CVE-2025-12657

The KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Later reads of this object can result in read access violations...

thunderbird: firefox: Some non-writable Object properties could be modified

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable...

thunderbird: firefox: Some non-writable Object properties could be modified

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable...

CVE-2022-50590

SuiteCRM versions prior to 7.12.6 contain a type confusion vulnerability within the processing of the ‘module’ parameter within the ‘deleteAttachment’ functionality. Successful exploitation allows remote unauthenticated attackers to alter database objects including changing the email address of t...

CVE-2022-50590

SuiteCRM versions prior to 7.12.6 contain a type confusion vulnerability within the processing of the ‘module’ parameter within the ‘deleteAttachment’ functionality. Successful exploitation allows remote unauthenticated attackers to alter database objects including changing the email address of t...

CVE-2022-50590 SuiteCRM < 7.12.6 Type Confusion via 'deleteAttachment' Functionality

SuiteCRM versions prior to 7.12.6 contain a type confusion vulnerability within the processing of the ‘module’ parameter within the ‘deleteAttachment’ functionality. Successful exploitation allows remote unauthenticated attackers to alter database objects including changing the email address of t...

[SECURITY] Fedora 42 Update: qt5-qtremoteobjects-5.15.18-1.fc42

Qt Remote Objects QtRO is an inter-process communication IPC module devel oped for Qt...

Security update for python-Django (important)

openSUSE Security Update: Security update for python-Django Announcement ID: openSUSE-SU-2025:0421-1 Rating: important References: 1252926 Cross-References: CVE-2025-64459 Affected Products: openSUSE Backports SLE-15-SP6 An update that fixes one vulnerability is now available. Description: This...

Django vulnerable to SQL injection via _connector keyword argument in QuerySet and Q objects.

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods QuerySet.filter, QuerySet.exclude, and QuerySet.get, and the class Q, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the connector argument...

GHSA-FRMV-PR5F-9MCR Django vulnerable to SQL injection via _connector keyword argument in QuerySet and Q objects.

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods QuerySet.filter, QuerySet.exclude, and QuerySet.get, and the class Q, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the connector argument...

CVE-2025-64459

CVE-2025-64459 affects Django before versions 5.1.14, 4.2.26, and 5.2.8. The vulnerability is a SQL injection in the Django ORM: QuerySet.filter(), QuerySet.exclude(), QuerySet.get(), and the Q() class can be triggered via a crafted dictionary using the _connector argument. Public advisories conf...

CVE-2025-64459 Potential SQL injection via _connector keyword argument in QuerySet and Q objects

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods QuerySet.filter, QuerySet.exclude, and QuerySet.get, and the class Q, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the connector argument...

CVE-2025-64459 Potential SQL injection via _connector keyword argument in QuerySet and Q objects

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods QuerySet.filter, QuerySet.exclude, and QuerySet.get, and the class Q, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the connector argument...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989247)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989247 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/ttm: fix memleak in ttmtransfereddestroy We need to cleanup the fences for ghost objects as...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989258)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989258 advisory. In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix route with nexthop object delete warning FRR folks have hit a kernel warning1 whil...

CVE-2025-12657

The KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Later reads of this object can result in read access violations...

CVE-2025-12657

The KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Later reads of this object can result in read access violations...

UBUNTU-CVE-2025-12657

The KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Later reads of this object can result in read access violations...

CVE-2025-12657 Malformed KMIP response may result in access violation

The KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Later reads of this object can result in read access violations...

CVE-2025-12657

The CVE-2025-12657 issue affects the KMIP response parser built into MongoDB binaries. The parser is overly tolerant of certain malformed KMIP packets, which can cause it to construct invalid objects. Subsequent reads of these objects may trigger read access violations, as described in multiple c...