CVE-2022-50590 SuiteCRM < 7.12.6 Type Confusion via 'deleteAttachment' Functionality

SuiteCRM versions prior to 7.12.6 contain a type confusion vulnerability within the processing of the ‘module’ parameter within the ‘deleteAttachment’ functionality. Successful exploitation allows remote unauthenticated attackers to alter database objects including changing the email address of t...

[SECURITY] Fedora 42 Update: qt5-qtremoteobjects-5.15.18-1.fc42

Qt Remote Objects QtRO is an inter-process communication IPC module devel oped for Qt...

Security update for python-Django (important)

openSUSE Security Update: Security update for python-Django Announcement ID: openSUSE-SU-2025:0421-1 Rating: important References: 1252926 Cross-References: CVE-2025-64459 Affected Products: openSUSE Backports SLE-15-SP6 An update that fixes one vulnerability is now available. Description: This...

Django vulnerable to SQL injection via _connector keyword argument in QuerySet and Q objects.

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods QuerySet.filter, QuerySet.exclude, and QuerySet.get, and the class Q, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the connector argument...

GHSA-FRMV-PR5F-9MCR Django vulnerable to SQL injection via _connector keyword argument in QuerySet and Q objects.

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods QuerySet.filter, QuerySet.exclude, and QuerySet.get, and the class Q, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the connector argument...

CVE-2025-64459

CVE-2025-64459 affects Django before versions 5.1.14, 4.2.26, and 5.2.8. The vulnerability is a SQL injection in the Django ORM: QuerySet.filter(), QuerySet.exclude(), QuerySet.get(), and the Q() class can be triggered via a crafted dictionary using the _connector argument. Public advisories conf...

CVE-2025-64459 Potential SQL injection via _connector keyword argument in QuerySet and Q objects

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods QuerySet.filter, QuerySet.exclude, and QuerySet.get, and the class Q, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the connector argument...

CVE-2025-64459 Potential SQL injection via _connector keyword argument in QuerySet and Q objects

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods QuerySet.filter, QuerySet.exclude, and QuerySet.get, and the class Q, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the connector argument...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989247)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989247 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/ttm: fix memleak in ttmtransfereddestroy We need to cleanup the fences for ghost objects as...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989258)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989258 advisory. In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix route with nexthop object delete warning FRR folks have hit a kernel warning1 whil...

CVE-2025-12657

The KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Later reads of this object can result in read access violations...

CVE-2025-12657

The KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Later reads of this object can result in read access violations...

UBUNTU-CVE-2025-12657

The KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Later reads of this object can result in read access violations...

CVE-2025-12657 Malformed KMIP response may result in access violation

The KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Later reads of this object can result in read access violations...

CVE-2025-12657

The CVE-2025-12657 issue affects the KMIP response parser built into MongoDB binaries. The parser is overly tolerant of certain malformed KMIP packets, which can cause it to construct invalid objects. Subsequent reads of these objects may trigger read access violations, as described in multiple c...

PT-2025-44795

Name of the Vulnerable Software and Affected Versions MongoDB affected versions not specified Description The KMIP response parser within MongoDB binaries is susceptible to parsing malformed packets with excessive tolerance, potentially creating invalid objects. Subsequent reads of these objects...

MongoDB -- Improper Check for Unusual or Exceptional Conditions

https://jira.mongodb.org/browse/SERVER-101230 reports: The KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Later reads of this object can result in read access violations...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: vxlan: Fix NPD in arp,neighreduce when using nexthop objects When the "proxy" option is enabled on a VXLAN device, the device will suppress ARP requests and IPv6 Neighbor Solicitation messages if it is able to reply on behalf of...

Updated transfig packages fix security vulnerabilities

fig2dev stack-overflow. CVE-2025-46397 fig2dev stack-overflow via readobjects. CVE-2025-46398 fig2dev segmentation fault vulnerability. CVE-2025-46399 fig2dev segmentation fault in readarcobject. CVE-2025-46400...

MGASA-2025-0253 Updated transfig packages fix security vulnerabilities

fig2dev stack-overflow. CVE-2025-46397 fig2dev stack-overflow via readobjects. CVE-2025-46398 fig2dev segmentation fault vulnerability. CVE-2025-46399 fig2dev segmentation fault in readarcobject. CVE-2025-46400...