SUSE CVE-2025-68198

In the Linux kernel, the following vulnerability has been resolved: crash: fix crashkernel resource shrink When crashkernel is configured with a high reservation, shrinking its value below the low crashkernel reservation causes two issues: 1. Invalid crashkernel resource objects 2. Kernel crash i...

CVE-2025-68198

In the Linux kernel, the following vulnerability has been resolved: crash: fix crashkernel resource shrink When crashkernel is configured with a high reservation, shrinking its value below the low crashkernel reservation causes two issues: 1. Invalid crashkernel resource objects 2. Kernel crash i...

AZL-72442 CVE-2025-68198 affecting package kernel for versions less than 6.6.119.3-1

In the Linux kernel, the following vulnerability has been resolved: crash: fix crashkernel resource shrink When crashkernel is configured with a high reservation, shrinking its value below the low crashkernel reservation causes two issues: 1. Invalid crashkernel resource objects 2. Kernel crash i...

CVE-2025-68198

In the Linux kernel, the following vulnerability has been resolved: crash: fix crashkernel resource shrink When crashkernel is configured with a high reservation, shrinking its value below the low crashkernel reservation causes two issues: 1. Invalid crashkernel resource objects 2. Kernel crash i...

SUSE-SU-2025:3965-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: - CVE-2025-53057: Fixed an issue where an unauthenticated attacker can achieve unauthorized creation, deletion or modification access to critical data bsc1252414 - CVE-2025-53066: Fixed an issue where an unauthenticated attacker can achieve...

SUSE-SU-2025:3859-1 Security update for java-21-openjdk

This update for java-21-openjdk fixes the following issues: Update to upstream tag jdk-21.0.9+10 October 2025 CPU: - CVE-2025-53057: Fixed unauthenticated attacker can achieve unauthorized creation, deletion or modification access to critical data bsc1252414. - CVE-2025-53066: Fixed unauthenticat...

Omni is Vulnerable to DoS via Empty Create/Update Resource Requests

Summary A nil pointer dereference vulnerability in the Omni Resource Service allows unauthenticated users to cause a server panic and denial of service by sending empty create/update resource requests through the API endpoints. Details The vulnerability exists in the isSensitiveSpec function whic...

GHSA-4P3P-CR38-V5XP Omni is Vulnerable to DoS via Empty Create/Update Resource Requests

Summary A nil pointer dereference vulnerability in the Omni Resource Service allows unauthenticated users to cause a server panic and denial of service by sending empty create/update resource requests through the API endpoints. Details The vulnerability exists in the isSensitiveSpec function whic...

EUVD-2023-55079

Malicious code in bioql PyPI...

CVE-2025-27584

A stored cross-site scripting XSS vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System SIS EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the First Name parameter at /rest/staffResource/update...

CVE-2025-25950

Incorrect access control in the component /rest/staffResource/update of Serosoft Solutions Pvt Ltd Academia Student Information System SIS EagleR v1.0.118 allows create and modify user accounts, including an Administrator account...

CVE-2025-25949

A stored cross-site scripting XSS vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System SIS EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the User ID parameter at /rest/staffResource/update...

PT-2025-9240

Name of the Vulnerable Software and Affected Versions Serosoft Solutions Pvt Ltd Academia Student Information System SIS EagleR version 1.0.118 Description The issue is related to incorrect access control in the component "/rest/staffResource/update" of the affected software, allowing unauthorize...

PT-2025-9571

Name of the Vulnerable Software and Affected Versions Serosoft Solutions Pvt Ltd Academia Student Information System SIS EagleR version 1.0.118 Description The issue is related to incorrect access control in the /rest/staffResource/update component, allowing unauthorized creation and modification...

CVE-2023-50267 MeterSphere horizontal privilege escalation vulnerability of resources in project scope.

MeterSphere is a one-stop open source continuous testing platform. Prior to 2.10.10-lts, the authenticated attackers can update resources which don't belong to him if the resource ID is known. This issue if fixed in 2.10.10-lts. There are no known workarounds...