Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2022-49138: Bluetooth: hcievent: Fix checking conn for leconncompleteevt bsc1238160. CVE-2023-52923: netfilter: nftables: split async and sync catchall in two...

Invitation Is All You Need! Promptware Attacks against LLM-Powered Assistants in Production Are Practical and Dangerous

The growing integration of LLMs into applications has introduced new security risks, notably known as Promptware - maliciously engineered prompts designed to manipulate LLMs to compromise the CIA triad of these applications. While prior research warned about a potential shift in the threat...

Malicious code in componenet-classes (npm)

The package componenet-classes was found to contain malicious code...

MAL-2025-17453 Malicious code in componenet-classes (npm)

The package componenet-classes was found to contain malicious code...

PT-2025-35957

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.12.0-116.el10.x86 64 Description A flaw was discovered in the Linux kernel's sch ets module related to the handling of queue bands during the purging of unused classes. Specifically, the code used an outdated...

CVE-2025-54869

FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. In versions 2.6.2 and below, any application that uses FPDI to process user-supplied PDF files is at risk, causing a Denial of Service DoS vulnerability. An attacker...

SUSE-SU-2025:02689-1 Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506002342 fixes several issues. The following security issues were fixed: - CVE-2025-37797: netsched: hfsc: Fix a UAF vulnerability in class handling bsc1245793. - CVE-2025-37752: netsched: schsfq: move the limit validation bsc1245776. - CVE-2025-21702:...

CVE-2025-54026

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in QuanticaLabs GymBase Theme Classes gymbaseclasses allows SQL Injection.This issue affects GymBase Theme Classes: from n/a through = 1.4...

Exploit for Deserialization of Untrusted Data in Apache Parquet_Java

CVE-2025-30065 == Dangerous Deserialization in Parquet-Avro 🔥...

WordPress GymBase Theme Classes plugin <= 1.4 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin GymBase Theme Classes versions = 1.4...

CVE-2025-54026

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in QuanticaLabs GymBase Theme Classes gymbaseclasses allows SQL Injection.This issue affects GymBase Theme Classes: from n/a through = 1.4...

CVE-2025-54026

CVE-2025-54026 corresponds to a SQL Injection vulnerability in GymBase Theme Classes (WordPress plugin). Affected versions are from n/a through 1.4; root cause cited as improper neutralization of SQL elements. Evidence from multiple sources confirms the issue is a database query vulnerability tha...

CVE-2025-54026 WordPress GymBase Theme Classes plugin <= 1.4 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in QuanticaLabs GymBase Theme Classes gymbaseclasses allows SQL Injection.This issue affects GymBase Theme Classes: from n/a through = 1.4...

PT-2025-29754 · Unknown · Gymbase Theme Classes

Name of the Vulnerable Software and Affected Versions: GymBase Theme Classes versions n/a through 1.4 Description: GymBase Theme Classes suffers from a SQL Injection issue due to improper neutralization of special elements used in an SQL command. This allows for potential SQL Injection attacks...

WordPress plugin GymBase Theme Classes SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. WordPress GymBase Theme Classes suffers from a SQL injection vulnerability that stems from improper neutralization of special elements in SQL commands, which can be exploit...

Reporte De Vulnerabilidades En IIoT. Proyecto DEFENDER

The main objective of this technical report is to conduct a comprehensive study on devices operating within Industrial Internet of Things IIoT environments, describing the scenarios that define this category and analysing the vulnerabilities that compromise their security. To this end, the report...

Pre-School Enrollment System Project Directory Traversal Vulnerability

The Pre-School Enrollment System Project is a preschool enrollment system project. A directory traversal vulnerability exists in Pre-School Enrollment System Project, which stems from a lack of validity checking of paths when handling directory requests in manage-classes.php, and can be exploited...

CVE-2025-34067 Hikvision Integrated Security Management Platform Remote Command Execution via applyCT Fastjson

An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a vulnerable version of the Fastjson library. The endpoint /bic/ssoService/v1/applyCT deserializes untrusted user input, allowing an...

Conductor vulnerable to OS command injection through unrestricted access to Java classes

Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes...

GHSA-8GQP-HR9G-PG62 Conductor vulnerable to OS command injection through unrestricted access to Java classes

Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes...