PT-2025-18252 · Ctrlx Os · Ctrlx Os

Name of the Vulnerable Software and Affected Versions: ctrlX OS affected versions not specified Description: A vulnerability in the users configuration file of ctrlX OS may allow a remote authenticated low-privileged attacker to recover the plaintext passwords of other users. Recommendations: At...

Security update for mozjs60

This update for mozjs60 fixes the following issues: CVE-2024-56431: Fixed a negative shift in huffdec.c bsc1234837. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed...

CVE-2025-32968

XWiki is a generic wiki platform. In versions starting from 1.6-milestone-1 to before 15.10.16, 16.4.6, and 16.10.1, it is possible for a user with SCRIPT right to escape from the HQL execution context and perform a blind SQL injection to execute arbitrary SQL statements on the database backend...

CVE-2025-32951 io.jmix.rest:jmix-rest allows XSS in the /files Endpoint of the Generic REST API

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends...

March episode “In the Trend of VM” (#13): vulnerabilities of Microsoft, PAN-OS, СommuniGate and who should patch hosts with deployed application

March episode "In the Trend of VM" 13: vulnerabilities of Microsoft, PAN-OS, СommuniGate and who should patch hosts with deployed application. I'm posting the translated video with a big delay, but it's better than never. Video on YouTube and LinkedIn Post on Habr rus Digest on the PT website...

japhub.com Cross Site Scripting vulnerability OBB-4047553

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2025-2314

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.13.5 due to insufficient input sanitization and output escaping on...

CVE-2025-30702

Vulnerability in the Fleet Patching and amp; Provisioning component of Oracle Database Server. Supported versions that are affected are 19.3-19.26. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Fleet Patching and amp; Provisioning...

CVE-2025-2314

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.13.5 due to insufficient input sanitization and output escaping on...

Important: kernel-livepatch-4.14.355-275.582

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: hvsock: Initializing vsk-trans to NULL to prevent a dangling pointer CVE-2024-53103 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free when attempting to join an aborted...

CVE-2025-30702

Vulnerability in the Fleet Patching and amp; Provisioning component of Oracle Database Server. Supported versions that are affected are 19.3-19.26. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Fleet Patching and amp; Provisioning...

CVE-2025-30702

Vulnerability in the Fleet Patching and amp; Provisioning component of Oracle Database Server. Supported versions that are affected are 19.3-19.26. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Fleet Patching and amp; Provisioning...

CVE-2025-30732

...

CVE-2025-30724

...

CVE-2025-30701

Oracle Database Server’s RAS Security component is affected in 19.3–19.26, 21.3–21.17, and 23.4–23.7. Baseline: attacker with low user privileges and network access via Oracle Net can exploit, with user interaction required, to gain unauthorized create/delete/modify access to RAS Security data. C...

CVE-2025-30690

...

CVE-2025-21579

...

CVE-2025-32780 BleachBit for Windows Has DLL Untrusted Path Vulnerability

BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.6.2 is vulnerable to a DLL Hijacking vulnerability. By placing a malicious DLL with the name uuid.dll in the folder C:\Users\AppData\Local\Microsoft\WindowsApps, an attacker can execute...

Security Bulletin: Qiskit SDK Vulnerability Allows Remote Attackers to Cause Denial of Service via Maliciously Crafted QPY File

Summary A maliciously crafted QPY file containing a malformed symengine serialization stream as part of the larger QPY serialization of a ParameterExpression object can cause a segfault within the symengine library, allowing an attacker to terminate the hosting process. Vulnerability Details...

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Envoy denial of service vulnerabilitiy( CVE-2024-45810).

Summary Potential Envoy denial of service vulnerabilitiy CVE-2024-45810 has been identified that affects IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-45810 DESCRIPTION: Envoy is vulnerable to ...