PT-2025-45449

Name of the Vulnerable Software and Affected Versions ycf1998 money-pos system versions prior to commit 11f276bd20a41f089298d804e43cb1c39d041e59 2025-09-14 Description The ycf1998 money-pos system contains multiple SQL injection vulnerabilities. A remote attacker can potentially execute arbitrary...

CVE-2025-63689

CVE-2025-63689 affects the ycf1998 money-pos system prior to commit 11f276bd20a41f089298d804e43cb1c39d041e59. Multiple SQL injection vulnerabilities exist in the orderby parameter, enabling a remote attacker to execute arbitrary code. Root cause: unsafely constructed SQL with user-controlled orde...

CVE-2025-63687

The CVE-2025-63687 issue affects the rymcu forest project (commit f782e85, 2025-09-04) where the vulnerability exists in AuthorshipAspect.java’s doBefore function. This flaw could allow an authorized attacker to delete arbitrary user posts. Multiple sources (NVD, Red Hat, EUVD/ENISA, CIRCL, CNNVD...

GHSA-FV2R-R8MP-PG48 Soft Serve does not sanitize ANSI escape sequences in user input

Impact In several places where the user can insert data e.g. names, ANSI escape sequences are not being removed, which can then be used, for example, to show fake alerts. In the same token, git messages, when printed, are also not being sanitized. Places in which this was found: 1. Repository...

Soft Serve does not sanitize ANSI escape sequences in user input

Impact In several places where the user can insert data e.g. names, ANSI escape sequences are not being removed, which can then be used, for example, to show fake alerts. In the same token, git messages, when printed, are also not being sanitized. Places in which this was found: 1. Repository...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989380)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989380 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: add error checking to ext4extreplaysetiblocks If the call to ext4mapblocks fails due to an...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990370)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990370 advisory. In the Linux kernel, the following vulnerability has been resolved: nfs: fix UAF in direct writes In production we have been hitting the following warning...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988802)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988802 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix ext4mbmarkbb with flexbg with fastcommit In case of flexbg feature which is by default...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988984)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988984 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: filter out EXT4FCREPLAY from on-disk superblock field sstate The EXT4FCREPLAY bit in...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988981)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988981 advisory. In the Linux kernel, the following vulnerability has been resolved: Fix page corruption caused by racy check in freepages When we upgraded our kernel, we started...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989318)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989318 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: memleak flow rule from commit path Abort path release flow rule object,...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989354)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989354 advisory. In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix an Oops in pnfsmarkrequestcommit when doing ODIRECT Fix an Oopsable condition in...

CVE-2025-10966

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...

Exploit for CVE-2025-62726

N8N Remote Code Execution CVE-2025-62726 POC/Exploit This vul...

Astra Linux - уязвимость в jpeg-xl

There exists a stack buffer overflow in libjxl. A specifically-crafted file can cause the JPEG XL decoder to use large amounts of stack space up to 256mb is possible, maybe 512mb, potentially exhausting the stack. An attacker can craft a file that will cause excessive memory usage. We recommend...

CVE-2025-62726

n8n is an open source workflow automation platform. Prior to 1.113.0, a remote code execution vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n. When a malicious actor clones a remote repository containing a pre-commit hook, the subsequent use ...

EUVD-2025-37317

Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. It has been fixed in the following commit: ...

NFSD: Define a proc_layoutcommit for the FlexFiles layout type

...

SUSE CVE-2025-40087

In the Linux kernel, the following vulnerability has been resolved: NFSD: Define a proclayoutcommit for the FlexFiles layout type Avoid a crash if a pNFS client should happen to send a LAYOUTCOMMIT operation on a FlexFiles layout...

CVE-2025-60950

An arbitrary file upload vulnerability in the Data Preparation function of AIxBlock commit f60975 allows attackers to execute arbitrary code via a crafted SVG file...