TencentOS Server 4: moby (TSSA-2024:0823)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0823 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 4: tomcat (TSSA-2024:1056)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:1056 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

CVE-2025-49583 XWiki provides no warning when granting XWiki.Notifications.Code.NotificationEmailRendererClass admin right

XWiki is a generic wiki platform. When a user without script right creates a document with an XWiki.Notifications.Code.NotificationEmailRendererClass object, and later an admin edits and saves that document, the email templates in this object will be used for notifications. No malicious code can ...

PT-2025-24984 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.22 and earlier Description: A stored Cross-Site Scripting XSS issue affects the software, allowing an attacker with limited privileges to inject malicious scripts into vulnerable form fields. This could...

WordPress Simple Membership plugin <= 4.6.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by bintable in WordPress Plugin Simple Membership versions = 4.6.3...

CVE-2025-48489

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site Scripting XSS attacks due to insufficient data validation and sanitization during data reception. This issue has been patched in version 1.8.180...

Security update for glibc

This update for glibc fixes the following issues: Security issues fixed: CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen search for libraries to load in LDLIBRARYPATH bsc1243317. Other issues fixed: Multi-threaded application hang...

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM SDK, Java Technology Edition Quarterly CPU - Apr 2025 - Includes Oracle April 2024 CPU plus is vulnerable to CVE-2025-4447

Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their April 2025 Critical Patch Update, plus CVE-2025-4447. For more information please refer to Oracle's April 2025 CPU Advisory and the CVE links referenced below...

UBUNTU-CVE-2025-37992

In the Linux kernel, the following vulnerability has been resolved: netsched: Flush gsoskb list too during -change Previously, when reducing a qdisc's limit via the -change operation, only the main skb queue was trimmed, potentially leaving packets in the gsoskb list. This could result in NULL...

CVE-2024-37898

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When a user has view but not edit right on a page in XWiki, that user can delete the page and replace it by a page with new content without having delete right. The previous version of the pag...

CVE-2024-55652

PenDoc is a penetration testing reporting application. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an attacker can write a malicious docx template containing expressions that escape the JavaScript sandbox to execute arbitrary code on the system. An attacker who can control the...

CVE-2023-46134

D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to version 3.7.0, users hosting D-Tale publicly can be vulnerable to remote code execution, allowing attackers to run malicious code on the server. This issue has been patched in...

CVE-2023-35085

An integer overflow vulnerability in all UniFi Access Points and Switches, excluding the Switch Flex Mini, with SNMP Monitoring and default settings enabled could allow a Remote Code Execution RCE. Affected Products: All UniFi Access Points Version 6.5.50 and earlier All UniFi Switches Version...

CVE-2023-36469

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including...

CVE-2023-30850

Pimcore is an open source data and experience management platform. Prior to version 10.5.21, a SQL Injection vulnerability exists in the admin translations API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually...

CVE-2023-38489

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites with user accounts unless Kirby's API and Panel are disabled in the config. It can only be abused if a Kirby user is logged in on a device or browser th...

CVE-2022-40756

If folder security is misconfigured for Actian Zen PSQL BEFORE Patch Update 1 for Zen 15 SP1 v15.11.005, Patch Update 4 for Zen 15 v15.01.017, or Patch Update 5 for Zen 14 SP2 v14.21.022, it can allow an attacker with file read/write access to remove specific security files in order to reset the...

CVE-2022-41887

TensorFlow is an open source platform for machine learning. tf.keras.losses.poisson receives a ypred and ytrue that are passed through functor::mul in BinaryOp. If the resulting dimensions overflow an int32, TensorFlow will crash due to a size mismatch during broadcast assignment. We have patched...

CVE-2022-28786

Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic...

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 128.10.1. Security fixes: MFSA 2025-34 bsc1243216 CVE-2025-3875: Sender Spoofing via Malformed From Header in Thunderbird. CVE-2025-3877: Unsolicited File Download, Disk Space Exhaustion, and Credential...