[SECURITY] Fedora 42 Update: libell-0.74-1.fc42

The Embedded Linux Library ELL provides core, low-level functionality for system daemons. It typically has no dependencies other than the Linux kernel, C standard library, and libdl for dynamic linking. While ELL is designed to be efficient and compact enough for use on embedded Linux platforms, ...

PT-2025-12295 · Unknown · Mudler/Localai

Name of the Vulnerable Software and Affected Versions: mudler/localai version v2.21.1 mudler/localai versions prior to v2.22.0 Description: The issue arises due to improper sanitization of user input, allowing the injection and execution of arbitrary JavaScript code. This can lead to the executio...

PT-2025-12040 · Librechat · Librechat

Name of the Vulnerable Software and Affected Versions: danny-avila/librechat version v0.7.5-rc2 Description: An improper access control vulnerability exists in the delete attachments functionality. The endpoint does not verify whether the provided attachment ID belongs to the current user, allowi...

PT-2025-12236 · Unknown · Modelscope/Agentscope

Name of the Vulnerable Software and Affected Versions: modelscope/agentscope versions prior to the fix Description: A path traversal vulnerability exists in the save-workflow and load-workflow functionality. This vulnerability allows an attacker to read and write arbitrary JSON files on the...

CVE-2024-10445

Improper certificate validation vulnerability in the update functionality in Synology BeeStation OS BSM before 1.1-65374 and Synology DiskStation Manager DSM before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to write limited files via...

VulnCheck KEV: CVE-2024-3809

The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.9 via the 'slideshowtype' post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute...

Moderate: Red Hat Bug Fix Advisory: mod_proxy_cluster bug fix update

An update for modproxycluster is now available for Red Hat Enterprise Linux 9. The modproxycluster module is a plugin for the Apache HTTP Server that provides load-balancer functionality. Bug Fixes: Rebuild modproxycluster against httpd 2.4.62 JIRA:RHEL-70140 Rebase modproxycluster to upstream...

rust-afterburn bug fix and enhancement update

An update is available for rust-afterburn. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Lin...

PT-2025-11551

Name of the Vulnerable Software and Affected Versions 猫宁i Morning up to bc782730c74ff080494f145cc363a0b4f43f7d3e Description A vulnerability was found in 猫宁i Morning, affecting an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The...

CVE-2024-12245

Logout functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain...

openSUSE 15 Security Update : restic (openSUSE-SU-2025:0091-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2025:0091-1 advisory. - Fixed CVE-2025-22868: golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2 boo1239264 - Update to version...

CVE-2024-55198

User Enumeration via Discrepancies in Error Messages in the Celk Sistemas Celk Saude v.3.1.252.1 password recovery functionality which allows a remote attacker to enumerate users through discrepancies in the responses...

CVE-2024-12245 Blind SQL Injection in Logout

Logout functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain...

CVE-2024-12245

CVE-2024-12245 describes a blind SQL injection flaw in the logout functionality that can be exploited by unauthenticated attackers via time-based techniques to disclose database contents. Several connected records reference this vulnerability with the same core description, noting potential accou...

CVE-2024-12245 Blind SQL Injection in Logout

Logout functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain...

CVE-2024-54447

CVE-2024-54447 affects the LogicalDOC product where the saved search functionality contains a blind SQL injection. The issue can be exploited by authenticated users using a time-based blind SQLi technique to disclose all database contents. Depending on the presence or absence of entries in certai...

CVE-2024-54445 Blind SQLi in Login

Login functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain...

CVE-2025-28872

Missing Authorization vulnerability in jwpegram Block Spam By Math Reloaded block-spam-by-math-reloaded allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Block Spam By Math Reloaded: from n/a through = 2.2.4...

CVE-2025-27773

The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to...

CVE-2025-27433

The Manage Bank Statements in SAP S/4HANA allows authenticated attacker to bypass certain functionality restrictions of the application and upload files to a reversed bank statement. This vulnerability has a low impact on the application's integrity, with no effect on confidentiality and...