CVE-2025-48446 Commerce Alphabank Redirect - Moderately critical - Access bypass - SA-CONTRIB-2025-067

Incorrect Authorization vulnerability in Drupal Commerce Alphabank Redirect allows Functionality Misuse.This issue affects Commerce Alphabank Redirect: from 0.0.0 before 1.0.3...

CVE-2025-48446

CVE-2025-48446: Drupal Commerce Alphabank Redirect has an Incorrect Authorization vulnerability enabling functionality misuse. Affected versions are 0.0.0 through 1.0.2; the issue is mitigated by upgrading to 1.0.3. CVSS v3.1 base score 8.8 (High) with NETWORK attack vector, no privileges require...

CVE-2025-48446 Commerce Alphabank Redirect - Moderately critical - Access bypass - SA-CONTRIB-2025-067

Incorrect Authorization vulnerability in Drupal Commerce Alphabank Redirect allows Functionality Misuse.This issue affects Commerce Alphabank Redirect: from 0.0.0 before 1.0.3...

CVE-2025-48445

CVE-2025-48445 is an Incorrect Authorization vulnerability in Drupal Commerce Eurobank (Redirect) that allows functionality misuse. Affected versions are 0.0.0 through 2.1.0 (officially noted as before 2.1.1); the issue enables bypassing authorization controls to perform unauthorized actions with...

CVE-2025-48445 Commerce Eurobank (Redirect) - Moderately critical - Access bypass - SA-CONTRIB-2025-066

Incorrect Authorization vulnerability in Drupal Commerce Eurobank Redirect allows Functionality Misuse.This issue affects Commerce Eurobank Redirect: from 0.0.0 before 2.1.1...

CVE-2025-48445 Commerce Eurobank (Redirect) - Moderately critical - Access bypass - SA-CONTRIB-2025-066

Incorrect Authorization vulnerability in Drupal Commerce Eurobank Redirect allows Functionality Misuse.This issue affects Commerce Eurobank Redirect: from 0.0.0 before 2.1.1...

[SECURITY] Fedora 42 Update: qt6-qtscxml-6.9.1-1.fc42

The Qt SCXML module provides functionality to create state machines from SCXM L files. This includes both dynamically creating state machines loading the SCXML file and instantiating states and transitions and generating a C++ file that has a class implementing the state machine. It also contains...

[SECURITY] Fedora 42 Update: kddockwidgets-1.7.0-23.fc42

Qt dock widget library written by KDAB, suitable for replacing QDockWidget and implementing advanced functionalities missing in Qt...

OS Command Injection

@haxtheweb/haxcms-nodejs is vulnerable to OS command injection. The vulnerability is due to insufficient input validation in the gitImportSite functionality, which allows attacker-controlled input to reach the procopen function through a crafted URL string...

PT-2025-25231 · Ibm · Ibm Cognos Analytics

Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.2.0 through 12.0.4 Description: The issue allows a privileged user to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within...

CVE-2025-5985

A vulnerability was found in code-projects School Fees Payment System 1.0 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to improper authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may ...

CVE-2025-49133

The CVE-2025-49133 entry affects libtpms, a TPM functionality library for virtual machines, with a flaw in CryptHmacSign that pairs signKey (ALG_KEYEDHASH) with inScheme (ECC/RSA) leading to an out-of-bounds read. The issue can be triggered by sending malicious TPM 2.0 commands to a vTPM (swtpm) ...

CVE-2025-49133 Libtpms contains a possible out-of-bound access and abort due to HMAC signing issue

Libtpms is a library that targets the integration of TPM functionality into hypervisors, primarily into Qemu. Libtpms, which is derived from the TPM 2.0 reference implementation code published by the Trusted Computing Group, is prone to a potential out of bounds OOB read vulnerability. The...

CVE-2024-13089 Authenticated RCE in update functionality in Guardian/CMC before 24.6.0

An OS command injection vulnerability within the update functionality may allow an authenticated administrator to execute unauthorized arbitrary OS commands. Users with administrative privileges may upload update packages to upgrade the versions of Nozomi Networks Guardian and CMC. While these...

CVE-2024-13089 Authenticated RCE in update functionality in Guardian/CMC before 24.6.0

An OS command injection vulnerability within the update functionality may allow an authenticated administrator to execute unauthorized arbitrary OS commands. Users with administrative privileges may upload update packages to upgrade the versions of Nozomi Networks Guardian and CMC. While these...

June 10, 2025—Hotpatch KB5060525 (OS Build 20348.3745)

June 10, 2025—Hotpatch KB5060525 OS Build 20348.3745 Improvements and fixes This security update includes quality improvements. The following summary outlines key issues addressed by the KB update after you install it. This update makes miscellaneous security improvements to internal OS...

June 10, 2025—KB5060998 (OS Build 10240.21034)

June 10, 2025—KB5060998 OS Build 10240.21034 Important Windows updates do not install Microsoft Store application updates. If you are an enterprise user, see Microsoft Store apps - Configuration Manager. If you are a consumer user, see Get updates for apps and games in Microsoft Store. For...

Authenticated RCE in update functionality in Guardian/CMC before 24.6.0

Summary An OS command injection vulnerability within the update functionality may allow an authenticated administrator to execute unauthorized arbitrary OS commands. Impact Users with administrative privileges may upload update packages to upgrade the versions of Nozomi Networks Guardian and CMC...

PT-2025-24647 · Nozomi Networks · Nozomi Networks Guardian +1

Name of the Vulnerable Software and Affected Versions: Nozomi Networks Guardian and CMC affected versions not specified Description: An OS command injection issue exists within the update functionality, potentially allowing authenticated administrators to execute unauthorized arbitrary OS command...

CVE-2025-48139 WordPress StyleAI <= 1.0.4 - Broken Access Control Vulnerability

Missing Authorization vulnerability in relentlo StyleAI allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects StyleAI: from n/a through 1.0.4...