Security update for trivy (important)

openSUSE Security Update: Security update for trivy Announcement ID: openSUSE-SU-2025:0302-1 Rating: important References: 1232948 1235265 1246151 Cross-References: CVE-2024-45338 CVE-2024-51744 CVE-2025-53547 CVSS scores: CVE-2024-45338 SUSE: 8.2...

SUSE SLES15 Security Update : kernel (Live Patch 58 for SLE 15 SP3) (SUSE-SU-2025:02832-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02832-1 advisory. This update for the Linux Kernel 5.3.18-15030059207 fixes several issues. The following security issues were fixed: - CVE-2025-38494: HID: cor...

Security update for the Linux Kernel RT (Live Patch 0 for SLE 15 SP7)

This update for the Linux Kernel 6.4.0-1507005 fixes several issues. The following security issues were fixed: CVE-2025-38494: HID: core: do not bypass hidhwrawrequest bsc1247350. CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID bsc1247351...

SUSE-SU-2025:02854-1 Security update for the Linux Kernel (Live Patch 59 for SLE 12 SP5)

This update for the Linux Kernel 4.12.14-122225 fixes several issues. The following security issues were fixed: - CVE-2025-38494: HID: core: do not bypass hidhwrawrequest bsc1247350. - CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID bsc1247351. -...

SUSE-SU-2025:02846-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-46984: Fixed an out of bounds access in kyberbiomerge in kyber bsc1220631. - CVE-2021-46987: btrfs: fix deadlock when cloning inline extents and using qgrou...

Linux Distros Unpatched Vulnerability : CVE-2021-22885

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A possible information disclosure / unintended method execution vulnerability in Action Pack = 2.0.0 when using the redirectto or polymorphicurlhelper with...

Linux Distros Unpatched Vulnerability : CVE-2021-22881

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted Host headers in...

Security update for the Linux Kernel RT (Live Patch 2 for SLE 15 SP7)

This update for the Linux Kernel 6.4.0-15070078 fixes several issues. The following security issues were fixed: CVE-2025-38494: HID: core: do not bypass hidhwrawrequest bsc1247350. CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID bsc1247351. Patch...

CVE-2025-7664

The AL Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the checkactivatepermission permission callback for the /wp-json/presslearn/v1/activate REST API endpoint in all versions up to, and including, 1.1.1. The callback reads the client-supplied...

CVE-2025-7664 Al Pack <= 1.1.1 - Missing Authorization to Unauthenticated Premium Feature Activation via check_activate_permission Function

The AL Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the checkactivatepermission permission callback for the /wp-json/presslearn/v1/activate REST API endpoint in all versions up to, and including, 1.1.1. The callback reads the client-supplied...

PT-2025-33530 · WordPress · Al Pack For Wordpress

Name of the Vulnerable Software and Affected Versions: AL Pack for WordPress versions up to and including 1.0.2 Description: The AL Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the check activate permission permission callback for the...

WordPress plugin AL Pack 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An unauthorized access vulnerability exists in the WordPress AL Pack plugin, which stems from a lack of functionality checking of the checkactivatepermission permission callback...

CVE-2025-55165

Autocaliweb is a web app that offers an interface for browsing, reading, and downloading eBooks using a valid Calibre database. Prior to version 0.8.3, the debug pack generated by Autocaliweb can expose sensitive configuration data, including API keys. This occurs because the todict method, used ...

CVE-2024-48892

A relative path traversal vulnerability CWE-23 in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an authenticated attacker to read arbitrary files via uploading a malicious solution pack...

Malicious code in private-pack-1 (npm)

The package private-pack-1 was found to contain malicious code...

Malicious code in abi-pack-framework (npm)

The package abi-pack-framework was found to contain malicious code...

MAL-2025-39371 Malicious code in wjb313-regret-pack (npm)

The package wjb313-regret-pack was found to contain malicious code...

MAL-2025-29665 Malicious code in private-pack-2 (npm)

The package private-pack-2 was found to contain malicious code...

MAL-2025-17783 Malicious code in csp-presets-pack (npm)

The package csp-presets-pack was found to contain malicious code...

MAL-2025-13948 Malicious code in abi-pack-framework (npm)

The package abi-pack-framework was found to contain malicious code...