ALSA-2025:7417 Important: gimp security update

The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. Security Fixes: gimp: dds buffe...

dirmngr-2.5.6-1.1 on GA media (moderate)

dirmngr-2.5.6-1.1 on GA media Announcement ID: openSUSE-SU-2025:15076-1 Rating: moderate Cross-References: CVE-2025-30258 CVSS scores: CVE-2025-30258 SUSE : 2.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L CVE-2025-30258 SUSE : 1.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N...

PT-2025-21002

Name of the Vulnerable Software and Affected Versions: Microsoft Windows DWM Core Library affected versions not specified Description: The issue is related to a use-after-free vulnerability in the Windows Desktop Window Manager DWM Core Library. This vulnerability allows an authorized attacker to...

CVE-2025-31227

A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker with physical access to a device may be able to access a deleted call recording...

CVE-2025-30442

The issue was addressed with improved input sanitization. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. An app may be able to gain elevated privileges...

CVE-2025-31233

The issue was addressed with improved input sanitization. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Processing a maliciously crafted video file may lead to unexpected app...

CVE-2025-31218

CVE-2025-31218 affects macOS Sequoia 15.5 and earlier where an app could observe hostnames of new network connections via the NetworkExtension path. The issue was addressed by removing the vulnerable code and is fixed in macOS Sequoia 15.5. Reported impact: local attacker may observe hostnames; C...

CVE-2025-24144

An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.7, macOS Sequoia 15.3, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.3, visionOS 2.3, watchOS 11.3. An app may be able to leak sensitive kernel state...

OZI-Project/ozi-publish Code Injection vulnerability

Impact Potentially untrusted data flows into PR creation logic. A malicious actor could construct a branch name that injects arbitrary code. Patches This is patched in 1.13.6 Workarounds Downgrade to 1.13.2 References Understanding the Risk of Script Injections...

GHSA-2487-9F55-2VG9 OZI-Project/ozi-publish Code Injection vulnerability

Impact Potentially untrusted data flows into PR creation logic. A malicious actor could construct a branch name that injects arbitrary code. Patches This is patched in 1.13.6 Workarounds Downgrade to 1.13.2 References Understanding the Risk of Script Injections...

CVE-2025-47270

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. The nimiq-network-libp2p subcrate of nimiq/core-rs-albatross is vulnerable to a Denial of Service DoS attack due to uncontrolled memory allocation. Specifically, the...

CVE-2025-46729

julmud/phpDVDProfiler is an adoption of the defunct phpDVDProfiler project, which allows users to display on the web their DVD collections maintained with Invelos's DVDProfiler software. Starting in v20230807 and prior to v20250511, cross-site scripting in the search function. v20250511 contains ...

CVE-2025-46729 phpDVDProfiler Cross-site Scripting vulnerability

julmud/phpDVDProfiler is an adoption of the defunct phpDVDProfiler project, which allows users to display on the web their DVD collections maintained with Invelos's DVDProfiler software. Starting in v20230807 and prior to v20250511, cross-site scripting in the search function. v20250511 contains ...

CVE-2025-46729 phpDVDProfiler Cross-site Scripting vulnerability

julmud/phpDVDProfiler is an adoption of the defunct phpDVDProfiler project, which allows users to display on the web their DVD collections maintained with Invelos's DVDProfiler software. Starting in v20230807 and prior to v20250511, cross-site scripting in the search function. v20250511 contains ...

PT-2025-20691 · Invelos +1 · Dvdprofiler +1

Name of the Vulnerable Software and Affected Versions: julmud/phpDVDProfiler versions v 20230807 through v 20250510 Description: The issue concerns cross-site scripting in the search function of the software. This allows for potential malicious script execution when a user interacts with the sear...

openSUSE Security Advisory (SUSE-SU-2025:1506-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2025-20670 · Unknown · Campcodes Online Food Ordering System

Name of the Vulnerable Software and Affected Versions: Campcodes Online Food Ordering System version 1.0 Description: A critical vulnerability has been found in the Campcodes Online Food Ordering System. This issue affects an unknown part of the file /routers/router.php and allows for SQL injecti...

CVE-2025-46712

Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 for OTP-27, OTP-26.2.5.12 for OTP-26, and OTP-25.3.2.21 for OTP-25, Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages to be exchanged. This...

CVE-2023-53145

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btsdio: fix use after free bug in btsdioremove due to race condition In btsdioprobe, the data-work is bound with btsdiowork. It will be started in btsdiosendframe. If the btsdioremove runs with a unfinished work, there...

PT-2025-20632 · Unknown · Campcodes Online Food Ordering System

Name of the Vulnerable Software and Affected Versions: Campcodes Online Food Ordering System version 1.0 Description: A critical issue was found in the Campcodes Online Food Ordering System, affecting some unknown functionality of the file /routers/menu-router.php. The manipulation of the argumen...