CVE-2025-30845

CVE-2025-30845 affects The Pack Elementor addon (The Pack Elementor addons) up to version 2.1.1. The vulnerability is an authenticated Local File Inclusion via improper control of the filename used in PHP include/require statements. Wordfence details list this CVE as an authenticated LFI issue wi...

CVE-2025-30845 WordPress The Pack Elementor addons plugin <= 2.1.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in webangon The Pack Elementor addons the-pack-addon allows PHP Local File Inclusion.This issue affects The Pack Elementor addons: from n/a through = 2.1.1...

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to PyTorch to execute arbitrary code on the system.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component may be vulnerable to PyTorch arbitrary code execution of Python code through the use of torch. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-48063...

Security Bulletin: IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite are vulnerable to CSV injection (CVE-2022-35281)

Summary IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite are vulnerable to CSV injection. Vulnerability Details CVEID:CVE-2022-35281 DESCRIPTION: IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite are...

Security Bulletin: A vulnerability exists in Google Web Toolkit (GWT) framework used by ITNM (CVE-2007-2378)

Summary Vulnerability CVE-2007-2378 found in gwt-maps that is present in IBM Tivoli Network Manager ITNM IP Edition. The fix contains the removal of this library from ITNM Vulnerability Details CVEID:CVE-2007-2378 DESCRIPTION: The Google Web Toolkit GWT framework exchanges data using JavaScript...

Security Bulletin: Multiple Vulnerabilities Affect IBM Financial Transaction Manager for SWIFT Services (CVE-2022-4387, CVE-2022-43875)

Summary Multiple vulnerabilities affect IBM Financial Transaction Manager for SWIFT Services. These are addressed. Vulnerability Details CVEID:CVE-2022-43872 DESCRIPTION: IBM Financial Transaction Manager authorization checks are done incorrectly for some HTTP requests which allows getting...

Security Bulletin: IBM QRadar SIEM is vulnerable to information disclosure (CVE-2022-30613)

Summary IBM QRadar SIEM is vulnerable to information disclosure. IBM has addressed the vulnerability. Vulnerability Details CVEID:CVE-2022-30613 DESCRIPTION: IBM QRadar could disclose sensitive information via a local service to a privileged user. CVSS Base score: 4.4 CVSS Temporal Score: See:...

Security Bulletin: IBM QRadar SIEM is vulnerable to improper certificate validation (CVE-2021-29755)

Summary IBM Qradar SIEM does not preform proper certificate validation for some inter-host communications. IBM QRadar SIEM has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2021-29755 DESCRIPTION: IBM Qradar SIEM does not preform proper certificate validation for some inter-host...

Security Bulletin: IBM Match 360 is vulnerable to a denial of service from IBM WebSphere Application Server Liberty vulnerability found in Google Protocol Buffers (CVE-2024-7254)

Summary IBM Match 360 is vulnerable to a denial service from IBM WebSphere Application Server Liberty use of vulnerable Google Protocol Buffers. This affects IBM WebSphere Application Server Liberty 20.0.0.12 - 24.0.0.10 with the specified features enabled. Any project that parses untrusted...

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Netty (CVE-2025-25193)

Summary There is a vulnerability in the Netty library used by IBM WebSphere Application Server Liberty with the grpc-1.0 or grpcClient-1.0 feature enabled. Vulnerability Details CVEID:CVE-2025-25193 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has a vulnerabili...

Security Bulletin: WebSphere Message Broker and IBM Integration Bus are affected by confidentiality vulnerability (CVE-2015-7399)

Summary WebSphere Message Broker and IBM Integration Bus could allow a potential attacker to identify the technology used to handle incoming HTTP requests Vulnerability Details CVEID: CVE-2015-7399 DESCRIPTION: IBM Integration Bus could allow a potential attacker to identify the technology used t...

MAL-2025-2600 Malicious code in bsb-family-pack (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: oracle-using-macaron 9ce94b3baee18c22e6c4de9808764de9496aa7a055a74f58eb972741ac433181 This package seems to be part of a larger malicious toolkit designed for unauthorized access to systems, data theft, and potentially acting as a...

Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059150 fixes several issues. The following security issues were fixed: CVE-2024-46818: drm/amd/display: Check gpioid before used as array index bsc1231204. CVE-2021-47261: Fix initializing CQ fragments buffer bsc1224954 CVE-2024-50302: HID: core:...

Security update for the Linux Kernel (Live Patch 57 for SLE 12 SP5)

This update for the Linux Kernel 4.12.14-122219 fixes several issues. The following security issues were fixed: CVE-2024-46818: drm/amd/display: Check gpioid before used as array index bsc1231204. CVE-2024-50302: HID: core: zero-initialize the report buffer bsc1233679. CVE-2022-48792: scsi: pm800...

CVE-2025-28938

Missing Authorization vulnerability in Bjoern WP Performance Pack wp-performance-pack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Performance Pack: from n/a through = 2.5.3...

WordPress WP Performance Pack plugin <= 2.5.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin WP Performance Pack versions = 2.5.3...

CVE-2025-28938

Missing Authorization vulnerability in Bjoern WP Performance Pack wp-performance-pack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Performance Pack: from n/a through = 2.5.3...

CVE-2025-28938 WordPress WP Performance Pack plugin <= 2.5.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Bjoern WP Performance Pack wp-performance-pack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Performance Pack: from n/a through = 2.5.3...

CVE-2025-28938

CVE-2025-28938 describes a Missing Authorization vulnerability in the WordPress plugin WP Performance Pack (affected:

WordPress plugin WP Performance Pack 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...