CLSA-2025-1749569161 java-1.8.0-openjdk: Fix of 3 CVEs

Upgrade openjdk-shenandoah-jdk8u-shenandoah-jdk8u452-b09. That fixes the following CVE: CVE-2025-21587, CVE-2025-30691 and CVE-2025-30698...

CVE-2025-30145

GeoServer is an open source server that allows users to share and edit geospatial data. Malicious Jiffle scripts can be executed by GeoServer, either as a rendering transformation in WMS dynamic styles or as a WPS process, that can enter an infinite loop to trigger denial of service. This...

PT-2025-24718 · Fortinet · Fortiadc

Name of the Vulnerable Software and Affected Versions: FortiADC versions 6.1 through 7.6.1 FortiADC version 7.0 FortiADC versions 7.1.0 through 7.1.4 FortiADC versions 7.2.0 through 7.2.7 FortiADC versions 7.4.0 through 7.4.6 FortiADC versions 7.6.0 through 7.6.1 FortiADC version 6.2 Description:...

Medium: mariadb1011

Issue Overview: MariaDB Server 10.10 through 10.11. and 11.0 through 11.4. crashes in JOIN::fixallsplittingsinplan. CVE-2023-52971 Affected Packages: mariadb1011 Issue Correction: Run dnf update mariadb1011 --releasever 2023.7.20250609 to update your system. New Packages: aarch64: ...

PT-2025-25017 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.22 and earlier Description: A stored Cross-Site Scripting XSS issue affects the software, allowing a low-privileged attacker to inject malicious scripts into vulnerable form fields. When a victim browses ...

PT-2025-25012 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.22 and earlier Description: A stored Cross-Site Scripting XSS issue affects the software, allowing an attacker with limited privileges to inject malicious scripts into vulnerable form fields. This could...

PT-2025-25073 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.22 and earlier Description: A stored Cross-Site Scripting XSS issue affects the software, allowing an attacker with limited privileges to inject malicious scripts into vulnerable form fields. This could...

PT-2025-25141 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.22 and earlier Description: A stored Cross-Site Scripting XSS issue affects the software, allowing a low-privileged attacker to inject malicious scripts into vulnerable form fields. When a victim browses ...

PT-2025-25134 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.22 and earlier Description: A stored Cross-Site Scripting XSS issue affects the software, allowing an attacker with limited privileges to inject malicious scripts into vulnerable form fields. This could...

PT-2025-24976 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.22 and earlier Description: A stored Cross-Site Scripting XSS issue affects the software, allowing an attacker with limited privileges to inject malicious scripts into vulnerable form fields. This could...

PT-2025-24650 · WordPress · The Ultimate Blocks

Name of the Vulnerable Software and Affected Versions: The Ultimate Blocks – WordPress Blocks Plugin versions up to, and including, 3.3.3 Description: The issue is related to Stored Cross-Site Scripting via multiple widgets due to insufficient input sanitization and output escaping. This allows...

PT-2025-25069 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.22 and earlier Description: A stored Cross-Site Scripting XSS issue affects the software, allowing an attacker with limited privileges to inject malicious scripts into vulnerable form fields. This could...

PT-2025-24957 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.22 and earlier Description: A stored Cross-Site Scripting XSS issue affects the software, allowing a low-privileged attacker to inject malicious scripts into vulnerable form fields. When a victim browses ...

PT-2025-24909 · Unknown · Code-Projects School Fees Payment System

Name of the Vulnerable Software and Affected Versions: code-projects School Fees Payment System version 1.0 Description: A critical issue has been found in the system, affecting an unknown part of the file /ajx.php. The manipulation of the name startsWith argument leads to SQL injection. It is...

PT-2025-24980 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.22 and earlier Description: A stored Cross-Site Scripting XSS issue affects the software, allowing an attacker with limited privileges to inject malicious scripts into vulnerable form fields. This could...

PT-2025-24707 · Fortinet · Forticlientems

Name of the Vulnerable Software and Affected Versions: Fortinet FortiClientEMS versions 7.2.4 and earlier, Fortinet FortiClientEMS version 7.4.0 Description: The issue is related to an improper authentication flaw that allows an unauthenticated attacker, with knowledge of the targeted user's FCTU...

Android 16 Security Release NotesStay organized with collectionsSave and categorize content based on your preferences.

This Android Security Release Notes contains details of security vulnerabilities affecting Android devices which are addressed as part of Android 16. Android 16 devices with a security patch level of 2025-07-01 or later are protected against these issues Android 16, as released on AOSP, will have...

Pion Interceptor's improper RTP padding handling allows remote crash for SFU users (DoS)

Impact Pion Interceptor versions v0.1.36 through v0.1.38 contain a bug in a RTP packet factory that can be exploited to trigger a panic with Pion based SFU via crafted RTP packets, This only affect users that use pion/interceptor. Patches Upgrade to v0.1.39 or later, which includes PR 338 which...

GHSA-F26W-GH5M-QQ77 Pion Interceptor's improper RTP padding handling allows remote crash for SFU users (DoS)

Impact Pion Interceptor versions v0.1.36 through v0.1.38 contain a bug in a RTP packet factory that can be exploited to trigger a panic with Pion based SFU via crafted RTP packets, This only affect users that use pion/interceptor. Patches Upgrade to v0.1.39 or later, which includes PR 338 which...

CVE-2025-49004 Hijacking Caido instance during the initial setup via DNS Rebinding to achieve RCE

Caido is a web security auditing toolkit. Prior to version 0.48.0, due to the lack of protection for DNS rebinding, Caido can be loaded on an attacker-controlled domain. This allows a malicious website to hijack the authentication flow of Caido and achieve code execution. A malicious website load...