SUSE-SU-2025:01929-1 Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024153 fixes one issue. The following security issue was fixed: - CVE-2024-57996: netsched: schsfq: do not allow 1 packet limit bsc1239077...

WordPress WP Views Counter plugin <= 2.0.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin WP Views Counter versions = 2.0.3...

SUSE-SU-2025:01596-2 Security update for helm

This update for helm fixes the following issues: help was updated to version 3.17.3: Helm v3.17.3 is a security patch release. Users are strongly recommended to update to this release. Changelog - Unarchiving fix e4da497 Matt Farina...

SUSE-SU-2025:01748-2 Security update for postgresql15

This update for postgresql15 fixes the following issues: Upgrade to 15.13: - CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation bsc1242931 Changelog: https://www.postgresql.org/docs/release/15.13/...

Security Bulletin: Malicious clients with network access to the collector may perform a timing attack against a collector with this authenticator to guess the configured tokens, affects watsonx.data

Summary The bearertokenauth extension's server authenticator performs a simple, non-constant time string comparison of the received & configured bearer tokens. This impacts anyone using the bearertokenauth server authenticator. Malicious clients with network access to the collector may perform a...

CVE-2025-4601

The "RH - Real Estate WordPress Theme" theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 4.4.0. This is due to the theme not properly restricting user roles that can be updated as part of the inspiryupdateprofile function. This makes it possible for...

Important: mod_security

Issue Overview: ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json,...

PT-2025-25356 · Unknown · Yangyouwang Crud

Name of the Vulnerable Software and Affected Versions: yangyouwang crud version 1.0.0 Description: The issue is related to Cross Site Scripting XSS via the role management function. Recommendations: For version 1.0.0, as a temporary workaround, consider restricting access to the role management...

PT-2025-26575 · Suse · Helm

This update for helm fixes the following issues: help was updated to version 3.17.3: Helm v3.17.3 is a security patch release. Users are strongly recommended to update to this release. Changelog - Unarchiving fix e4da497 Matt Farina...

Medium: openssh

Issue Overview: In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding. CVE-2025-32728 Affected Packages: openssh Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ...

Mageia: Security Advisory (MGASA-2025-0182)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Google Chrome Security Update (stable-channel-update-for-desktop_10-2025-06) - Windows

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

macOS 15.x < 15.3.1 (122900)

The remote host is running a version of macOS / Mac OS X that is 15.x prior to 15.3.1. It is, therefore, affected by a vulnerability: - An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. CVE-2025-43200 Note that Nessus has not tested for this issue bu...

Exploit for CVE-2025-24514

🔥 CVE-2025-24514 원격 취약점 점검 PoC 이 스크립트는 CVE-2025-24514 취약점ing...

CVE-2025-48062

Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, certain invites via email may result in HTML injection in the email body if the topic title includes HTML...

SUSE-SU-2025:01893-1 Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005594 fixes several issues. The following security issues were fixed: - CVE-2022-49080: mm/mempolicy: fix mpolnew leak in sharedpolicyreplace bsc1238324. - CVE-2024-58013: Bluetooth: MGMT: Fix slab-use-after-free Read in mgmtremoveadvmonitorsync...

WordPress Xagio SEO plugin <= 7.1.0.16 - Unauthenticated Stored Cross-Site Scripting via 'HTTP_REFERER' vulnerability

Unauthenticated Stored Cross-Site Scripting via 'HTTPREFERER' vulnerability discovered by Jack Taylor in WordPress Plugin Xagio SEO versions = 7.1.0.16...

Slackware Linux 15.0 / current mozilla-thunderbird Vulnerability (SSA:2025-162-01)

The version of mozilla-thunderbird installed on the remote host is prior to 128.11.1esr. It is, therefore, affected by a vulnerability as referenced in the SSA:2025-162-01 advisory. New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues. Tenable has...

OctoPrint Vulnerable to Denial of Service through malformed HTTP request in OctoPrint

Impact OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become unresponsive. This could be used to effectively run ...

CVE-2025-48879

OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become unresponsive. The issue can be triggered by a broken...