wasmvm: Malicious smart contract can crash the chain

CWA-2025-001 Severity Medium Moderate + Likely^1 Affected versions: - wasmvm = 2.2.0, = 2.1.0, = 2.0.0, 2.0.6 - wasmvm 1.5.8 Patched versions: - wasmvm 1.5.8, 2.0.6, 2.1.5, 2.2.2 Description of the bug The vulnerability can be used to crash the chain. The underlying bug that causes this is presen...

Aviatrix Controller list_flightpath_destination_instances command injection

Added: 02/04/2025 Background Aviatrix Controller is a cloud networking platform that manages connectivity of cloud and hybrid networks. Problem A command injection vulnerability in the listflightpathdestinationinstances API action allows remote attackers to execute arbitrary commands. Resolution...

Security Bulletin: IBM InfoSphere Information Server is vulnerable due to improper error handling (CVE-2024-39751)

Summary A vulnerability related to improper error handling in InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-39751 DESCRIPTION: IBM InfoSphere Information Server could allow a remote attacker to obtain sensitive information when a detailed technical error messag...

CVE-2025-24959 Environment Variable Injection for dotenv API in zx

zx is a tool for writing better scripts. An attacker with control over environment variable values can inject unintended environment variables into process.env. This can lead to arbitrary command execution or unexpected behavior in applications that rely on environment variables for...

Security update for curl

This update for curl fixes the following issues: CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry bsc1232528 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the comma...

Security update for tiff

This update for tiff fixes the following issues: CVE-2024-7006: Fix pointer deref in tifdirinfo.c bsc1228924 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for you...

PT-2025-2875 · Averta · Averta Shortcodes

Name of the Vulnerable Software and Affected Versions: By Averta Shortcodes and extra features for Phlox theme versions 2.17.2 and earlier Description: The issue affects the By Averta Shortcodes and extra features for the Phlox theme, allowing exploitation of incorrectly configured access control...

PT-2025-3344 · Geovision · Geovision Gv-Asweb

Name of the Vulnerable Software and Affected Versions: Geovision GV-ASWeb versions 6.1.0.0 and earlier Description: The issue allows unauthorized attackers with low-level privileges to request information about other accounts via a crafted HTTP request. Recommendations: For Geovision GV-ASWeb...

Drupal Information Disclosure Vulnerability (GHSA-mg8j-w93w-xjgc) - Linux - Version Check

Drupal is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal";...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache Maven (CVE-2021-26291)

Summary A vulnerability in Apache Maven that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2021-26291 DESCRIPTION: Apache Maven could allow a remote attacker to bypass security restrictions, caused by the use of http non-SSL repository references by...

CVE-2022-41717 affecting package golang for versions less than 1.21.6-1

CVE-2022-41717 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...

Security update for apptainer

This update for apptainer fixes the following issues: CVE-2023-45288: Fixed unclosed connections when receiving too many headers in golang.org/x/net/http2 bsc1236528 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

CVE-2025-21671

In the Linux kernel, the following vulnerability has been resolved: zram: fix potential UAF of zram table If zrammetaalloc failed early, it frees allocated zram-table without setting it NULL. Which will potentially cause zrammetafree to access the table if user reset an failed and uninitialized...

PT-2025-1799 · WordPress · Canvasflow

Name of the Vulnerable Software and Affected Versions: Canvasflow for WordPress plugin versions 1.5.5 and earlier Description: The issue is related to a Reflected Cross-Site Scripting problem, where a parameter is not properly sanitised and escaped before being outputted back in the page. This...

jinja2: Jinja has a sandbox breakout through indirect reference to format method

A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...

Security update for libxml2

This update for libxml2 fixes the following issues: CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. bsc1236460 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the comman...

Google Chrome Security Update (stable-channel-update-for-desktop_28-2025-01) - Linux

Google Chrome is prone to an use after free vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome";...

Debian: Security Advisory (DSA-5854-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Deep Java Library path traversal issue

Summary Deep Java Library DJL is an open-source, high-level, engine-agnostic Java framework for deep learning. DJL is designed to be easy to get started with and simple to use for Java developers. DJL provides a native Java development experience and functions like any other regular Java library...

CVE-2025-24788

CVE-2025-24788 affects the Snowflake Connector for .NET. The vulnerability arises when downloading files from stages: temporary files are written to the OS temporary directory with world-readable permissions, enabling access by other users on the same machine. Affected versions are 2.0.12 through...