Important: Red Hat Security Advisory: Red Hat Developer Hub 1.6.2 release.

Red Hat Developer Hub 1.6.2 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

kafka-clients: privilege escalation to filesystem read-access via automatic ConfigProvider

A flaw was found in Apache Kafka Clients. Apache Kafka Clients accepts configuration data for customizing behavior and includes ConfigProvider plugins to manipulate these configurations. Apache Kafka also provides FileConfigProvider, DirectoryConfigProvider, and EnvVarConfigProvider...

CVE-2025-53206

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HT Plugins HT Mega – Absolute Addons for WPBakery Page Builder ht-mega-for-wpbakery allows Stored XSS.This issue affects HT Mega – Absolute Addons for WPBakery Page Builder: from n/a through = 1.0....

CVE-2025-53199

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HT Plugins HT Slider For Elementor ht-slider-for-elementor allows DOM-Based XSS.This issue affects HT Slider For Elementor: from n/a through = 1.6.5...

CLSA-2025-1751142388 grafana: Fix of CVE-2022-31130

CVE-2022-31130: fix potential leak of authentication tokens to plugins...

CLSA-2025-1751141865 gstreamer1-plugins-base: Fix of CVE-2023-37328

CVE-2023-37328: fix subrip tag parsing to prevent out-of-bounds access in gstsubparse...

CLSA-2025-1751141320 gstreamer1-plugins-good: Fix of CVE-2024-47613

CVE-2024-47613: fix integer overflow in available data check for image tags...

CVE-2025-53206 WordPress HT Mega – Absolute Addons for WPBakery Page Builder plugin <= 1.0.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HT Plugins HT Mega – Absolute Addons for WPBakery Page Builder ht-mega-for-wpbakery allows Stored XSS.This issue affects HT Mega – Absolute Addons for WPBakery Page Builder: from n/a through = 1.0....

Oracle Linux 10 : gstreamer1-plugins-bad-free (ELSA-2025-8184)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-8184 advisory. 1.24.11-2 - fix for CVE-2025-3887 Resolves: RHEL-93045 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...

SUSE SLES15: gstreamer-plugins-base / gstreamer-plugins-base-devel / etc (SUSE-SU-2025:02020-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02020-1 advisory. - CVE-2024-47538: Fixed stack-buffer overflow in vorbishandleidentificationpacket bnc1234415 - CVE-2024-47600: Fixed out-of-bounds...

airflow-oracle-snowflake-plugin (>=0.1.0 <=0.1.2), airflow-provider-cloe (>=20221202.9.0 <=20221202.13.0) +3 more potentially affected by CVE-2025-50213 via apache-airflow-providers-snowflake (>=1.1.0 <=6.13.0)

apache-airflow-providers-snowflake PYPI version =1.1.0, =0.1.0, =20221202.9.0, =0.0.4, =0.1.0, =0.1.1 Source cves: CVE-2025-50213 Source advisory: OSV:GHSA-9R64-3WMC-X8M8...

SUSE SLES15 Security Update : gstreamer-plugins-good (SUSE-SU-2025:02053-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02053-1 advisory. - CVE-2025-47183: Fixed out-of-bounds read in MOV/MP4 demuxer bsc1244406. - CVE-2025-47219: Fixed out-of-bounds read in MOV/MP4...

SUSE SLED15: gstreamer-plugins-good / gstreamer-plugins-good-32bit / etc (SUSE-SU-2025:02058-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02058-1 advisory. - CVE-2025-47183: Fixed out-of-bounds read in MOV/MP4 demuxer bsc1244406. - CVE-2025-47219: Fix...

GLSA-202506-02 : GStreamer, GStreamer Plugins: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202506-02 GStreamer, GStreamer Plugins: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in GStreamer, GStreamer Plugins. Please review the CVE identifiers referenced below for details. Tenable has extracted...

CVE-2025-52882 Claude Code IDE extensions allow websocket connections from arbitrary origins

Claude Code is an agentic coding tool. Claude Code extensions in VSCode and forks e.g., Cursor, Windsurf, and VSCodium and JetBrains IDEs e.g., IntelliJ, Pycharm, and Android Studio are vulnerable to unauthorized websocket connections from an attacker when visiting attacker-controlled webpages...

SUSE-SU-2025:0063-1 Security update for gstreamer-plugins-good

This update for gstreamer-plugins-good fixes the following issues: - CVE-2024-47540: Fixed an uninitialized stack memory in Matroska/WebM demuxer. boo1234421 - CVE-2024-47537: Fixed an out-of-bounds write in isomp4/qtdemux.c. boo1234414 - CVE-2024-47543: Fixed an out-of-bounds write in...

SUSE-SU-2025:00063-1 Security update for gstreamer-plugins-good

This update for gstreamer-plugins-good fixes the following issues: - CVE-2024-47540: Fixed an uninitialized stack memory in Matroska/WebM demuxer. boo1234421 - CVE-2024-47537: Fixed an out-of-bounds write in isomp4/qtdemux.c. boo1234414 - CVE-2024-47543: Fixed an out-of-bounds write in...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the pdfjs-1.4.20 component under public/plugins/. An attacker can execute arbitrary JavaScript code in the context of the user's browser by injecting malicious scripts into PDF files rendered by the...

openSUSE Security Advisory (SUSE-SU-2025:02058-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2025:02058-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...