on a SAMA5D27 platform using atmelserial: BUG: sleeping function called from invalid context at kernel/irq/manage.c:738 inatomic: ...

CVE-2025-43857

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibility for denial of service by memory exhaustion when net-imap reads server responses. At any time while the client is connected, a maliciou...

CVE-2025-24903

libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Prior to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, any contact may forge a sync message, impersonating another device of the local user...

SUSE-SU-2025:20094-1 Security update for python-requests

This update for python-requests contains the following fixes: - Add patch to fix to inject the default CA bundles if they are not specified. bsc1226321, bsc1231500 - Remove Requires on python-py, it should have been removed earlier. - update to 2.32.3: Fixed bug breaking the ability to specify...

Session Launch Failure Issue when Anti Keylogging is enabled [Windows 11 24H2 Update]

On Windows endpoints with the most recent Windows 11 24H2 update, session launches may encounter failures when the anti-keylogging feature App Protection is enabled. This issue is attributed to the changes in Windows system APIs leveraged by App Protection features...

The maintainer of chrono-english is unresponsive

All versions will encounter compilation errors with a chrono version 0.4.35, due to backward incompatible API changes. User conradludgade reworked the original crate and created a fork with the same API surface called interim. The fork is better structured and passes the same test suite as...

RUSTSEC-2024-0395 The maintainer of chrono-english is unresponsive

All versions will encounter compilation errors with a chrono version 0.4.35, due to backward incompatible API changes. User conradludgade reworked the original crate and created a fork with the same API surface called interim. The fork is better structured and passes the same test suite as...

PT-2024-11295

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the netrom protocol in the Linux kernel, where the sock refcount is not properly decreased when sock timers expire. This can lead to an unbalanced sock refcount,...

CVE-2023-42447 blurhash panics on parsing crafted inputs

blurhash-rs is a pure Rust implementation of Blurhash, software for encoding images into ASCII strings that can be turned into a gradient of colors representing the original image. In version 0.1.1, the blurhash parsing code may panic due to multiple panic-guarded out-of-bounds accesses on...

OPENSUSE-SU-2021:1148-1 Security update for grafana

This update for grafana fixes the following issues: - CVE-2021-27358: unauthenticated remote attackers to trigger a Denial of Service via a remote API call bsc1183803 - Update to version 7.5.7: Updated relref to 'Configuring exemplars' section 34240 34243 Added exemplar topic 34147 34226 Quota: D...

openSUSE Security Update : perl-Image-ExifTool (openSUSE-2021-707)

This update for perl-Image-ExifTool fixes the following issues : Update to version 12.25 fixes boo1185547 CVE-2021-22204 - JPEG XL support is now official - Added read support for Medical Research Council MRC image files - Added ability to write a number of 3gp tags in video files - Added a new...

Html Macros should respect authenticated user based on allowlist API

Gadgets have moved to use whitelist.isAllowedURI, Userkey to give more controls to admins to whether allow anonymous users or not. More details on the whitelist API changes can be found here: https://asecurityteam.atlassian.net/browse/VULN-217900 We had to enable the old behaviour of...

CVE-2020-15720

In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests certificate validation. Since the verify parameter was hard-coded in all request functions, it was not possible to override the setting. As a result, tools making use of this class, such as the...

SUSE-SU-2020:0372-1 Security update for LibreOffice

This update libreoffice and libraries fixes the following issues: LibreOffice was updated to 6.3.3 jscSLE-8705, bringing many bug and stability fixes. More information for the 6.3 release at: https://wiki.documentfoundation.org/ReleaseNotes/6.3 Security issue fixed: - CVE-2019-9853: Fixed an issu...