SUSE SLES15 Security Update : php8 (SUSE-SU-2026:0086-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0086-1 advisory. Security fixes: - CVE-2025-14177: getimagesize function may leak uninitialized heap memory into the APPn segments when reading imag...

Veeam Backup and Replication < 13.0.1.1071 Multiple Vulnerabilities (January 2026) (KB4792)

The version of Veeam Backup and Replication installed on the remote Windows host is prior to 13.0.1.1071. It is, therefore, affected by multiple vulnerabilities: - This vulnerability allows a Backup or Tape Operator to perform remote code execution RCE as root by creating a malicious backup...

Exploit for CVE-2025-59470

CVE-2025-59470 CVE-2025-59470 PoC exploit targeting Veeam B...

CVE-2025-59470

This vulnerability allows a Backup Operator to perform remote code execution RCE as the postgres user by sending a malicious interval or order parameter...

CVE-2025-59470

This vulnerability allows a Backup Operator to perform remote code execution RCE as the postgres user by sending a malicious interval or order parameter...

CVE-2025-59468

This vulnerability allows a Backup Administrator to perform remote code execution RCE as the postgres user by sending a malicious password parameter...

CVE-2025-59468

This vulnerability allows a Backup Administrator to perform remote code execution RCE as the postgres user by sending a malicious password parameter...

CVE-2025-59470

The CVE-2025-59470 issue affects Veeam Backup & Replication (versions 13.0.1.180 and earlier). The vulnerability allows a user with Backup or Tape Operator privileges to trigger remote code execution as the postgres user by sending crafted interval or order parameters in backup configurations. Pu...

CVE-2025-59468

CVE-2025-59468 affects Veeam Backup & Replication. A Backup Administrator can achieve remote code execution as the postgres user by submitting a crafted password parameter. Red Hat and other sources corroborate the issue; Veeam’s KB4792 confirms the remediation: upgrade to 13.0.1.1071 where this ...

CVE-2025-59468

This vulnerability allows a Backup Administrator to perform remote code execution RCE as the postgres user by sending a malicious password parameter...

CVE-2025-59468

This vulnerability allows a Backup Administrator to perform remote code execution RCE as the postgres user by sending a malicious password parameter...

CVE-2025-59470

This vulnerability allows a Backup Operator to perform remote code execution RCE as the postgres user by sending a malicious interval or order parameter...

CVE-2025-59470

This vulnerability allows a Backup Operator to perform remote code execution RCE as the postgres user by sending a malicious interval or order parameter...

Security update for php8

This update for php8 fixes the following issues: Security fixes: CVE-2025-14177: getimagesize function may leak uninitialized heap memory into the APPn segments when reading images in multi-chunk mode bsc1255710. CVE-2025-14178: heap buffer overflow occurs in arraymerge when the total element cou...

PT-2026-1821

Name of the Vulnerable Software and Affected Versions Veeam affected versions not specified Description The software contains a flaw that enables a Backup Administrator to execute code remotely as the postgres user. This is achieved by submitting a crafted password parameter. The issue allows for...

PT-2026-1644

Veeam Backup & Replication and Affected Versions Veeam Backup & Replication versions 13.0.1.180 and earlier Description A critical remote code execution RCE vulnerability exists in Veeam Backup & Replication software. This flaw, tracked as CVE-2025-59470, has a CVSS score of 9.0 and allows a user...

cbtham-feast-az-provider (>=0.2.299b0 <=0.2.302), elemeno-ai-sdk (>=0.0.77 <=0.6.11) +19 more potentially affected by CVE-2025-11157 via feast (>=0.14.1 <=0.49.0)

feast PYPI version =0.14.1, =0.2.299b0, =0.0.77, =0.0.1, =0.2.2, =0.1.0, =0.3.0, =0.0.2, =1.0.0, =0.1.0, =0.1.33, =1.0.5 and more Source cves: CVE-2025-11157 Source advisory: OSV:GHSA-34WM-4HW7-QFJV...

PT-2026-7843

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.2 PostgreSQL versions prior to 17.8 PostgreSQL versions prior to 16.12 PostgreSQL versions prior to 15.16 PostgreSQL versions prior to 14.21 Description A flaw exists in PostgreSQL due to improper validation of...

AZL-73201 CVE-2025-14180 affecting package php for versions less than 8.3.29-1

In PHP versions 8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTREMULATEPREPARES enabled, an invalid character sequence such as \x99 in a prepared statement parameter may cause the quoting function...

PT-2025-52690

Name of the Vulnerable Software and Affected Versions Hasura GraphQL version 1.3.3 Description Hasura GraphQL version 1.3.3 has a local file read issue. Attackers can access system files through SQL injection in the query endpoint. Exploitation involves the pg read file PostgreSQL function via...