CVE-2025-12084

When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building excessively nested documents. Mitigation Mitigation for this issue is either not available or the currently...

CVE-2025-58770

APTIOV contains a vulnerability in BIOS where a user may cause “Improper Handling of Insufficient Permissions or Privileges” by local access. Successful exploitation of this vulnerability can lead to escalation of authorization and potentially impact Integrity and Availability...

pgadmin4-9.11-1.1 on GA media (moderate)

pgadmin4-9.11-1.1 on GA media Announcement ID: openSUSE-SU-2025:15818-1 Rating: moderate Cross-References: CVE-2025-12762 CVE-2025-12763 CVE-2025-12764 CVE-2025-12765 CVE-2025-13780 CVSS scores: CVE-2025-12762 SUSE : 9.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L CVE-2025-12762 SUSE : 9.3...

CVE-2025-58770

APTIOV contains a vulnerability in BIOS where a user may cause “Improper Handling of Insufficient Permissions or Privileges” by local access. Successful exploitation of this vulnerability can lead to escalation of authorization and potentially impact Integrity and Availability...

CVE-2025-58770

APTIOV contains a vulnerability in BIOS where a user may cause “Improper Handling of Insufficient Permissions or Privileges” by local access. Successful exploitation of this vulnerability can lead to escalation of authorization and potentially impact Integrity and Availability...

CVE-2025-58770 TCG2 TPM RT Not Locked Issue

APTIOV contains a vulnerability in BIOS where a user may cause “Improper Handling of Insufficient Permissions or Privileges” by local access. Successful exploitation of this vulnerability can lead to escalation of authorization and potentially impact Integrity and Availability...

EUVD-2025-203082

APTIOV contains a vulnerability in BIOS where a user may cause “Improper Handling of Insufficient Permissions or Privileges” by local access. Successful exploitation of this vulnerability can lead to escalation of authorization and potentially impact Integrity and Availability...

CVE-2025-58770 TCG2 TPM RT Not Locked Issue

APTIOV contains a vulnerability in BIOS where a user may cause “Improper Handling of Insufficient Permissions or Privileges” by local access. Successful exploitation of this vulnerability can lead to escalation of authorization and potentially impact Integrity and Availability...

SUSE CVE-2025-60638

An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the NnssfNSSAIAvailability API...

OPENSUSE-SU-2025:15816-1 ImageMagick-7.1.2.10-1.1 on GA media

These are all security issues fixed in the ImageMagick-7.1.2.10-1.1 package on the GA media of openSUSE Tumbleweed...

PT-2025-50941

APTIOV contains a vulnerability in BIOS where a user may cause “Improper Handling of Insufficient Permissions or Privileges” by local access. Successful exploitation of this vulnerability can lead to escalation of authorization and potentially impact Integrity and Availability...

MozillaThunderbird-140.6.0-1.1 on GA media (moderate)

MozillaThunderbird-140.6.0-1.1 on GA media Announcement ID: openSUSE-SU-2025:15814-1 Rating: moderate Cross-References: CVE-2025-14321 CVE-2025-14322 CVE-2025-14323 CVE-2025-14324 CVE-2025-14325 CVE-2025-14328 CVE-2025-14329 CVE-2025-14330 CVE-2025-14331 CVE-2025-14333 CVSS scores: CVE-2025-14321...

OPENSUSE-SU-2025:15818-1 pgadmin4-9.11-1.1 on GA media

These are all security issues fixed in the pgadmin4-9.11-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15817-1 buildpacks-cli-0.39.1-1.1 on GA media

These are all security issues fixed in the buildpacks-cli-0.39.1-1.1 package on the GA media of openSUSE Tumbleweed...

SAP BusinessObjects Business Intelligence Platform DoS (December 2025)

The version of SAP BusinessObjects Business Intelligence Platform installed on the remote host is affected by a denial of service vulnerability as disclosed in the SAP Security Patch Day December 2025: - SAP Business Objects allows an unauthenticated attacker to flood the service due to improper...

OPENSUSE-SU-2025:15814-1 MozillaThunderbird-140.6.0-1.1 on GA media

These are all security issues fixed in the MozillaThunderbird-140.6.0-1.1 package on the GA media of openSUSE Tumbleweed...

EUVD-2025-202412

Bypass vulnerability in the authentication method in the GTT Tax Information System application, related to the Active Directory LDAP login method. Authentication is performed through a local WebSocket, but the web application does not properly validate the authenticity or origin of the data...

CVE-2025-42875

The SAP Internet Communication Framework does not conduct any authentication checks for features that need user identification allowing an attacker to reuse authorization tokens, violating secure authentication practices causing low impact on Confidentiality, Integrity and Availability of the...

CVE-2025-42877

SAP Web Dispatcher, Internet Communication Manager ICM, and SAP Content Server allow an unauthenticated user to exploit logical errors that lead to a memory corruption vulnerability. This results in high impact on the availability with no impact on confidentiality or integrity of the application...

CVE-2025-42928

Under certain conditions, a high privileged user could exploit a deserialization vulnerability in SAP jConnect to launch remote code execution. The system may be vulnerable when specially crafted input is used to exploit the vulnerability resulting in high impact on confidentiality, integrity and...