Slackware Linux 15.0 python3 Vulnerability (SSA:2025-099-01)

The version of python3 installed on the remote host is prior to 3.9.22. It is, therefore, affected by a vulnerability as referenced in the SSA:2025-099-01 advisory. New python3 packages are available for Slackware 15.0 to fix security issues. Tenable has extracted the preceding description block...

CVE-2025-32035 DNN does not check the contents of a file when uploading files

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 9.13.2, when uploading files e.g. when uploading assets, the file extension is checked to see if it's an allowed file type but the actual contents of the file aren't checked. This...

2025-04 .NET 9.0.4 Security Update for x64 Client (KB5056687)

2025-04 .NET 9.0.4 Security Update for x64 Client KB5056687...

Shopware Broken ACL on Document retrieval to access other customers documents

Impact It's possible to guess the deepLinkCode of an Document to open documents of other customers Patches Update to Shopware 6.6.10.3 or 6.5.8.17 Workarounds For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend...

CVE-2025-32018

Cursor is an AI-codeditor. Versions 0.45.0–0.48.6 contain a regression that broadens the Cursor Agent’s file-modification permissions, allowing, under deliberate prompting (user or crafted context), automatic writes to files outside the opened workspace. The vulnerability can manifest when the ag...

CVE-2025-30151 Shopware allows Denial Of Service via password length

Shopware is an open commerce platform. It's possible to pass long passwords that leads to Denial Of Service via forms in Storefront forms or Store-API. This vulnerability is fixed in 6.6.10.3 or 6.5.8.17. For older versions of 6.4, corresponding security measures are also available via a plugin...

Security update for procps

This update for procps fixes the following issues: Fixed regression introduced with the CVE-2023-4016 fix. The ps command segfaults when pid argument has a leading space bsc1236842. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdat...

Security update for giflib

This update for giflib fixes the following issues: CVE-2025-31344: Fixed a buffer overflow in function DumpScreen2RGB bsc1240416 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...

Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities

Google has shipped patches for 62 vulnerabilities, two of which it said have been exploited in the wild. The two high-severity vulnerabilities are listed below - CVE-2024-53150 CVSS score: 7.8 - An out-of-bounds flaw in the USB sub-component of Kernel that could result in information disclosure...

PT-2025-15441 · Nakivo · Nakivo Backup & Replication

Name of the Vulnerable Software and Affected Versions: NAKIVO Backup & Replication versions 10.3.x through 11.0.1 Description: The issue is related to an XXE problem in the Director NBR component, allowing remote attackers to fetch and parse the XML response. Recommendations: For versions 10.3.x...

PT-2025-15435 · Fortinet · Fortiweb

Name of the Vulnerable Software and Affected Versions: FortiWeb versions 7.6.2 and below FortiWeb versions 7.4.6 and below FortiWeb versions 7.2 and below FortiWeb versions 7.0 and below Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also know...

PT-2025-15651 · Adobe · Coldfusion

Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2025.0 and earlier ColdFusion versions 2023.12 ColdFusion versions 2021.18 and earlier Description: The issue is related to improper access control, which could allow a remote attacker to gain unauthorized access to...

PT-2025-15658 · Adobe · Coldfusion

Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2025.0 and earlier ColdFusion versions 2023.12 ColdFusion versions 2021.18 Description: The issue is related to an Improper Neutralization of Special Elements used in an OS Command, also known as OS Command Injection, whic...

PT-2025-15898 · Packagist · Shopware/Core +1

Impact It's possible to guess the deepLinkCode of an Document to open documents of other customers Patches Update to Shopware 6.6.10.3 or 6.5.8.17 Workarounds For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend...

PT-2025-15324 · Unknown · Vulnerability-Lookup

Name of the Vulnerable Software and Affected Versions: Vulnerability-Lookup versions prior to 2.7.1 Description: The issue allows stored XSS via a user bio in the website/web/views/user.py file. This can potentially lead to malicious script execution when a user views the affected bio...

PT-2025-15620 · Adobe · Animate

Name of the Vulnerable Software and Affected Versions: Animate versions 24.0.7, 23.0.10 and earlier Description: The issue is an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. To...

PT-2025-15635 · Dnn · Dnn

Name of the Vulnerable Software and Affected Versions: DNN formerly DotNetNuke versions prior to 9.13.2 Description: The issue allows uploading files with malicious content by renaming them to have an allowed file extension, such as renaming an executable file to have a .jpg extension. This could...

PT-2025-15375 · Sap · Sap Solution Manager

Name of the Vulnerable Software and Affected Versions: SAP Solution Manager version 7.1 Description: The issue is caused by a missing authorization check, allowing an authenticated attacker to upload a file as a template for solution documentation. This can lead to limited impact on the integrity...

Ubuntu: Security Advisory (USN-7421-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress GreenPay plugin 3.0.0-3.0.9 - Unauthenticated Information Exposure vulnerability

Unauthenticated Information Exposure vulnerability discovered by Avraham Shemesh in WordPress Plugin GreenPay versions 3.0.0-3.0.9...