CLSA-2025-1758820840 dovecot: Fix of CVE-2020-12674

CVE-2020-12674: fix mishandling of zero length in RPA request to prevent auth service crash...

CVE-2025-9353

The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 7.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access an...

Malicious code in @things-factory/auth-base (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware db891d17c83cd814d4976534e1ff8e7675f41f0c50baedecafab80bcdf4156fb Any computer that has this package installed or running should be considered fully compromised. All...

CLSA-2025-1758034087 kernel: Fix of 24 CVEs

tls: always refresh the queue when reading sock CVE-2025-38471 - Bluetooth: hcicore: Fix use-after-free in vhciflush CVE-2025-38250 - i2c/designware: Fix an initialization issue CVE-2025-38380 - wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds CVE-2025-38159 - mm/hugetlb:...

PT-2025-38075

Name of the Vulnerable Software and Affected Versions: Ilevia EVE X1 Server versions prior to 4.7.18.0.eden Description: Ilevia EVE X1 Server versions prior to 4.7.18.0.eden contain a pre-authentication file disclosure issue via the db log POST parameter. Remote attackers can retrieve arbitrary...

DEBIAN-CVE-2022-50243

In the Linux kernel, the following vulnerability has been resolved: sctp: handle the error returned from sctpauthasocinitactivekey When it returns an error from sctpauthasocinitactivekey, the activekey is actually not updated. The old shkey will be freeed while it's still used as active key in...

Security update for rabbitmq-server313

This update for rabbitmq-server313 fixes the following issues: CVE-2025-50200: Fixed logging of Basic Auth header from an HTTP request bsc1245105 Fixed bad logrotate configuration allowing potential escalation from rabbitmq to root bsc1246091 Patch Instructions: To install this SUSE update use th...

PT-2025-37497

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A use-after-free issue exists in the Linux kernel's SCTP implementation. Specifically, the vulnerability occurs when handling errors returned from the sctp auth asoc init active key...

Linux Distros Unpatched Vulnerability : CVE-2025-58060

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the AuthType is set to...

CVE-2025-58060

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the AuthType is set to anything but Basic, if the request contains an Authorization: Basic ... header, the password is not checked. This results in...

CVE-2025-58060 cups has Authentication bypass with AuthType Negotiate

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the AuthType is set to anything but Basic, if the request contains an Authorization: Basic ... header, the password is not checked. This results in...

CVE-2025-58060 cups has Authentication bypass with AuthType Negotiate

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the AuthType is set to anything but Basic, if the request contains an Authorization: Basic ... header, the password is not checked. This results in...

CVE-2025-58060

Summary: CVE-2025-58060 affects OpenPrinting CUPS and related package updates across Linux distributions, allowing authentication bypass when AuthType is not Basic but the request carries an Authorization: Basic header. The root cause is improper validation in cupsdAuthorize(), which can bypass p...

SUSE-SU-2025:03178-1 Security update for cups

This update for cups fixes the following issues: - CVE-2025-58060: no password check when AuthType is set to anything but Basic and a request is made with an Authorization: Basic header bsc1249049. - CVE-2025-58364: unsafe deserialization and validation of printer attributes leads to NULL pointer...

UBUNTU-CVE-2025-58060

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the AuthType is set to anything but Basic, if the request contains an Authorization: Basic ... header, the password is not checked. This results in...

Moderate: Red Hat Security Advisory: php:8.2 security update

An update for the php:8.2 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

PT-2025-51578

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the Ceph implementation related to MultiFS MDS authentication capabilities. Specifically, the check for authentication capabilities does not validate...

ALSA-2025:15687 Moderate: php:8.2 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with convert.quoted-printable-decode filter CVE-2024-11233 php: Configuring ...

PT-2025-37249

Name of the Vulnerable Software and Affected Versions: OpenPrinting CUPS versions 2.4.12 and earlier Description: OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. When the AuthType is set to anything but Basic, if a request contains an...

RHEL 8 : php:8.2 (RHSA-2025:15687)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:15687 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Leak partial content of the heap...