CVE-2014-125090

A vulnerability was found in Media Downloader Plugin 0.1.992 on WordPress. It has been declared as problematic. This vulnerability affects the function dlfileresumable of the file getfile.php. The manipulation of the argument file leads to cross site scripting. The attack can be initiated remotel...

grype-0.92.1-1.1 on GA media (moderate)

grype-0.92.1-1.1 on GA media Announcement ID: openSUSE-SU-2025:15136-1 Rating: moderate Cross-References: CVE-2021-3711 CVE-2022-2068 CVSS scores: CVE-2021-3711 SUSE : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-2068 SUSE : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected...

CVE-2025-37962

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix memory leak in parseleasestate The previous patch that added bounds check for create lease context introduced a memory leak. When the bounds check fails, the function returns NULL without freeing the previously allocat...

PT-2025-22094

Name of the Vulnerable Software and Affected Versions: Grand Restaurant WordPress versions n/a through 7.0 Description: The issue is related to a Missing Authorization vulnerability, which allows exploitation of incorrectly configured access control security levels. Recommendations: For Grand...

Security Bulletin: Vulnerability in Apache Tomcat affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Apache Tomcat has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability has been addressed. Refer to details for additional information...

PT-2025-21791 · WordPress · Multivendorx

Name of the Vulnerable Software and Affected Versions: MultiVendorX – WooCommerce Multivendor Marketplace Solutions plugin for WordPress versions prior to 4.2.22 Description: The issue allows authenticated attackers with Contributor-level access and above to delete arbitrary posts, pages,...

Alibaba Cloud Linux 3 : 0097: python-requests (ALINUX3-SA-2023:0097)

The remote Alibaba Cloud Linux 3 host has a package installed that is affected by a vulnerability as referenced in the ALINUX3-SA-2023:0097 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-32681: Requests is a HTTP library. Since...

PT-2025-20991 · Microsoft · Office Excel

Name of the Vulnerable Software and Affected Versions: Microsoft Office Excel versions 2016 through 2024 Microsoft Office Excel version 365 Description: The issue is an out-of-bounds read in Microsoft Office Excel, allowing an unauthorized attacker to execute code locally. This can enable remote...

Security update for libxslt

This update for libxslt fixes the following issues: CVE-2025-24855: Fixed use-after-free of XPath context node bsc1239625 CVE-2024-55549: Fixed use-after-free related to excluded namespaces bsc1239637 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods li...

Security update for ImageMagick

This update for ImageMagick fixes the following issues: CVE-2025-43965: mishandling of image depth after SetQuantumFormat is used in MIFF image processing. bsc1241659 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

CVE-2025-21981 affecting package kernel for versions less than 6.6.85.1-2

CVE-2025-21981 affecting package kernel for versions less than 6.6.85.1-2. An upgraded version of the package is available that resolves this issue...

CVE-2025-4287 PyTorch nccl.py torch.cuda.nccl.reduce denial of service

A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function torch.cuda.nccl.reduce of the file torch/cuda/nccl.py. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has bee...

PT-2025-18134 · Unknown · Libsnowflakeclient

Name of the Vulnerable Software and Affected Versions: libsnowflakeclient versions 0.5.0 through 2.2.0 Description: The issue concerns the Snowflake Connector for C/C++, which incorrectly treats malformed requests that cause the HTTP response status code 400 as able to be retried. This could hang...

PT-2025-22161

Name of the Vulnerable Software and Affected Versions: Linux kernel Description: A use-after-free vulnerability exists in the ksmbd module of the Linux kernel, specifically in the smb2 sess setup function. This flaw could allow a remote attacker to cause a denial of service. The vulnerability was...

libxslt security update

1.1.34-9.0.1.el95.2 - Added libxslt-oracle-enterprise.patch and replaced doc/redhat.gif in tarball 1.1.34-9.2 - Fix CVE-2024-55549 RHEL-83515 1.1.34-9.1 - Fix CVE-2025-24855 RHEL-83501...

SUSE: Security Advisory (SUSE-SU-2025:1326-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Solaris Critical Patch Update : apr2025_SRU11_4_78_189_2

The version of Solaris installed on the remote host is prior to 11.4.78.189.2. It is, therefore, affected by multiple vulnerabilities as referenced in the solaris11apr2025SRU114781892 advisory. - Vulnerability in the Oracle Solaris product of Oracle Systems component: Filesystem. The supported...

Oracle Critical Patch Update, April 2025 Security Update Review

Oracle released its first quarterly edition of this year’s Critical Patch Update. The update received patches for 378 s ecurity vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families,...

PT-2025-36574

Name of the Vulnerable Software and Affected Versions Spring Cloud Gateway Server Webflux affected versions not specified Description Spring Cloud Gateway Server Webflux may allow an attacker to modify Spring Environment properties. This is possible when the Spring Boot actuator is a dependency,...

Oracle Critical Patch Update Advisory - April 2025

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches add...