PT-2025-17206 · Ibm · Ibm I

Name of the Vulnerable Software and Affected Versions: IBM i version 7.6 Description: The issue is related to a privilege escalation due to incorrect profile swapping in an OS command, allowing a malicious actor to gain root access to the host operating system. Recommendations: For IBM i version...

PT-2025-16963 · Unknown · Alfa Campro-Co

Name of the Vulnerable Software and Affected Versions: ALFA CAMPRO-co version 2.29 Description: A Buffer Overflow issue allows a remote attacker to execute arbitrary code via the newap text 0 key value. This enables the attacker to potentially gain control over the system. Recommendations: For AL...

Oracle Essbase Multiple Vulnerabilities (April 2025 CPU)

The version of Oracle Essbase installed on the remote host is missing a security patch from the April 2025 Critical Patch Update CPU. It is, therefore, affected by: - Vulnerability in Oracle Essbase component: Web Platform OpenSSL. The supported version that is affected is 21.7.1.0.0. Easily...

CVE-2025-32433

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution RCE. By exploiting a flaw in SSH protocol message handling, a malicious actor...

AZL-60441 CVE-2025-32433 affecting package erlang for versions less than 26.2.5.11-1

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution RCE. By exploiting a flaw in SSH protocol message handling, a malicious actor...

CVE-2025-32789

EspoCRM (open-source CRM) prior to version 9.0.7 is affected by a vulnerability in the user password hashing disclosure feature. The issue allows an attacker to infer other users’ password hashes by sorting the user list by the password hash, potentially enabling password changes if the attacker ...

CVE-2025-32433 Erlang/OTP SSH Vulnerable to Pre-Authentication RCE

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution RCE. By exploiting a flaw in SSH protocol message handling, a malicious actor...

CVE-2025-32433

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution RCE. By exploiting a flaw in SSH protocol message handling, a malicious actor...

CVE-2025-32433

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution RCE. By exploiting a flaw in SSH protocol message handling, a malicious actor...

CVE-2025-32433

The CVE-2025-32433 issue affects Erlang/OTP’s SSH server and is caused by a flaw in SSH message handling during authentication, enabling an unauthenticated attacker to execute arbitrary commands with the SSH daemon’s privileges (potentially root). Affected OTP versions include OTP-27.3.2?3, OTP-2...

[R1] Stand-alone Security Patch Available for Tenable Security Center versions 6.3.0, 6.4.0, 6.4.5 and 6.5.1: SC-202504.2

R1 Stand-alone Security Patch Available for Tenable Security Center versions 6.3.0, 6.4.0, 6.4.5 and 6.5.1: SC-202504.2 Arnie Cabral Wed, 04/16/2025 - 11:36 Security Center leverages third-party software to help provide underlying functionality. Several of the third-party components OpenSSL,...

GHSA-F8J4-P5CR-P777 Permission policy information leakage in Backstage permission system

Impact A vulnerability in the Backstage permission plugin backend allows callers to extract some information about the conditional decisions returned by the permission policy installed in the permission backend. If the permission system is not in use or if the installed permission policy does not...

GHSA-42FH-PVVH-999X Unregistered users can see "public" messages from a closed wiki via notifications from a different wiki

Impact This vulnerability impacts users of a subwiki of XWiki where Message Stream is enabled and use, if they configured their wiki to be closed by selecting "Prevent unregistered users to view pages" in the Administrations Rights. The vulnerability is that any message sent in a subwiki to...

CVE-2025-22108

In the Linux kernel, the following vulnerability has been resolved: bnxten: Mask the bdcnt field in the TX BD properly The bdcnt field in the TX BD specifies the total number of BDs for the TX packet. The bdcnt field has 5 bits and the maximum number supported is 32 with the value 0...

CVE-2025-22064

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: don't unregister hook when table is dormant When nftablesupdchain encounters an error, hook registration needs to be rolled back. This should only be done if the hook has been registered, which won't happen...

CVE-2025-22059

In the Linux kernel, the following vulnerability has been resolved: udp: Fix multiple wraparounds of sk-skrmemalloc. udpenqueuescheduleskb has the following condition: if atomicread&sk-skrmemalloc sk-skrcvbuf goto drop; sk-skrcvbuf is initialised by net.core.rmemdefault and later can be configure...

CVE-2024-49706

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Open Redirect attacks by including base64 encoded URLs in the target parameter sent in a POST request to one of the endpoints. This vulnerability has been patched in version 79.0...

CVE-2024-49708

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Stored XSS Cross-site Scripting attacks. An attacker might trick a user into filling a form designed for setting delivery address with a malicious script, what causes the script to run in user's context. This vulnerability...

CVE-2024-10090

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS Cross-site Scripting attacks. An attacker might trick a user into filling a form designed for adding users with a malicious script, what causes the script to run in user's context. This vulnerability has been...

CVE-2024-10087

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS Cross-site Scripting attacks. An attacker might craft a link containing a malicious script, which then gets directly embedded in references to other resources, what causes the script to run in user's context...