The vulnerability of the netdev_lock() function in the iavf component of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the netdevlock function in the iavf component of the Linux operating system is related to mutual locking of execution threads. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

OPENSUSE-SU-2025:15348-1 FastCGI-2.4.6-1.1 on GA media

These are all security issues fixed in the FastCGI-2.4.6-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15353-1 rustup-1.28.2~0-1.1 on GA media

These are all security issues fixed in the rustup-1.28.20-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15350-1 chromedriver-138.0.7204.157-1.1 on GA media

These are all security issues fixed in the chromedriver-138.0.7204.157-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15351-1 fractal-12.beta+14-1.1 on GA media

These are all security issues fixed in the fractal-12.beta+14-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15352-1 kubelogin-0.2.10-1.1 on GA media

These are all security issues fixed in the kubelogin-0.2.10-1.1 package on the GA media of openSUSE Tumbleweed...

BIT-PHP-MIN-2025-6491 NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 when parsing XML data in SOAP extensions, overly large 2Gb XML namespace prefix may lead to null pointer dereference. This may lead to crashes and affect the availability of the target server...

CVE-2025-52688

CVE-2025-52688 — Command injection in OmniAccess Stellar Web Management Interface Source documents confirm a root-level command injection vulnerability affecting Alcatel-Lucent Enterprise Enterprise Wi‑Fi APs (notably AP13161/AP1361D family) via the OmniAccess Stellar Web Management Interface. Th...

The vulnerability of the Sherpa Orchestrator component of the Sherpa RPA process automation platform allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Sherpa Orchestrator component of the Sherpa RPA process automation platform is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of...

Alcatel-Lucent Enterprise AP1361D Wi-Fi Access Point 安全漏洞

The Alcatel-Lucent Enterprise AP1361D Wi-Fi Access Point is a WiFi access point from Alcatel-Lucent Enterprise, France. A security vulnerability exists in the Alcatel-Lucent Enterprise AP1361D Wi-Fi Access Point that originates from the possibility of executing arbitrary commands with root...

PT-2025-29696 · Unknown · Access Point

Name of the Vulnerable Software and Affected Versions: Access point affected versions not specified Description: Successful exploitation of the issue could allow an attacker to inject commands with root privileges on the access point, potentially leading to the loss of confidentiality, integrity,...

CVE-2025-53023

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 8.0.0-8.0.42. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac...

CVE-2025-50099

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2025-50089

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 9.0.0-9.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks ...

CVE-2025-50076

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.0-8.0.25. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

CVE-2025-53027

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle ...

Security update for the Linux Kernel

This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE update use the SUSE...

DEBIAN-CVE-2025-6491

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 when parsing XML data in SOAP extensions, overly large 2Gb XML namespace prefix may lead to null pointer dereference. This may lead to crashes and affect the availability of the target server...

CVE-2025-6491

CVE-2025-6491 causes a NULL pointer dereference in the PHP SOAP extension when parsing XML data with very large ( >2 GB) XML namespace prefixes, leading to server crashes and potential availability impact. It affects PHP versions across 8.1–8.4 series before patched releases; patched versions ...

CVE-2025-6491 NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 when parsing XML data in SOAP extensions, overly large 2Gb XML namespace prefix may lead to null pointer dereference. This may lead to crashes and affect the availability of the target server...