Security Updates for Microsoft PowerPoint Products (July 2025)

The Microsoft PowerPoint Products are missing a security update. It is, therefore, affected by the following vulnerability: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. CVE-2025-49705 Note that Nessus h...

Security update for sudo

This update for sudo fixes the following issues: CVE-2025-32462: Fix a possible local privilege escalation via the --host option bsc1245274 CVE-2025-32463: Fix a possible local privilege Escalation via chroot option bsc1245275 Patch Instructions: To install this SUSE update use the SUSE recommend...

EulerOS 2.0 SP10 : ppp (EulerOS-SA-2025-1785)

According to the versions of the ppp package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges.CVE-2024-58250 Tenable has extracted the preceding description block directly...

Vulnerabilities fixed in Palo Alto PAN OS

Palo Alto Networks has fixed vulnerabilities in PAN-OS. The vulnerabilities include an information leak in the SD-WAN feature, which allows unauthorized users to intercept packets and access unsecured data from the firewall. This poses a risk to sensitive information being transmitted. In additio...

PT-2025-31: Local Privilege Escalation (LPE) via Virtual Hard Disk (VHDX) in Microsoft Windows

The Local Privilege Escalation LPE via Virtual Hard Disk VHDX vulnerability was discovered in Microsoft Windows. The vulnerability allows an authorized attacker to gain SYSTEM privileges. The affected products: Windows 10 for x64-based/32-bit Systems Versions to 10.0.10240.21073 Windows 10 Versio...

Security Updates for Microsoft SharePoint Server 2016 (July 2025)

The Microsoft SharePoint Server 2016 installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - Server Spoofing Vulnerability. CVE-2025-49706 - Remote Code Execution Vulnerabilites. CVE-2025-49701, CVE-2025-49703, CVE-2025-49704...

CVE-2025-38120 netfilter: nf_set_pipapo_avx2: fix initial map fill

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfsetpipapoavx2: fix initial map fill If the first field doesn't cover the entire start map, then we must zero out the remainder, else we leak those bits into the next match round map. The early fix was incomplete and...

Security update for runc

This update for runc fixes the following issues: CVE-2024-45310: Fixed unintentional creation of empty files/directories on host bsc1230092 Other fixes: Update to runc v1.2.6. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...

Security Bulletin: IBM Maximo Application Suite - Manage Component uses send-0.18.0.tgz which is vulnerable to CVE-2024-43799

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses send-0.18.0.tgz which is vulnerable to CVE-2024-43799. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-43799 DESCRIPTION: Send is a library for...

Security Bulletin: Werkzeug Multipart Parser Denial of Service via Malformed File Upload

Summary Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on...

UBUNTU-CVE-2025-52887

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In version 0.21.0, when many http headers fields are passed in, the library does not limit the number of headers, and the memory associated with the headers will not be released when the connection is disconnected...

Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.10.3 for Spring Boot patch release.

Red Hat build of Apache Camel 4.10.3 for Spring Boot patch release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

VulnCheck KEV: CVE-2024-48914

Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure's asset server plugin allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data...

CVE-2025-52882 Claude Code IDE extensions allow websocket connections from arbitrary origins

Claude Code is an agentic coding tool. Claude Code extensions in VSCode and forks e.g., Cursor, Windsurf, and VSCodium and JetBrains IDEs e.g., IntelliJ, Pycharm, and Android Studio are vulnerable to unauthorized websocket connections from an attacker when visiting attacker-controlled webpages...

SUSE CVE-2025-6490

A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833 and classified as problematic. This issue affects the function hashmapsetwithhash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approach...

CVE-2025-52488

Summary (CVE-2025-52488) Affected: DNN Platform (formerly DotNetNuke), versions 6.0.0 up to before 10.0.1.Root cause: A specially crafted interaction vulnerability allows NTLM hashes to be disclosed to a third‑party SMB server via Unicode path normalization.Impact: Unauthenticated attackers could...

CVE-2025-52464

Meshtastic is an open source mesh networking solution. In versions from 2.5.0 to before 2.6.11, the flashing procedure of several hardware vendors was resulting in duplicated public/private keys. Additionally, the Meshtastic was failing to properly initialize the internal randomness pool on some...

CVE-2022-50035

CVE-2022-50035 affects the Linux kernel DRM AMDGPU path. The issue is a use-after-free in amdgpu_bo_list mutex handling caused by double-unlocking of bo_list_mutex when amdgpu_cs_vm_handling returns non-zero, which can lead to a refcount underflow (as shown in the trace). The vulnerability is dem...

RHEL 7 / 8 / 9 : Red Hat JBoss Enterprise Application Platform 7.4.22 (RHSA-2025:9115)

The remote Redhat Enterprise Linux 7 / 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:9115 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchrono...

GHSA-59W6-R9HM-439H XWiki does not require right warnings for XClass definitions

Impact When an attacker without script or programming right creates an XClass definition in XWiki requires edit right, and that same document is later edited by a user with script, admin, or programming right, malicious code could be executed with the rights of the editing user without prior...