XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the validation process which use XML Validator with not configured securely. An attacker can access sensitive information from internal files or external resources by submitting specially crafted XM...

Updated strongswan packages fix security vulnerability

Buffer Overflow When Handling EAP-MSCHAPv2 Failure Requests. CVE-2025-62291...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990523)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990523 advisory. In the Linux kernel, the following vulnerability has been resolved: xhci: Fix command ring pointer corruption while aborting a command The command ring pointer is...

CVE-2025-47151

A type confusion vulnerability exists in the lassonodeimplinitfromxml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989074)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989074 advisory. In the Linux kernel, the following vulnerability has been resolved: efi: runtime: avoid EFIv2 runtime services on Apple x86 machines Aditya reports 0 that his recent...

PT-2025-45110

Name of the Vulnerable Software and Affected Versions Entr'ouvert Lasso versions 2.5.1 and 2.8.2 Description A type confusion issue exists within the lasso node impl init from xml function. A specially crafted SAML response can trigger this issue, potentially leading to arbitrary code execution. ...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989446)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989446 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/ioremap: Map EFI-reserved memory as encrypted for SEV Some drivers require memory that is...

EUVD-2025-37511

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...

Astra Linux – Vulnerability in libxml2

A flaw was discovered in the xmlBuildQName function of libxml2. Integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue may result in memory corruption or a denial of service when processing malicious input...

efi: Don't map the entire mokvar table to determine its size

...

WordPress plugin Import WP – Export and Import CSV and XML files to WordPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension that can ...

OESA-2025-2565 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML...

SUSE-SU-2025:3873-1 Security update for strongswan

This update for strongswan fixes the following issues: - CVE-2025-62291: fixed a buffer overflow when handling EAP-MSCHAPv2 failure requests bsc1251941...

CVE-2025-64133

A cross-site request forgery CSRF vulnerability in Jenkins Extensible Choice Parameter Plugin 239.v5f5c278708cf and earlier allows attackers to execute sandboxed Groovy code...

SUSE SLES15: strongswan / strongswan-doc / strongswan-hmac / strongswan-ipsec / etc (SUSE-SU-2025:3857-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:3857-1 advisory. - CVE-2025-62291: fixed buffer overflow when handling EAP-MSCHAPv2 failure requests bsc1251941 Tenable has extracted the preceding descripti...

EUVD-2025-36650

Jenkins Extensible Choice Parameter Plugin vulnerable to cross-site request forgery...

GHSA-3JW2-5HJG-HC2C Jenkins Extensible Choice Parameter Plugin vulnerable to cross-site request forgery

Jenkins Extensible Choice Parameter Plugin 239.v5f5c278708cf and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to execute sandboxed Groovy code. As of publication of this advisory, the...

Cross-site Request Forgery (CSRF)

Overview jp.ikedam.jenkins.plugins:extensible-choice-parameter is a This plugin adds "Extensible Choice" as a build parameter.You can select how to retrieve choices, including the way to share choices among all jobs. Affected versions of this package are vulnerable to Cross-site Request Forgery...

org.jenkins-ci.plugins:maven-artifact-choicelistprovider (>=1.0.3 <=1.9.2) potentially affected by CVE-2025-64133 via jp.ikedam.jenkins.plugins:extensible-choice-parameter (>=1.3.3 <=1.7.0)

jp.ikedam.jenkins.plugins:extensible-choice-parameter MAVEN version =1.3.3, =1.0.3, =1.9.2 Source cves: CVE-2025-64133 Source advisory: OSV:GHSA-3JW2-5HJG-HC2C...

org.jenkins-ci.plugins:maven-artifact-choicelistprovider (>=1.0.3 <=371.ve708f79022db_) potentially affected by CVE-2025-64133 via jp.ikedam.jenkins.plugins:extensible-choice-parameter (>=1.3.3 <=250.va_1cf60782b_1a_)

jp.ikedam.jenkins.plugins:extensible-choice-parameter MAVEN version =1.3.3, =1.0.3, =371.ve708f79022db Source cves: CVE-2025-64133 Source advisory: SNYK:JAVA-JPIKEDAMJENKINSPLUGINS-13775577...