CVE-2025-32777 Volcano Scheduler Denial of Service via Unbounded Response from Elastic Service/extender Plugin

Volcano is a Kubernetes-native batch scheduling system. Prior to versions 1.11.2, 1.10.2, 1.9.1, 1.11.0-network-topology-preview.3, and 1.12.0-alpha.2, attacker compromise of either the Elastic service or the extender plugin can cause denial of service of the scheduler. This is a privilege...

CVE-2025-32971 XWiki Solr script service doesn't take dropped programming right into account

XWiki is a generic wiki platform. In versions starting from 4.5.1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the Solr script service doesn't take dropped programming rights into account. The Solr script service that is accessible in XWiki's...

Exploit for Cross-Site Request Forgery (CSRF) in Nosurf_Project Nosurf

CVE-2025-46721: CSRF...

Security update for the Linux Kernel (Live Patch 52 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059188 fixes one issue. The following security issue was fixed: CVE-2024-56650: netfilter: xtables: fix LED ID check in ledtgcheck bsc1235431. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

PT-2025-18218 · Undefined · Undefined

🛡️ ALERT: CISA Adds Broadcom & Commvault Vulnerabilities to KEV Database These flaws are actively exploited in the wild. If you're running affected products, patch ASAP. 📌 Broadcom ID: CVE-2023-12345 📌 Commvault ID: CVE-2024-67890 📆 Mitigation deadline: Insert date if known https://t.co/dtEaewjtfL...

Important: kernel-livepatch-6.1.127-135.201

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netem: Update sch-q.qlen before qdisctreereducebacklog CVE-2025-21703 Affected Packages: kernel-livepatch-6.1.127-135.201 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Important: kernel-livepatch-5.10.234-225.910

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netem: Update sch-q.qlen before qdisctreereducebacklog CVE-2025-21703 Affected Packages: kernel-livepatch-5.10.234-225.910 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Important: kernel-livepatch-6.1.128-136.201

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netem: Update sch-q.qlen before qdisctreereducebacklog CVE-2025-21703 Affected Packages: kernel-livepatch-6.1.128-136.201 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Security update for the Linux Kernel RT (Live Patch 4 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506001014 fixes several issues. The following security issues were fixed: CVE-2024-53237: Bluetooth: fix use-after-free in deviceforeachchild bsc1235008. CVE-2024-53082: virtionet: Add hashkeylength check bsc1233677. CVE-2024-8805: Bluetooth: hcievent: Alig...

PT-2025-18252 · Ctrlx Os · Ctrlx Os

Name of the Vulnerable Software and Affected Versions: ctrlX OS affected versions not specified Description: A vulnerability in the users configuration file of ctrlX OS may allow a remote authenticated low-privileged attacker to recover the plaintext passwords of other users. Recommendations: At...

Security update for mozjs60

This update for mozjs60 fixes the following issues: CVE-2024-56431: Fixed a negative shift in huffdec.c bsc1234837. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed...

CVE-2025-32968

XWiki is a generic wiki platform. In versions starting from 1.6-milestone-1 to before 15.10.16, 16.4.6, and 16.10.1, it is possible for a user with SCRIPT right to escape from the HQL execution context and perform a blind SQL injection to execute arbitrary SQL statements on the database backend...

CVE-2025-32951 io.jmix.rest:jmix-rest allows XSS in the /files Endpoint of the Generic REST API

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends...

March episode “In the Trend of VM” (#13): vulnerabilities of Microsoft, PAN-OS, СommuniGate and who should patch hosts with deployed application

March episode "In the Trend of VM" 13: vulnerabilities of Microsoft, PAN-OS, СommuniGate and who should patch hosts with deployed application. I'm posting the translated video with a big delay, but it's better than never. Video on YouTube and LinkedIn Post on Habr rus Digest on the PT website...

japhub.com Cross Site Scripting vulnerability OBB-4047553

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2025-2314

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.13.5 due to insufficient input sanitization and output escaping on...

CVE-2025-30702

Vulnerability in the Fleet Patching and amp; Provisioning component of Oracle Database Server. Supported versions that are affected are 19.3-19.26. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Fleet Patching and amp; Provisioning...

CVE-2025-2314

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.13.5 due to insufficient input sanitization and output escaping on...

Important: kernel-livepatch-4.14.355-275.582

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: hvsock: Initializing vsk-trans to NULL to prevent a dangling pointer CVE-2024-53103 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free when attempting to join an aborted...

CVE-2025-30702

Vulnerability in the Fleet Patching and amp; Provisioning component of Oracle Database Server. Supported versions that are affected are 19.3-19.26. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Fleet Patching and amp; Provisioning...