Updated python-django packages fix security vulnerability

Potential SQL injection via connector keyword argument in QuerySet and Q objects. CVE-2025-64459...

MGASA-2025-0292 Updated python-django packages fix security vulnerability

Potential SQL injection via connector keyword argument in QuerySet and Q objects. CVE-2025-64459...

EUVD-2025-180542

@apollo/composition has Improper Enforcement of Access Control on Interface Types and Fields...

PT-2025-47034

Name of the Vulnerable Software and Affected Versions Application Server affected versions not specified Description An authenticated attacker with “aaConfigTools” privilege can modify App Objects’ help files, potentially leading to a persistent cross-site scripting XSS injection. Successful...

Cross-site Scripting (XSS)

Overview vega is a library that implements Vega visualization grammar. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the toString function in environments where the VEGADEBUG global variable is present. An attacker can execute arbitrary JavaScript code by...

CVE-2025-64402

Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used "OLE objects" linked to...

Siemens SIMATIC S7-1500 Use After Free (CVE-2024-26957)

In the Linux kernel, the following vulnerability has been resolved: s390/zcrypt: fix reference counting on zcrypt card objects. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

CVE-2025-64402

Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used "OLE objects" linked to...

CVE-2025-64402 Apache OpenOffice: Remote documents loaded without prompt via OLE objects

Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used "OLE objects" linked to...

CVE-2025-64402

CVE-2025-64402 affects Apache OpenOffice up to 4.1.15. A missing Authorization vulnerability allows documents using OLE objects linked to external files to load those files without prompting the user. Impact: loading external content without user consent. A fix is available in OpenOffice 4.1.16; ...

thunderbird: firefox: Some non-writable Object properties could be modified

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable...

thunderbird: firefox: Some non-writable Object properties could be modified

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable...

thunderbird: firefox: Some non-writable Object properties could be modified

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable...

PT-2025-46582

Name of the Vulnerable Software and Affected Versions Apache OpenOffice versions through 4.1.15 Description Apache OpenOffice documents can contain links. A missing authorization check in Apache OpenOffice allowed an attacker to create a document that would load external links without user...

BIT-DJANGO-2025-64459 Potential SQL injection via _connector keyword argument in QuerySet and Q objects

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods QuerySet.filter, QuerySet.exclude, and QuerySet.get, and the class Q, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the connector argument...

CVE-2025-12657

The KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Later reads of this object can result in read access violations...

thunderbird: firefox: Some non-writable Object properties could be modified

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable...

thunderbird: firefox: Some non-writable Object properties could be modified

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable...

CVE-2022-50590

SuiteCRM versions prior to 7.12.6 contain a type confusion vulnerability within the processing of the ‘module’ parameter within the ‘deleteAttachment’ functionality. Successful exploitation allows remote unauthenticated attackers to alter database objects including changing the email address of t...

CVE-2022-50590

SuiteCRM versions prior to 7.12.6 contain a type confusion vulnerability within the processing of the ‘module’ parameter within the ‘deleteAttachment’ functionality. Successful exploitation allows remote unauthenticated attackers to alter database objects including changing the email address of t...