AZL-77831 CVE-2025-47278 affecting package python-flask 1.1.1-4

Flask is a web server gateway interface WSGI web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by the itsdangerous library. A list of keys can...

CVE-2025-47278

CVE-2025-47278 affects Flask 3.1.0, where itsdangerous signing key handling constructs the key list in reverse, causing the last (oldest) key to be used for signing when key rotation is configured via SECRET_KEY_FALLBACKS. The result is signing sessions with stale keys, potentially hindering tran...

CVE-2025-31493 Path traversal of collection names during file system lookup

Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the collection helper or $kirby-collection method with a dynamic collection name such as a collection name that depends on request or user data...

CVE-2025-31493 Path traversal of collection names during file system lookup

Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the collection helper or $kirby-collection method with a dynamic collection name such as a collection name that depends on request or user data...

CVE-2025-30207 Kirby vulnerable to path traversal in the router for PHP's built-in server

Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby setups that use PHP's built-in server. Such setups are commonly only used during local development. Sites that use other server software such as Apache, nginx or...

CVE-2025-30207 Kirby vulnerable to path traversal in the router for PHP's built-in server

Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby setups that use PHP's built-in server. Such setups are commonly only used during local development. Sites that use other server software such as Apache, nginx or...

CVE-2025-30159

Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the snippet helper or $kirby-snippet method with a dynamic snippet name such as a snippet name that depends on request or user data. Sites that onl...

CVE-2025-22462

An authentication bypass in Ivanti Neurons for ITSM on-prem only before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system...

CVE-2025-22462

An authentication bypass in Ivanti Neurons for ITSM on-prem only before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system...

CVE-2025-22462

Ivanti Neurons for ITSM (on‑prem) contains a high‑risk authentication bypass vulnerability (CVE-2025-22462). A remote unauthenticated attacker could gain administrative access. Affected versions are pre‑2023.4, 2024.2, and 2024.3. Remediation is available: apply the May 2025 security patches to 2...

kernel: udf: fix uninit-value use in udf_get_fileshortad

In the Linux kernel, the following vulnerability has been resolved: udf: fix uninit-value use in udfgetfileshortad Check for overflow when computing alen in udfcurrentaext to mitigate later uninit-value use in udfgetfileshortad KMSAN bug1. After applying the patch reproducer did not trigger any...

PT-2025-20995 · Microsoft · Windows Common Log File System Driver +1

Name of the Vulnerable Software and Affected Versions: Windows Common Log File System Driver versions prior to the fixed version Description: The issue is related to a use-after-free flaw in the Windows Common Log File System Driver, which allows an authorized attacker to elevate privileges...

IBM DB2 DoS (7232336) (Unix)

According to its self-reported version number, IBM Db2 on Unix may be affected by a vulnerability: - IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. CVE-2024-52903...

PT-2025-21002

Name of the Vulnerable Software and Affected Versions: Microsoft Windows DWM Core Library affected versions not specified Description: The issue is related to a use-after-free vulnerability in the Windows Desktop Window Manager DWM Core Library. This vulnerability allows an authorized attacker to...

PT-2025-20902 · Fortinet · Forticlientems Cloud +1

Name of the Vulnerable Software and Affected Versions: FortiClientEMS versions 7.4.0 through 7.4.1 FortiClientEMS Cloud versions 7.4.0 through 7.4.1 Description: A Relative Path Traversal issue may allow a remote unauthenticated attacker to perform a limited arbitrary file write on the system via...

PT-2025-23258 · Freescout · Freescout

Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.180 Description: The issue is related to Cross-Site Scripting XSS attacks due to insufficient data validation and sanitization during data reception. This allows attackers to execute malicious scripts on the...

PT-2025-23256 · Freescout · Freescout

Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.180 Description: The issue is caused by a lack of input validation and sanitization in both Session::flash and other areas, allowing user input to be executed without proper filtering. This results in a...

Huawei EulerOS: Security Advisory for glib2 (EulerOS-SA-2025-1514)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2025-20870 · Siemens · Scalance Lpe9403

Name of the Vulnerable Software and Affected Versions: SCALANCE LPE9403 versions all versions Description: A vulnerability has been identified in SCALANCE LPE9403 devices, where they do not properly validate incoming Profinet packets. An unauthenticated remote attacker can exploit this flaw by...

ALSA-2025:7417 Important: gimp security update

The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. Security Fixes: gimp: dds buffe...