Security Bulletin: IBM InfoSphere Information Server is affected by an Information disclosure vulnerability (CVE-2022-35715)

Summary An Information disclosure vulnerability in InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2022-35715 DESCRIPTION: IBM InfoSphere Information Server could allow a remote attacker to obtain sensitive information when a detailed technical error message is return...

PT-2025-12975 · Unknown +1 · Icinga Web 2 +1

Name of the Vulnerable Software and Affected Versions: Icinga Web 2 versions prior to 2.11.5 Icinga Web 2 versions prior to 2.12.3 Description: A vulnerability in Icinga Web 2 allows an attacker to craft a URL that, once visited by an authenticated user, manipulates the backend to redirect the us...

PT-2025-12986 · Devolutions · Devolutions Remote Desktop Manager

Name of the Vulnerable Software and Affected Versions: Devolutions Remote Desktop Manager versions 2024.3.29 and earlier Devolutions Remote Desktop Manager versions 2025.1.24 through 2025.1.25 Description: The issue is related to improper authorization in the variable component, allowing an...

Microsoft Windows Multiple Vulnerabilities (KB5041571)

This host is missing an important security update according to Microsoft KB5041571 SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

CVE-2025-30219

CVE-2025-30219 describes an XSS in RabbitMQ management UI where an unescaped virtual host name in an error message could allow script execution. Public advisories show patches for Open Source RabbitMQ 4.0.3 and Tanzu RabbitMQ 4.0.3, and 3.13.8. OpenSUSE/SUSE advisories (SUSE-SU-2025:01466-1; SUSE...

GO-2025-3520 cheqd-node Security patch for upstream vulnerabilities in IBC-Go (ISA-2025-001) and Cosmos SDK (ISA-2025-002) in github.com/cheqd/cheqd-node

cheqd-node Security patch for upstream vulnerabilities in IBC-Go ISA-2025-001 and Cosmos SDK ISA-2025-002 in github.com/cheqd/cheqd-node. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causin...

CLSA-2025-1742924802 tomcat: Fix of CVE-2023-46589

CVE-2023-46589: fix improper input validation vulnerability...

CVE-2025-30213

CVE-2025-30213 affects the Frappe full-stack web application framework. Prior to versions 14.91.0 and 15.52.0, a system user could create documents in a specific way that could lead to remote code execution (RCE). The issue is mitigated only by upgrading to the patched releases. Versions 14.9.1 a...

CVE-2025-30213 Frappe has Possibility of Remote Code Execution due to improper validation

Frappe is a full-stack web application framework. Prior to versions 14.91.0 and 15.52.0, a system user was able to create certain documents in a specific way that could lead to remote code execution. Versions 14.9.1 and 15.52.0 contain a patch for the vulnerability. There's no workaround; an...

CVE-2024-44903

SQL Injection can occur in the SirsiDynix Horizon Information Portal IPAC20 through 3.259382; however, a patch is available from the vendor. This is in ipac.jsp in a SELECT WHERE statement, in a part of the uri= variable in the second part of the full= inner variable...

CVE-2025-30205 kanidm-provision leaks provisioned admin credentials into the system log

kanidim-provision is a helper utility that uses kanidm's API to provision users, groups and oauth2 systems. Prior to version 1.2.0, a faulty function intrumentation in the optional kanidm patches provided by kandim-provision will cause the provisioned admin credentials to be leaked to the system...

CVE-2025-30205 kanidm-provision leaks provisioned admin credentials into the system log

kanidim-provision is a helper utility that uses kanidm's API to provision users, groups and oauth2 systems. Prior to version 1.2.0, a faulty function intrumentation in the optional kanidm patches provided by kandim-provision will cause the provisioned admin credentials to be leaked to the system...

CVE-2025-29778 Kyverno ignores subjectRegExp and IssuerRegExp

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were...

CVE-2025-23204

The CVE affects api-platform/core. Starting in version 3.3.8, a logic flaw in the GraphQL security flow is caused by an omitted break in the AccessCheckerProvider switch that is supposed to run after GraphQL resolvers; this fallback can bypass security checks if there is only a post-resolver secu...

Security Bulletin: Vulnerability in Bootstrap (CVE-2024-6531) affects Power HMC.

Summary The Bootstrap library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-6531 DESCRIPTION: Node.js Bootstrap module is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the...

Security update for u-boot

This update for u-boot fixes the following issues: CVE-2024-57256: integer overflow in U-Boot's ext4 symlink resolution function bsc1237284. CVE-2024-57258: multiple integer overflows in U-Boot's memory allocator bsc1237287. Patch Instructions: To install this SUSE update use the SUSE recommended...

PT-2025-12705 · Tenda · Tenda Ac8

Name of the Vulnerable Software and Affected Versions: Tenda AC8 version 16.03.34.06 Description: The issue concerns a buffer overflow vulnerability in the fromSetRouteStatic function, which can be exploited via the parameter list. Recommendations: For Tenda AC8 version 16.03.34.06, consider...

libxslt security update

1.1.34-9.0.1.el95.1 - Added libxslt-oracle-enterprise.patch and replaced doc/redhat.gif in tarball 1.1.34-9.1 - Fix CVE-2025-24855 RHEL-83501...

CentOS 9 : kernel-5.14.0-573.el9

"The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the kernel-5.14.0-573.el9 build changelog. - In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Fix slab-use-after-free read in sgrelease Fix a...

CLSA-2025-1742723370 krb5: Fix of CVE-2025-24528

CVE-2025-24528: prevent overflow when calculating ulog block size...