CVE-2023-30850

Pimcore is an open source data and experience management platform. Prior to version 10.5.21, a SQL Injection vulnerability exists in the admin translations API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually...

CVE-2023-38489

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites with user accounts unless Kirby's API and Panel are disabled in the config. It can only be abused if a Kirby user is logged in on a device or browser th...

CVE-2022-40756

If folder security is misconfigured for Actian Zen PSQL BEFORE Patch Update 1 for Zen 15 SP1 v15.11.005, Patch Update 4 for Zen 15 v15.01.017, or Patch Update 5 for Zen 14 SP2 v14.21.022, it can allow an attacker with file read/write access to remove specific security files in order to reset the...

CVE-2022-41887

TensorFlow is an open source platform for machine learning. tf.keras.losses.poisson receives a ypred and ytrue that are passed through functor::mul in BinaryOp. If the resulting dimensions overflow an int32, TensorFlow will crash due to a size mismatch during broadcast assignment. We have patched...

CVE-2022-28786

Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic...

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 128.10.1. Security fixes: MFSA 2025-34 bsc1243216 CVE-2025-3875: Sender Spoofing via Malformed From Header in Thunderbird. CVE-2025-3877: Unsolicited File Download, Disk Space Exhaustion, and Credential...

CVE-2014-125090

A vulnerability was found in Media Downloader Plugin 0.1.992 on WordPress. It has been declared as problematic. This vulnerability affects the function dlfileresumable of the file getfile.php. The manipulation of the argument file leads to cross site scripting. The attack can be initiated remotel...

grype-0.92.1-1.1 on GA media (moderate)

grype-0.92.1-1.1 on GA media Announcement ID: openSUSE-SU-2025:15136-1 Rating: moderate Cross-References: CVE-2021-3711 CVE-2022-2068 CVSS scores: CVE-2021-3711 SUSE : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-2068 SUSE : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected...

CVE-2025-37962

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix memory leak in parseleasestate The previous patch that added bounds check for create lease context introduced a memory leak. When the bounds check fails, the function returns NULL without freeing the previously allocat...

PT-2025-22094

Name of the Vulnerable Software and Affected Versions: Grand Restaurant WordPress versions n/a through 7.0 Description: The issue is related to a Missing Authorization vulnerability, which allows exploitation of incorrectly configured access control security levels. Recommendations: For Grand...

Security Bulletin: Vulnerability in Apache Tomcat affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Apache Tomcat has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability has been addressed. Refer to details for additional information...

PT-2025-21791 · WordPress · Multivendorx

Name of the Vulnerable Software and Affected Versions: MultiVendorX – WooCommerce Multivendor Marketplace Solutions plugin for WordPress versions prior to 4.2.22 Description: The issue allows authenticated attackers with Contributor-level access and above to delete arbitrary posts, pages,...

Alibaba Cloud Linux 3 : 0097: python-requests (ALINUX3-SA-2023:0097)

The remote Alibaba Cloud Linux 3 host has a package installed that is affected by a vulnerability as referenced in the ALINUX3-SA-2023:0097 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-32681: Requests is a HTTP library. Since...

PT-2025-20991 · Microsoft · Office Excel

Name of the Vulnerable Software and Affected Versions: Microsoft Office Excel versions 2016 through 2024 Microsoft Office Excel version 365 Description: The issue is an out-of-bounds read in Microsoft Office Excel, allowing an unauthorized attacker to execute code locally. This can enable remote...

Security update for libxslt

This update for libxslt fixes the following issues: CVE-2025-24855: Fixed use-after-free of XPath context node bsc1239625 CVE-2024-55549: Fixed use-after-free related to excluded namespaces bsc1239637 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods li...

Security update for ImageMagick

This update for ImageMagick fixes the following issues: CVE-2025-43965: mishandling of image depth after SetQuantumFormat is used in MIFF image processing. bsc1241659 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

CVE-2025-21981 affecting package kernel for versions less than 6.6.85.1-2

CVE-2025-21981 affecting package kernel for versions less than 6.6.85.1-2. An upgraded version of the package is available that resolves this issue...

CVE-2025-4287 PyTorch nccl.py torch.cuda.nccl.reduce denial of service

A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function torch.cuda.nccl.reduce of the file torch/cuda/nccl.py. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has bee...

PT-2025-18134 · Unknown · Libsnowflakeclient

Name of the Vulnerable Software and Affected Versions: libsnowflakeclient versions 0.5.0 through 2.2.0 Description: The issue concerns the Snowflake Connector for C/C++, which incorrectly treats malformed requests that cause the HTTP response status code 400 as able to be retried. This could hang...

libxslt security update

1.1.34-9.0.1.el95.2 - Added libxslt-oracle-enterprise.patch and replaced doc/redhat.gif in tarball 1.1.34-9.2 - Fix CVE-2024-55549 RHEL-83515 1.1.34-9.1 - Fix CVE-2025-24855 RHEL-83501...