Important: Red Hat Security Advisory: Red Hat Developer Hub 1.5.2 release.

Red Hat Developer Hub 1.5.2 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

CVE-2025-5429

A vulnerability classified as critical was found in juzaweb CMS up to 3.4.2. This vulnerability affects unknown code of the file /admin-cp/plugin/install of the component Plugins Page. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been...

SUSE: Security Advisory (SUSE-SU-2025:01737-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2025-30625

Name of the Vulnerable Software and Affected Versions GStreamer versions through 1.26.1 Description The parse subrip time function within the subparse plugin may write data beyond the allocated buffer on the stack, potentially causing a crash. Recommendations Update GStreamer to a version later...

PT-2025-30626

Name of the Vulnerable Software and Affected Versions GStreamer versions through 1.26.1 Description The subrip unescape formatting function within the subparse plugin may dereference a NULL pointer during subtitle file parsing, resulting in a crash. Recommendations Update to a version beyond 1.26...

WordPress WordPress Comments Import & Export plugin <= 2.4.3 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Jorgson in WordPress Plugin Comments Import & Export versions = 2.4.3...

CVE-2025-5429 juzaweb CMS Plugins Page install access control

A vulnerability classified as critical was found in juzaweb CMS up to 3.4.2. This vulnerability affects unknown code of the file /admin-cp/plugin/install of the component Plugins Page. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been...

CVE-2025-5429

Juzaweb CMS (versions up to 3.4.2) contains a vulnerability in the Plugins Page, specifically the /admin-cp/plugin/install endpoint. The issue is described as improper access controls that can be triggered remotely, enabling unauthorized access. Multiple connected sources corroborate the vulnerab...

Fedora: Security Advisory (FEDORA-2025-2a36564bd2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 41 : gstreamer1-plugins-bad-free (2025-2a36564bd2)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-2a36564bd2 advisory. backport fix for CVE-2025-3887 resolves rhbz2367919 Tenable has extracted the preceding description block directly from the Fedora security advisory...

CLSA-2025-1748639719 gstreamer1-plugins-base: Fix of CVE-2024-47835

CVE-2024-47835: fix NULL-pointer dereference in LRC subtitle parser...

CLSA-2025-1748638280 gstreamer1-plugins-good: Fix of 4 CVEs

CVE-2024-47775, CVE-2024-47776, CVE-2024-47777, CVE-2024-47778: fix various out-of-bounds reads in the WAV parser that can cause crashes for certain input files...

CVE-2025-4659

The Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.4.4. This makes it possible for unauthenticated attackers to retrieve the full path of the web...

CVE-2025-4659 Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.4.4 - Unauthenticated Full Path Disclosure

The Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.4.4. This makes it possible for unauthenticated attackers to retrieve the full path of the web...

CVE-2025-4659

The CVE-2025-4659 entry concerns the WordPress plugin integrating Salesforce with Contact Form 7, WPForms, Elementor, Formidable, and Ninja Forms. It exposes a Full Path Disclosure vulnerability in all versions up to and including 1.4.4, enabling unauthenticated attackers to retrieve the web appl...

SUSE: Security Advisory (SUSE-SU-2025:01729-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2025:01717-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2025:01718-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2025:01725-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for gstreamer-plugins-bad

This update for gstreamer-plugins-bad fixes the following issues: CVE-2025-3887: Fixed possible RCE vulnerability via buffer overflow in H265 Codec Parsing bsc1242809. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...