Security Updates for Microsoft Office Products (March 2025)

The Microsoft Office Products are missing security updates. They are, therefore, affected by multiple remote code execution vulnerabilities. An attacker can exploit these to bypass authentication and execute unauthorized arbitrary commands. Note that Nessus has not tested for these issues but has...

Siemens SCALANCE X-200RNA Switch Devices Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2016-1907)

The sshpacketreadpoll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service out-of-bounds read and application crash via crafted network traffic. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to loss of integrity [CVE-2025-21502]

Summary IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to loss of data integrity due to a vulnerability in Java. This bulletin provides patch information to address the reported vulnerability in Java. CVE-2025-21502 Vulnerabili...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to cross-site scripting [CVE-2025-26791]

Summary node.js module DOMPurify is used by IBM App Connect Enterprise Certified Container DesignerAuthoring operands. DesignerAuthoring operands are vulnerable to cross-site scripting. This bulletin provides patch information to address the reported vulnerability in node.js module DOMPurify...

CVE-2025-27602

CVE-2025-27602 affects Umbraco CMS backoffice functionality. Authentication against the backoffice API could allow a user with Editor permissions to access or delete content and media in folders they should not reach, via manipulation of API URLs. The issue is described as a permissions/authentic...

CVE-2025-2177

A vulnerability classified as critical was found in libzvbi up to 0.2.43. This vulnerability affects the function vbisearchnew of the file src/search.c. The manipulation of the argument patlen leads to integer overflow. The attack can be initiated remotely. The exploit has been disclosed to the...

PT-2025-27683

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved. The issue is related to the iwlwifi module, where the iwl trans reclaim function was warning when called while the firmware FW is...

Linux Distros Unpatched Vulnerability : CVE-2022-39307

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana is an open-source platform for monitoring and observability. When using the forget password on the login page, a POST request is made to the...

CVE-2025-20653

In da, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291064; Issue I...

CVE-2022-49693 drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf

In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp4: Fix refcount leak in mdp4modesetinitintf ofgraphgetremotenode returns remote device node pointer with refcount incremented, we should use ofnodeput on it when not need anymore. Add missing ofnodeput to avoid refcoun...

PT-2025-10120 · Esri · Arcgis Server

Name of the Vulnerable Software and Affected Versions: ArcGIS Server affected versions not specified Description: The issue is related to the lack of protection for the web page structure in ArcGIS Server. This could allow a remote attacker to conduct cross-site scripting attacks. Recommendations...

PT-2025-6897 · Microworld · Microword Escan Antivirus

Name of the Vulnerable Software and Affected Versions: MicroWord eScan Antivirus version 7.0.32 Description: A critical issue has been discovered affecting the sprintf function of the USB Password Handler component. This issue leads to a buffer overflow. The attack must be approached locally,...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution [CVE-2024-21534]

Summary Node.js module jsonpath-plus is used by IBM App Connect Enterprise Certified Container for processing JSON configuration. IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported...

CVE-2021-39201

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Impact The issue allows an authenticated but low-privileged user like contributor/author to execute XSS in the editor. This bypasses the restrictions imposed on users who do n...

CVE-2022-46163

Travel support program is a rails app to support the travel support program of openSUSE TSP. Sensitive user data bank account details, password Hash can be extracted via Ransack query injection. Every deployment of travel-support-program below the patched version is affected. The...

CVE-2024-23641

SvelteKit is a web development kit. In SvelteKit 2, sending a GET request with a body eg to a built and previewed/hosted sveltekit app throws Request with GET/HEAD method cannot have body. and crashes the preview/hosting. After this happens, one must manually restart the app. TRACE requests will...

CVE-2024-8005

A vulnerability was found in demozx gfcms 1.0/1.0.1. It has been classified as critical. This affects the function init of the file internal/logic/auth/auth.go of the component JWT Authentication. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. Th...

CVE-2024-8943

The LatePoint plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.0.12. This is due to insufficient verification on the user being supplied during the booking customer step. This makes it possible for unauthenticated attackers to log in as any existing...

CVE-2025-20635

In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09403752;...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to use of insufficient random values [CVE-2025-22150]

Summary Node.js module undici is used by IBM App Connect Enterprise Certified Container for http calls. IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationServer and IntegrationRuntime operands are vulnerable to use of insufficient random values. This bulletin provides...