PT-2025-22161

Name of the Vulnerable Software and Affected Versions: Linux kernel Description: A use-after-free vulnerability exists in the ksmbd module of the Linux kernel, specifically in the smb2 sess setup function. This flaw could allow a remote attacker to cause a denial of service. The vulnerability was...

SUSE: Security Advisory (SUSE-SU-2025:1326-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Solaris Critical Patch Update : apr2025_SRU11_4_78_189_2

The version of Solaris installed on the remote host is prior to 11.4.78.189.2. It is, therefore, affected by multiple vulnerabilities as referenced in the solaris11apr2025SRU114781892 advisory. - Vulnerability in the Oracle Solaris product of Oracle Systems component: Filesystem. The supported...

Oracle Critical Patch Update, April 2025 Security Update Review

Oracle released its first quarterly edition of this year’s Critical Patch Update. The update received patches for 378 s ecurity vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families,...

PT-2025-36574

Name of the Vulnerable Software and Affected Versions Spring Cloud Gateway Server Webflux affected versions not specified Description Spring Cloud Gateway Server Webflux may allow an attacker to modify Spring Environment properties. This is possible when the Spring Boot actuator is a dependency,...

RHEL 6 / 7 : rh-mysql56-mysql (RHSA-2016:2749)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:2749 advisory. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The...

Oracle Critical Patch Update Advisory - April 2025

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches add...

Advisory ROSA-SA-2025-2787

Software: postgresql15 15.12 OS: rosa-server79 packageevrstring: postgresql15-15.12-1PGDG.res7 CVE-ID: CVE-2024-7348 BDU-ID: 2024-06153 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the pgdump utility of the PostgreSQL database management system is related to the dereferencing of a null pointer du...

PT-2025-15328

Name of the Vulnerable Software and Affected Versions libxml2 versions prior to 2.13.8 libxml2 versions 2.14.x prior to 2.14.2 Description The vulnerability in libxml2 is related to out-of-bounds memory access in the Python API due to an incorrect return value. This occurs in xmlPythonFileRead an...

Photon OS 5.0: Patch PHSA-2024-5.0-0424

An update of the patch package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-5.0-0424. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Security update for the Linux Kernel (Live Patch 60 for SLE 12 SP5)

This update for the Linux Kernel 4.12.14-122228 fixes one issue. The following security issue was fixed: CVE-2022-48791: Fix use-after-free for aborted TMF sastask bsc1228002 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...

PT-2025-13699 · Unknown · Eleopard Behance Portfolio Manager

Name of the Vulnerable Software and Affected Versions: eleopard Behance Portfolio Manager versions n/a through 1.7.4 Description: The issue is related to an SQL Injection vulnerability, specifically an Improper Neutralization of Special Elements used in an SQL Command. This allows for SQL Injecti...

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in its dependencies (CVE-2022-45688, CVE-2023-28439, CVE-2023-33201, CVE-2023-41900, CVE-2023-36479, CVE-2023-40167, CVE-2023-36478, )

Summary Multiple vulnerabilities over HuTool, JSON-java, CKEditor4, Bouncy Castle and Eclipse Jetty is affecting IBM Sterling Control Center v6.2.1.0. Customers must upgrade to latest patch below to address this vulnerability. Vulnerability Details CVEID:CVE-2022-45688 DESCRIPTION: Hutool is...

CVE-2024-8773 Protocol Downgrade in SIMPLE.ERP

SIMPLE.ERP client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affect SIMPLE.ERP from 6.20 to 6.30. Only the 6.30 version received a patch [email protected], which make ...

PT-2025-12718 · Netapp · Snapcenter

Name of the Vulnerable Software and Affected Versions: SnapCenter versions prior to 6.0.1P1 and 6.1P1 Description: A critical flaw in NetApp SnapCenter may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed. This...

Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility

Two now-patched security flaws impacting Cisco Smart Licensing Utility are seeing active exploitation attempts, according to SANS Internet Storm Center. The two critical-rated vulnerabilities in question are listed below - CVE-2024-20439 CVSS score: 9.8 - The presence of an undocumented static us...

CVE-2025-29925

XWiki Platform REST API vulnerability CVE-2025-29925: the /rest/wikis/[wikiName]/pages endpoint could disclose information about protected/private pages to unauthenticated users before fixes. The issue occurs because the endpoint listed pages even when the user had no view rights, notably when th...

Security update for the Linux Kernel RT (Live Patch 5 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506001017 fixes several issues. The following security issues were fixed: CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fillframeinfo bsc1235452. CVE-2024-50302: HID: core: zero-initialize the report buffer bsc1233679. Patch Instructions:...

Huawei EulerOS: Security Advisory for rsync (EulerOS-SA-2025-1238)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-968P-4WVH-CQC8 Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups

Impact When using Babel to compile regular expression named capturing groups, Babel will generate a polyfill for the .replace method that has quadratic complexity on some specific replacement pattern strings i.e. the second argument passed to .replace. Your generated code is vulnerable if all the...