Azure Linux 3.0 Security Update: python-twisted (CVE-2023-46137)

The version of python-twisted installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-46137 advisory. - Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when...

CVE-2020-8565 affecting package local-path-provisioner for versions less than 0.0.24-5

CVE-2020-8565 affecting package local-path-provisioner for versions less than 0.0.24-5. A patched version of the package is available...

CVE-2025-30216

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. In versions 1.3.3 and prior, a Heap Overflow vulnerability occurs in t...

Security Bulletin: There is a vulnerability in Python wheel package for the Werkzeug library affecting watsonx Code Assistant On Prem Extensions

Summary There is a vulnerablity in the Python wheel package for the Werkzeug library affecting watsonx Code Assistant On Prem Extensions. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-49766 DESCRIPTION: Werkzeug is a Web Server...

DEBIAN-CVE-2025-2849

A vulnerability, which was classified as problematic, was found in UPX up to 5.0.0. Affected is the function PackLinuxElf64::unDTINIT of the file src/plxelf.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been...

CVE-2025-26619

Vega (Node) and Vega‑functions prior to versions 5.31.0/5.16.0 allow calling JavaScript functions from the Vega expression language that were not meant to be supported. This is the CVE-2025-26619 issue; the root cause is exposure of arbitrary JS execution through the expression interpreter. The v...

CVE-2024-44903

SQL Injection can occur in the SirsiDynix Horizon Information Portal IPAC20 through 3.259382; however, a patch is available from the vendor. This is in ipac.jsp in a SELECT WHERE statement, in a part of the uri= variable in the second part of the full= inner variable...

CVE-2025-30217

CVE-2025-30217 affects the Frappe Framework. The vulnerability is a SQL injection occurring in Frappe versions prior to 14.93.2 and 15.55.0, potentially allowing access to sensitive information. A patch is included in 14.93.2 and 15.55.0; no workarounds are documented. Practical impact and exploi...

CVE-2025-30164

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 vulnerability allows an attacker to craft a URL that, once visited by an authenticated user or one that is able to authenticate, allows to...

CVE-2025-23203

Icinga Director is an Icinga config deployment tool. A Security vulnerability has been found starting in version 1.0.0 and prior to 1.10.4 and 1.11.4 on several director endpoints of REST API. To reproduce this vulnerability an authenticated user with permission to access the Director is required...

CVE-2025-24972 Discourse may bypass user preference when adding users to chat groups

Discourse is an open-source discussion platform. Prior to versions 3.3.4 on the stable branch and 3.4.0.beta5 on the beta branch, in specific circumstances, users could be added to group direct messages despite disabling direct messaging in their preferences. Versions 3.3.4 and 3.4.0.beta5 contai...

CVE-2025-24972

Discourse (open-source platform) has a vulnerability CVE-2025-24972 affecting group direct messages. In affected releases (before 3.3.4 on the stable branch and before 3.4.0.beta5 on the beta branch), a user could be added to a group DM even if direct messaging was disabled in their preferences. ...

CVE-2025-30216

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. In versions 1.3.3 and prior, a Heap Overflow vulnerability occurs in t...

CVE-2025-30216 CryptoLib Has Heap Overflow in Crypto_TM_ProcessSecurity due to Unchecked Secondary Header Length

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. In versions 1.3.3 and prior, a Heap Overflow vulnerability occurs in t...

CVE-2025-30216 CryptoLib Has Heap Overflow in Crypto_TM_ProcessSecurity due to Unchecked Secondary Header Length

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. In versions 1.3.3 and prior, a Heap Overflow vulnerability occurs in t...

CVE-2025-30216

CryptoLib SDLS-EP (NASA cFS) has a heap overflow in Crypto_TM_ProcessSecurity for TM packets. In versions total packet length, memcpy into p_new_dec_frame overflows. Impact: potential arbitrary code execution or system instability. Remediation: patch available at commit 810fd66d592c883125272fef1...

CVE-2024-44903

SQL Injection can occur in the SirsiDynix Horizon Information Portal IPAC20 through 3.259382; however, a patch is available from the vendor. This is in ipac.jsp in a SELECT WHERE statement, in a part of the uri= variable in the second part of the full= inner variable...

CVE-2024-44903

CVE-2024-44903 affects SirsiDynix Horizon Information Portal (IPAC20) up to version 3.25_9382. The vulnerability is a SQL injection in ipac.jsp within a SELECT WHERE statement in the uri= portion of the full= inner variable, leading to potential impact as described by the CVSS vector ( HIGH, NETW...

PT-2025-12768 · WordPress · Easy Digital Downloads

Name of the Vulnerable Software and Affected Versions: Easy Digital Downloads – eCommerce Payments and Subscriptions plugin for WordPress versions up to, and including, 3.3.6.1 Description: The issue allows unauthenticated attackers to extract private post titles of downloads via the edd ajax get...

CVE-2025-29778 Kyverno ignores subjectRegExp and IssuerRegExp

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were...