CVE-2025-43227

This issue was addressed through improved state management. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may disclose sensitive user information...

CVE-2025-43228

The issue was addressed with improved UI. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6. Visiting a malicious website may lead to address bar spoofing...

AlmaLinux 9 : firefox (ALSA-2025:11748)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:11748 advisory. firefox: thunderbird: Large branch table could lead to truncated instruction CVE-2025-8028 firefox: thunderbird: Memory safety bugs CVE-2025-8035 firefox...

CVE-2025-5684 MetForm <= 4.0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via `mf-template` DOM Element

The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the mf-template DOM Element in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping. This makes it...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects App Connect Professional

Summary There are multiple vulnerabilities in the IBM SDK Java Technology used by App Connect Professional. These issue were disclosed as part of the IBM Java SDK updates in Apr 2025, App Connect Professional has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTIO...

kernel security update

An update is available for kernel. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

Lynis Auditing Tool 3.1.5

Lynis is an auditing tool for Unix specialists. It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated...

GHSA-H828-V5PV-33QX vulnerabilities

Vulnerabilities for packages: juicefs...

NewStart CGSL MAIN 7.02 : openssh Multiple Vulnerabilities (NS-SA-2025-0124)

The remote NewStart CGSL host, running version MAIN 7.02, has openssh packages installed that are affected by multiple vulnerabilities: - A race condition in sshd affecting versions between 8.5p1 and 9.7p1 inclusive may allow arbitrary code execution with root privileges. Successful exploitation...

NewStart CGSL MAIN 7.02 : kernel Multiple Vulnerabilities (NS-SA-2025-0118)

"The remote NewStart CGSL host, running version MAIN 7.02, has kernel packages installed that are affected by multiple vulnerabilities: - In the Linux kernel, the following vulnerability has been resolved: smack: tcp: ipv4, fix incorrect labeling Currently, Smack mirrors the label of incoming...

NewStart CGSL MAIN 7.02 : vim Multiple Vulnerabilities (NS-SA-2025-0141)

The remote NewStart CGSL host, running version MAIN 7.02, has vim packages installed that are affected by multiple vulnerabilities: - Vim before 9.0.2142 has a stack-based buffer overflow because didsetlangmap in map.c calls sprintf to write to the error buffer that is passed down to the option...

OPENSUSE-SU-2025:15383-1 MozillaThunderbird-140.1.0-1.1 on GA media

These are all security issues fixed in the MozillaThunderbird-140.1.0-1.1 package on the GA media of openSUSE Tumbleweed...

NewStart CGSL MAIN 7.02 : poppler Multiple Vulnerabilities (NS-SA-2025-0119)

The remote NewStart CGSL host, running version MAIN 7.02, has poppler packages installed that are affected by multiple vulnerabilities: - A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, ...

firefox-esr-140.1.0-1.1 on GA media (moderate)

firefox-esr-140.1.0-1.1 on GA media Announcement ID: openSUSE-SU-2025:15371-1 Rating: moderate Cross-References: CVE-2025-6427 CVE-2025-6428 CVE-2025-6431 CVE-2025-6432 CVE-2025-6433 CVE-2025-6434 CVE-2025-6435 CVE-2025-6436 CVE-2025-8027 CVE-2025-8028 CVE-2025-8029 CVE-2025-8030 CVE-2025-8031...

grafana-11.6.3+security01-1.1 on GA media (moderate)

grafana-11.6.3+security01-1.1 on GA media Announcement ID: openSUSE-SU-2025:15372-1 Rating: moderate Cross-References: CVE-2025-6023 CVE-2025-6197 CVSS scores: CVE-2025-6023 SUSE : 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L CVE-2025-6023 SUSE : 7.2...

USN-7665-2: Linux kernel (AWS) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PA-RISC architecture; - PowerPC architecture; - S390 architecture; - x86 architecture; -...

CVE-2025-8043

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Focus incorrectly truncated URLs towards the beginning instead of around the origin...

GHSA-353F-X4GH-CQQ8 vulnerabilities

Vulnerabilities for packages: logstash, ruby3.3-rails, ruby3.2-rails, ruby3.4-rails...

CVE-2025-0765

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed an unauthorized user to access custom service desk email addresses...

CVE-2025-7001

An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed priviledged users to access certain resourcegroup information through the API which should have been unavailable...