CVE-2025-1293

Hermes versions up to 0.4.0 improperly validated JWTs when using AWS ALB authentication, potentially allowing authentication bypass. Root cause: JWT validation flaw in the AWS ALB auth flow. Impact per CVE: authentication bypass with high severity (CVSSv3.1 base score 8.2). Affected versions: up ...

Cisco Unified Communications Manager XSS (cisco-sa-cucm-xss-9zmfHyZ)

According to its self-reported version, Cisco Unified Communications Manager running on the report host is affected by a cross-site scripting XSS vulnerability. Due to improper validation of suer-supplied input by the web-based management interface, an unauthenticated, remote attacker can execute...

CVE-2023-45288 affecting package kured for versions less than 1.15.0-2

CVE-2023-45288 affecting package kured for versions less than 1.15.0-2. A patched version of the package is available...

CVE-2025-24965 .krun_config.json symlink attack creates or overwrites file on the host in crun

crun is an open source OCI Container Runtime fully written in C. In affected versions A malicious container image could trick the krun handler into escaping the root filesystem, allowing file creation or modification on the host. No special permissions are needed, only the ability for the current...

CVE-2021-44647 affecting package ntopng for versions less than 5.2.1-5

CVE-2021-44647 affecting package ntopng for versions less than 5.2.1-5. A patched version of the package is available...

Important Photon OS Security Update - PHSA-2025-5.0-0477

Updates of 'grub2' packages of Photon OS have been released...

[slackware-security] openssh

New openssh packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/openssh-9.9p2-i586-1slack15.0.txz: Upgraded. This release fixes two security bugs: ssh1 in OpenSSH versions 6.8p1 to 9.9p1 inclusive...

Important: Red Hat Security Advisory: kpatch-patch-4_18_0-553, kpatch-patch-4_18_0-553_16_1, and kpatch-patch-4_18_0-553_30_1 security update

An update for kpatch-patch-4180-553, kpatch-patch-4180-553161, and kpatch-patch-4180-553301 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives ...

Security update for openvswitch

This update for openvswitch fixes the following issues: CVE-2025-0650: ovn: egress ACLs may be bypassed via specially crafted UDP packet bsc1236353. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternativel...

SUSE CVE-2025-1373

A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function movreadtrak of the file libavformat/mov.c of the component MOV Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The...

SUSE CVE-2025-1377

A vulnerability, which was classified as problematic, has been found in GNU elfutils 0.192. This issue affects the function gelfgetsymshndx of the file strip.c of the component eu-strip. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been...

Siemens SIPROTEC 5 Active Debug Code (CVE-2024-53648)

Affected devices do not properly limit access to a development shell accessible over a physical interface. This could allow an unauthenticated attacker with physical access to the device to execute arbitrary commands on the device. This plugin only works with Tenable.ot. Please visit...

CVE-2025-1365

A vulnerability, which was classified as critical, was found in GNU elfutils 0.192. This affects the function processsymtab of the file readelf.c of the component eu-readelf. The manipulation of the argument D/a leads to buffer overflow. Local access is required to approach this attack. The explo...

PT-2025-14283 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.12.11-200.fc41.x86 64 Description: A vulnerability in the Linux kernel has been resolved. The issue is related to the ACPI backend of UCSI, where the UCSI "registers" are a memory copy of the register values i...

SUSE: Security Advisory (SUSE-SU-2023:4784-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-25296

Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio's /projects/upload-example endpoint allows injection of arbitrary HTML through a GET request with an appropriately crafted labelconfig query parameter. By crafting a specially formatted XML label config with...

CVE-2023-0778 affecting package cri-o for versions less than 1.22.3-10

CVE-2023-0778 affecting package cri-o for versions less than 1.22.3-10. A patched version of the package is available...

CBL Mariner 2.0 Security Update: avahi (CVE-2024-52616)

The version of avahi installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-52616 advisory. - A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup,...

PT-2025-6816 · WordPress · Media Library Folders

Name of the Vulnerable Software and Affected Versions: Media Library Folders plugin for WordPress versions up to, and including, 8.3.0 Description: The issue is related to a missing capability check on several AJAX actions, allowing authenticated attackers with Author-level access and above to...

CVE-2025-25296

CVE-2025-25296 affects Label Studio versions prior to 1.16.0. The vulnerability is in the GET-based /projects/upload-example endpoint, where a crafted label_config permits injecting and rendering HTML without proper sanitization, enabling Cross-Site Scripting (XSS) . The CSP is in report-only mod...