Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service [CVE-2024-6827, CVE-2025-1194]

Summary Python modules gunicorn and transformers are used by IBM App Connect Enterprise Certified Container when providing mapping assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service. This bulletin...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to remote code execution [CVE-2025-1302]

Summary Node.js module jsonpath-plus is used by IBM App Connect Enterprise Certified Container for processing JSON data. IBM App Connect Enterprise Certified Container operands are vulnerable to remote code execution. This bulletin provides patch information to address the reported vulnerability ...

WordPress Cart tracking for WooCommerce plugin <= 1.0.17 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Ngo Bui Truong Vu in WordPress Plugin Cart tracking for WooCommerce versions = 1.0.17...

CVE-2025-20666

In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID...

PT-2025-18357 · WordPress · Gravity Forms Webhooks

Name of the Vulnerable Software and Affected Versions: Gravity Forms WebHooks plugin for WordPress versions up to, and including, 1.6.0 Description: The issue allows authenticated attackers with Administrator-level access and above to make web requests to arbitrary locations originating from the...

PT-2025-18561 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, specifically in the CAN Controller Area Network device driver. The issue arises from an out-of-bounds read in the priv-ctrlmode...

CVE-2025-32973

Summary: CVE-2025-32973 affects XWiki Platform (org.xwiki.platform:xwiki-platform-component-wiki). In specific version ranges (15.9-rc-1 to before 15.10.12, 16.0.0-rc-1 to before 16.4.3, and 16.5.0-rc-1 to before 16.8.0-rc-1), a user with programming rights edits a document that was last edited b...

CVE-2025-32432 Craft CMS Allows Remote Code Execution

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a high-impact, low-complexity...

PT-2025-17769 · Animate · Animate

Name of the Vulnerable Software and Affected Versions: Animate versions n/a through 0.5 Description: A Server-Side Request Forgery SSRF issue allows for Server Side Request Forgery. This issue is related to the Animate software. Recommendations: For Animate versions n/a through 0.5, consider...

PT-2025-17216 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, related to the CAN network stack. The issue occurs when a driver calls can get echo skb during a hardware IRQ, potentially...

Amazon Linux 2 : vim (ALAS-2025-2827)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2827 advisory. A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. The manipulation of the argument --log leads to memory...

Security Bulletin: IBM App Connect Enterprise Certified Container operands have unnecessary external access [CVE-2022-43916]

Summary Some of the IBM App Connect Enterprise Certified Container Pods in a deployed environment have unnecessary external network access. This bulletin provides patch information to address the network access. CVE-2022-43916 Vulnerability Details CVEID:CVE-2022-43916 DESCRIPTION: IBM App Connec...

WordPress Additional Custom Product Tabs for WooCommerce plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by muhammad yudha Patchstack Alliance in WordPress Plugin Additional Custom Product Tabs for WooCommerce versions = 1.7.0...

EulerOS 2.0 SP11 : vim (EulerOS-SA-2025-1379)

According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does no...

RHSA-2025:3647 Red Hat Security Advisory: tomcat security update

Bulletin has no description...

PT-2025-20417 · Totolink · Totolink A3100R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3100R version 5.9c.1527 Description: The issue is related to a Buffer Overflow that can be triggered via the comment parameter in the setMacFilterRules function. This allows for potential exploitation. Recommendations: For TOTOLINK...

CVE-2025-3016

A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function Assimp::MDLImporter::ParseTextureColorData of the file code/AssetLib/MDL/MDLMaterialLoader.cpp of the component MDL File Handler. The manipulation of the argument...

CGA-48MP-5Q45-HJQH

Bulletin has no description...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands generate insufficiently strong keystore passwords [CVE-2025-1827]

Summary IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands generate keystores on startup for storing keys and certificates. These are generated with an insufficiently strong password. This bulletin provides patch information to address the reported...

CVE-2024-8773

The CVE-2024-8773 issue affects SIMPLE.ERP clients (versions 6.20–6.30). A server-side MS SQL protocol downgrade can force unencrypted communication, enabling data interception and modification. Only version 6.30 received a patch ([email protected]) to enforce encryption. Versions 6.20 and 6.25 remain u...