Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a security bypass vulnerability (CVE-2024-56339)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a security bypass caused by a failure to honor security configuration. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

WordPress Premium SEO Pack Plugin <= 3.3.2 - Privilege Escalation Vulnerability

Privilege Escalation Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Premium SEO Pack versions = 3.3.2...

Malicious code in sha256-validator-pack (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 453f997676ddfb37b97659a39bdc5de8d8c2fc1b070f5feeda72545030850113 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in sha256-pack (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware df5d9762214be9f4321d8e3634eeae69ae8f288fd94ae1a07bf6b3defa487b97 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Description of the security update for SharePoint Enterprise Server 2016 Language Pack: July 21, 2025 (KB5002759)

Description of the security update for SharePoint Enterprise Server 2016 Language Pack: July 21, 2025 KB5002759 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability and Microsoft SharePoint Server spoofing vulnerability. To learn more about the...

Description of the security update for SharePoint Server 2016: July 21, 2025 (KB5002760)

Description of the security update for SharePoint Server 2016: July 21, 2025 KB5002760 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability and Microsoft SharePoint Server spoofing vulnerability. To learn more about the vulnerabilities, see the...

Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005594 fixes one issue. The following security issue was fixed: CVE-2025-21772: partitions: mac: fix handling of bogus partition table bsc1238912. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

Description of the security update for SharePoint Enterprise Server 2016: July 8, 2025 (KB5002744)

Description of the security update for SharePoint Enterprise Server 2016: July 8, 2025 KB5002744 Summary This security update resolves a Microsoft SharePoint remote code execution vulnerability, Microsoft SharePoint Server spoofing vulnerability, and Microsoft Word remote code execution...

WordPress Premium SEO Pack <= 3.3.2 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Plugin Premium SEO Pack versions = 3.3.2...

Microsoft Windows Routing and Remote Access Service 缓冲区错误漏洞

Microsoft Windows Routing and Remote Access Service is a network service from Microsoft Corporation USA that is used to implement features such as network routing, virtual private networks VPNs, and dial-up connections. A buffer error vulnerability exists in Microsoft Windows Routing and Remote...

CVE-2025-5944

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-caption’ attribute in all versions up to, and including, 8.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

MAL-2025-5598 Malicious code in @stihlus/stihl-icons-pack (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2b7a2eeaded2a276a85d303add7611ab4f65579f9d08c53712a84d46c304003d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-5944

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-caption’ attribute in all versions up to, and including, 8.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-5944

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-caption’ attribute in all versions up to, and including, 8.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

Cross-site Scripting (XSS)

Overview org.webjars:uikit is a lightweight and modular front-end framework for developing fast and powerful web interfaces. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the data-caption attribute due to insufficient input sanitisation and output escaping. An...

Cross-site Scripting (XSS)

Overview org.webjars.bowergithub.uikit:uikit is a lightweight and modular front-end framework for developing fast and powerful web interfaces. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the data-caption attribute due to insufficient input sanitisation and outp...

Cross-site Scripting (XSS)

Overview org.webjars.npm:uikit is a lightweight and modular front-end framework for developing fast and powerful web interfaces. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the data-caption attribute due to insufficient input sanitisation and output escaping. A...

Cross-site Scripting (XSS)

Overview org.webjars.bower:uikit is a lightweight and modular front-end framework for developing fast and powerful web interfaces. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the data-caption attribute due to insufficient input sanitisation and output escaping...

CVE-2025-5944 Element Pack Addons for Elementor <= 8.0.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via data-caption Attribute

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-caption’ attribute in all versions up to, and including, 8.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-5944 Element Pack Addons for Elementor <= 8.0.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via data-caption Attribute

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-caption’ attribute in all versions up to, and including, 8.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...