Security update for podman

This update for podman fixes the following issues: CVE-2025-9566: fixed an issue where kube play command could cause host files to get overwritten bsc1249154 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

CLSA-2025-1760105902 binutils: Fix of CVE-2017-9042

CVE-2017-9042: readelf.c fix a possible application crash known as the "cannot be represented in type long" issue...

From Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation

Fortra on Thursday revealed the results of its investigation into CVE-2025-10035, a critical security flaw in GoAnywhere Managed File Transfer MFT that's assessed to have come under active exploitation since at least September 11, 2025. The company said it began its investigation on September 11...

SUSE-SU-2025:03522-1 Security update for openssl-1_1-livepatches

This update for openssl-11-livepatches fixes the following issues: - Add livepatch for CVE-2025-9230 bsc1250410...

SUSE CVE-2025-11495

A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elfx8664relocatesection of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclos...

CLSA-2025-1760023587 Fix CVE(s): CVE-2025-1176

SECURITY UPDATE: heap-based buffer overflow in function bfdelfgcmarkrsec - debian/patches/CVE-2025-1176.patch: prevent illegal memory access when indexing into the symhashes array of the elf bfd cookie structure - CVE-2025-1176...

CLSA-2025-1760020147 Fix CVE(s): CVE-2025-9714

SECURITY UPDATE: uncontrolled recursion causing stack overflow via crafted XPath expressions - debian/patches/CVE-2025-9714-.patch: Add comprehensive XPath DoS protection including operation limits, recursion depth controls, and proper handling of recursive invocations to prevent stack overflows...

CVE-2025-11441

A vulnerability was identified in JhumanJ OpnForm up to 1.9.3. The affected element is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper restriction of excessive authentication attempts. The attack is possible to be carrie...

CVE-2025-11529 ChurchCRM API Endpoint AuthMiddleware.php AuthMiddleware missing authentication

A security flaw has been discovered in ChurchCRM up to 5.18.0. This impacts the function AuthMiddleware of the file src/ChurchCRM/Slim/Middleware/AuthMiddleware.php of the component API Endpoint. The manipulation results in missing authentication. The attack can be executed remotely. The exploit...

CVE-2025-11438 JhumanJ OpnForm API Endpoint custom-domains authorization

A vulnerability has been found in JhumanJ OpnForm up to 1.9.3. This vulnerability affects unknown code of the file /custom-domains of the component API Endpoint. Such manipulation leads to missing authorization. The attack may be launched remotely. The exploit has been disclosed to the public and...

CVE-2025-11436

A vulnerability was detected in JhumanJ OpnForm up to 1.9.3. Affected by this issue is some unknown functionality of the file /answer. The manipulation results in unrestricted upload. The attack can be launched remotely. The exploit is now public and may be used. The patch is identified as...

GHSA-XX7H-2WF7-HC7P Liferay Portal is vulnerable to XSS through its Commerce Search Result widget

Cross-site Scripting XSS vulnerability in the Commerce Search Result widget in Liferay Portal 7.4.0 through 7.4.3.111, and Liferay DXP 2023.Q4 before patch 6, 2023.Q3 before patch 9, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload...

PT-2025-41236

Name of the Vulnerable Software and Affected Versions JhumanJ OpnForm versions up to 1.9.3 Description A security issue exists in JhumanJ OpnForm related to improper restriction of excessive authentication attempts. The issue is located within the HTTP Header Handler component and involves...

CVE-2025-11412

CVE-2025-11412 affects GNU Binutils 2.45, specifically the function bfd_elf_gc_record_vtentry in bfd/elflink.c of the linker. The issue enables an out-of-bounds read and requires local access. The exploit has been disclosed publicly. A patch identifier is listed: 047435dd988a3975d40c6626a8f739a0b...

EUVD-2016-1596

Malware in sbrugna...

EUVD-2019-9412

Malware in sbrugna...

EUVD-2010-4806

Malware in sbrugna...

EUVD-2015-8968

Malware in sbrugna...

EUVD-2021-19493

Malware in sbrugna...

EUVD-2021-16092

Malware in sbrugna...