[SECURITY] [DLA 4403-1] tzdata new timezone database

------------------------------------------------------------------------- Debian LTS Advisory DLA-4403-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort December 12, 2025 https://wiki.debian.org/LTS -...

EUVD-2025-31736

Malicious code in bioql PyPI...

CVE-2025-52050

In Frappe ERPNext 15.57.5, the function getloyaltyprogramdetailswithpoints at erpnext/accounts/doctype/loyaltyprogram/loyaltyprogram.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the expirydate parameter...

PT-2025-39992

Name of the Vulnerable Software and Affected Versions Frappe ERPNext version 15.57.5 Description The get loyalty program details with points function located at erpnext/accounts/doctype/loyalty program/loyalty program.py is susceptible to SQL Injection. An attacker can inject a SQL query into the...

CVE-2025-52050

In Frappe ERPNext 15.57.5, the function getloyaltyprogramdetailswithpoints at erpnext/accounts/doctype/loyaltyprogram/loyaltyprogram.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the expirydate parameter...

op5 Monitor Persistent Session Cookie

The remote web server has a version of op5 Monitor that improperly handles session cookies. The application sets an expiry date on cookies, causing logins to persist across sessions. Additionally, cookies are not reissued after login. Note that most versions affected by this vulnerability are als...

ROS-2-3337

2.3337 Notification on the update of the Red OS OPERATIONAL SYSTEM MIS RED SOFT LLC notifies of the renewal of the previously obtained certificate of conformity of FSTEC of Russia 4060 until 12.01.2029 of the operating system "RED OS", decimal number RU.29926343.02.01-01. You can contact the...