SUSE-SU-2025:02048-1 Security update for python312

This update for python312 fixes the following issues: python312 was updated from version 3.12.9 to 3.12.11: - Security issues fixed: CVE-2025-4516: Fixed blocking DecodeError handling vulnerability, which could lead to DoS bsc1243273 CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4517:...

CVE-2025-6295

A vulnerability was found in code-projects Hostel Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /allocatedrooms.php. The manipulation of the argument searchbox leads to sql injection. The attack can be launched...

PT-2025-26286 · Unknown · Code-Projects Online Shoe Store

Name of the Vulnerable Software and Affected Versions: code-projects Online Shoe Store version 1.0 Description: A critical issue was found in the code-projects Online Shoe Store, affecting an unknown functionality of the file /admin/admin running.php. The manipulation of the qty argument leads to...

PT-2025-30839 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists in the Linux kernel's netpoll functionality related to UDP checksum handling. A commit removed the initialization of the UDP checksum field, leading to incorrect...

CVE-2025-6281 OpenBMB XAgent community path traversal

A vulnerability has been found in OpenBMB XAgent up to 1.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /conv/community. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used...

CVE-2025-6173

A vulnerability classified as critical was found in Webkul QloApps 1.6.1. Affected by this vulnerability is an unknown functionality of the file /admin/ajaxproductslist.php. The manipulation of the argument packItself leads to sql injection. The attack can be launched remotely. The exploit has be...

CVE-2022-50072

In the Linux kernel, the following vulnerability has been resolved: NFSv4/pnfs: Fix a use-after-free bug in open If someone cancels the open RPC call, then we must not try to free either the open slot or the layoutget operation arguments, since they are likely still in use by the hung RPC call...

CVE-2025-34508 ZendTo < 6.15-8 Path Traversal

A path traversal vulnerability exists in the file dropoff functionality of ZendTo versions 6.15-7 and prior. This could allow a remote, authenticated attacker to retrieve the files of other ZendTo users, retrieve files on the host system, or cause a denial of service...

CVE-2025-6126

A vulnerability was found in PHPGurukul Rail Pass Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /contact.php. The manipulation of the argument Name leads to cross site scripting. The attack can be launched...

Salt's on demand pillar functionality vulnerable to arbitrary command injections

An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process...

GHSA-J6G5-P62X-58HW vantage6 lacks brute-force protection on change password functionality

Impact If attacker gets access to an authenticated session, they can try to brute-force the user password by using the change password functionality: they can call that route infinitely which will return the message that password is wrong until it is correct Patches This issue has been patched in...

CVE-2025-43863

vantage6 contains a brute-force vulnerability in the change password flow when an attacker has an authenticated session. The issue arises from unlimited password-change attempts via the route, enabling password-guessing and account compromise. Multiple sources (CVEs, advisories, and vendor notes)...

Drupal Commerce Eurobank (Redirect) Incorrect Authorization vulnerability

Incorrect Authorization vulnerability in Drupal Commerce Eurobank Redirect allows Functionality Misuse. This issue affects Commerce Eurobank Redirect: from 0.0.0 before 2.1.1...

GHSA-48WX-8736-JGX2 Drupal Commerce Alphabank Redirect Incorrect Authorization vulnerability

Incorrect Authorization vulnerability in Drupal Commerce Alphabank Redirect allows Functionality Misuse. This issue affects Commerce Alphabank Redirect: from 0.0.0 before 1.0.3...

GHSA-Q9H3-R6WR-P3J3 Drupal Commerce Eurobank (Redirect) Incorrect Authorization vulnerability

Incorrect Authorization vulnerability in Drupal Commerce Eurobank Redirect allows Functionality Misuse. This issue affects Commerce Eurobank Redirect: from 0.0.0 before 2.1.1...

Drupal Commerce Alphabank Redirect Incorrect Authorization vulnerability

Incorrect Authorization vulnerability in Drupal Commerce Alphabank Redirect allows Functionality Misuse. This issue affects Commerce Alphabank Redirect: from 0.0.0 before 1.0.3...

CVE-2025-48445

Incorrect Authorization vulnerability in Drupal Commerce Eurobank Redirect allows Functionality Misuse.This issue affects Commerce Eurobank Redirect: from 0.0.0 before 2.1.1...

CVE-2025-48446

Incorrect Authorization vulnerability in Drupal Commerce Alphabank Redirect allows Functionality Misuse.This issue affects Commerce Alphabank Redirect: from 0.0.0 before 1.0.3...

CVE-2025-48445

Incorrect Authorization vulnerability in Drupal Commerce Eurobank Redirect allows Functionality Misuse.This issue affects Commerce Eurobank Redirect: from 0.0.0 before 2.1.1...

CVE-2025-48446

Incorrect Authorization vulnerability in Drupal Commerce Alphabank Redirect allows Functionality Misuse.This issue affects Commerce Alphabank Redirect: from 0.0.0 before 1.0.3...