ruby:3.1 security update

ruby 3.1.7-146 - Upgrade to Ruby 3.1.7. Resolves: RHEL-55410 - Fix DoS vulnerability in REXML. CVE-2024-39908 Resolves: RHEL-86077...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21959)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21959 advisory. - In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconncount: Fully initialize...

ruby:3.3 security update

ruby 3.3.8-4 - Upgrade to Ruby 3.3.8. Resolves: RHEL-86933 - Fix Net::IMAP vulnerable to possible DoS by memory exhaustion. CVE-2025-25186 - Fix Denial of Service in CGI::Cookie.parse. CVE-2025-27219 Resolves: RHEL-87182 - Fix userinfo leakage in URIjoin, URImerge and URI+. CVE-2025-27221...

CVE-2025-46553

@misskey-dev/summaly is a tool for getting a summary of a web page. Starting in version 3.0.1 and prior to version 5.2.1, a logic error in the main summaly function causes the allowRedirects option to never be passed to any plugins, and as a result, isn't enforced. Misskey will follow redirects,...

CVE-2025-46340

Misskey is an open source, federated social media platform. Starting in version 12.0.0 and prior to version 2025.4.1, due to an oversight in the validation performed in UrlPreviewService and MkUrlPreview, it is possible for an attacker to inject arbitrary CSS into the MkUrlPreview component...

GHSA-HG9M-67MM-7PG3 Keystone has an unintended `isFilterable` bypass that can be used as an oracle to match hidden fields

Summary field.isFilterable access control can be bypassed in update and delete mutations by adding additional unique filters. These filters can be used as an oracle to probe the existence or value of otherwise unreadable fields. Specifically, when a mutation includes a where clause with multiple...

Security Bulletin: Vulnerability in jinja2 affects IBM Cloud Pak for Data System 1.0(CPDS 1.0)[CVE-2024-56201, CVE-2024-56326].

Summary The jinja2 package is used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE CVE-2024-56201, CVE-2024-56326. Vulnerability Details CVEID:CVE-2024-56201 DESCRIPTION: Jinja is an extensible templating engine. In versions on the 3.x bran...

CVE-2024-51991 October CMS Allows Unprotected SVG Rename in Media Manager

October is a Content Management System CMS and web platform. A vulnerability in versions prior to 3.7.5 affects authenticated administrators with sites that have the media.cleanvectors configuration enabled. This configuration will sanitize SVG files uploaded using the media manager. This...

CVE-2025-22872 affecting package cni-plugins for versions less than 1.3.0-8

CVE-2025-22872 affecting package cni-plugins for versions less than 1.3.0-8. A patched version of the package is available...

CVE-2024-57834 affecting package kernel for versions less than 5.15.179.1-1

CVE-2024-57834 affecting package kernel for versions less than 5.15.179.1-1. A patched version of the package is available...

October CMS Allows Unprotected SVG Rename in Media Manager

Impact This advisory affects authenticated administrators with sites that have the media.cleanvectors configuration enabled. This configuration will sanitize SVG files uploaded using the media manager. This vulnerability allows an authenticated user to bypass this protection by uploading it with ...

net: atm: fix use after free in lec_send()

...

PT-2025-19733 · NetGear · Netgear Rax5

Name of the Vulnerable Software and Affected Versions: NETGEAR RAX5 version 1.0.2.26 Description: A command injection issue was discovered in the NETGEAR RAX5 AX1600 WiFi Router via the ifname parameter in the apcli wps gen pincode function. This allows for potential exploitation. Recommendations...

nodejs:20 security update

nodejs 1:20.19.1-1 - Update to version 20.19.1 Resolves: RHEL-78763 1:20.18.2-4 - Update c-ares to 1.34.5 to address CVE-2025-31498...

PT-2025-19762 · Unknown · Sourcecodester/Oretnom23 Stock Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester/oretnom23 Stock Management System version 1.0 Description: A critical issue affects the processing of the file /classes/Login.php?f=login, where the manipulation of the Username argument leads to SQL injection. The attack can b...

PT-2025-19376

Name of the Vulnerable Software and Affected Versions WSO2 API Manager versions 2.0.0 and earlier Description An XML External Entity XXE vulnerability exists in the gateway component of WSO2 API Manager due to insufficient validation of XML input in crafted URL paths. User-supplied XML is parsed...

PT-2025-19790

Name of the Vulnerable Software and Affected Versions BuddyBoss Platform Pro plugin for WordPress versions up to, and including, 2.7.01 Description The issue is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes i...

Wear OS Security Bulletin—May 2025Stay organized with collectionsSave and categorize content based on your preferences.

The Wear OS Security Bulletin contains details of security vulnerabilities affecting the Wear OS platform. The full Wear OS update comprises the security patch level of 2025-05-05 or later from the May 2025 Android Security Bulletin in addition to all issues in this bulletin. We encourage all...

PT-2025-18954 · Unknown · Phpgurukul Online Birth Certificate System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Birth Certificate System version 2.0 Description: A critical vulnerability was found in the PHPGurukul Online Birth Certificate System. The issue affects an unknown functionality of the file /admin/between-dates-report.php...

PT-2025-18933 · WordPress · Advanced Reorder Image Text Slider

Name of the Vulnerable Software and Affected Versions: Advanced Reorder Image Text Slider plugin for WordPress versions up to, and including, 1.0 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the...