Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a cross-site scripting vulnerability (CVE-2025-12635)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a cross-site scripting vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products and...

CVE-2025-67950

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Blind SQL Injection.This issue affects All In One SEO Pack: from n/a through = 4.9.1...

EUVD-2025-203564

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Blind SQL Injection.This issue affects All In One SEO Pack: from n/a through = 4.9.1...

CVE-2025-67950

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Blind SQL Injection.This issue affects All In One SEO Pack: from n/a through = 4.9.1...

CVE-2025-67950 WordPress All In One SEO Pack plugin <= 4.9.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Blind SQL Injection.This issue affects All In One SEO Pack: from n/a through = 4.9.1...

PT-2025-51434

Name of the Vulnerable Software and Affected Versions Syed Balkhi All In One SEO Pack versions through 4.9.1 Description A flaw exists in Syed Balkhi All In One SEO Pack that allows for Blind SQL Injection due to improper neutralization of special elements used in an SQL command. Recommendations...

net.sc8s:elastic-testkit_2.13 (>=0.102.0 <=0.108.0), org.elasticsearch.plugin:transport-netty4 (>=9.0.0 <=9.1.10) +4 more potentially affected by CVE-2025-37731 via org.elasticsearch:elasticsearch-ssl-config (>=9.0.0-beta1 <=9.1.7)

org.elasticsearch:elasticsearch-ssl-config MAVEN version =9.0.0-beta1, =0.102.0, =9.0.0, =9.0.0, =9.1.4, =9.0.0, =9.0.0, =9.1.10 Source cves: CVE-2025-37731 Source advisory: SNYK:JAVA-ORGELASTICSEARCH-14417579...

VulnCheck KEV: CVE-2025-12055

HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from an unauthenticated local file disclosure vulnerability in all releases until Maintenance Pack 36 with Servicepack 8 week 36/2025, which allows an attacker to read arbitrary files from the Windows operating system. The "Filename" paramet...

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2025-2479)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM InfoSphere Information Server is affected by a server-side request forgery (CVE-2025-12832)

Summary A server-side request forgery vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-12832 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send...

Description of the security update for SharePoint Server 2019 Language Pack: December 9, 2025 (KB5002802)

Description of the security update for SharePoint Server 2019 Language Pack: December 9, 2025 KB5002802 Summary Important: If you're running 2013-type workflows, you mustinstall the August 2025 update for SharePoint Workflow Manager to your farm before you install this cumulative update.​​​​​​​ I...

Description of the security update for SharePoint Server 2016: December 9, 2025 (KB5002821)

Description of the security update for SharePoint Server 2016: December 9, 2025 KB5002821 Summary Important: If you're currently running SharePoint Workflow Manager, you must install the SharePoint Workflow Manager KB5002799 to your farm before you install this cumulative update. If you're...

Description of the security update for SharePoint Server 2016 Language Pack: December 9, 2025 (KB5002804)

Description of the security update for SharePoint Server 2016 Language Pack: December 9, 2025 KB5002804 Summary Important: If you're running Microsoft SharePoint Server 2013-type workflows, you must install the August 2025 update for SharePoint Workflow Manager to your farm before you install thi...

CVE-2025-36102

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow a privileged user to bypass validation, passing user input into the application as trusted data, due to client-side enforcement of server-side security...

CVE-2025-36015

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow an authenticated user to cause a denial of service due to improper validation of a specified quantity size input...

Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by cross-site scripting (CVE-2025-12635)

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by cross-site scripting. Vulnerability Details CVEID:CVE-2025-12635 DESCRIPTION: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are affected by cross-site scripting due to...

CVE-2025-40269

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential overflow of PCM transfer buffer The PCM stream data in USB-audio driver is transferred over USB URB packet buffers, and each packet size is determined dynamically. The packet sizes are limited by so...

WordPress All In One SEO Pack plugin <= 4.9.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by mcdruid in WordPress Plugin All In One SEO Pack versions = 4.9.1...

Security Bulletin: Due to use of IBM WebSphere Application Server, IBM Tivoli Netcool Configuration Manager (ITNCM), is affected by SMTP injection due to Jakarta Mail(CVE-2025-7962).

Summary WebSphere Application Server, used by IBM Tivoli Netcool Configuration Manager ITNCM, is affected by SMTP injection due to Jakarta Mail. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions...

SUSE SLES15 Security Update : kernel (Live Patch 1 for SUSE Linux Enterprise 15 SP7) (SUSE-SU-2025:4306-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4306-1 advisory. This update for the SUSE Linux Enterprise kernel 6.4.0-150700.53.3 fixes various security issues The following security issues were fixed: -...