CVE-2025-12418

Potential Denial of Service issue in all supported versions of Revenera InstallShield version 2025 R1, 2024 R2, 2023 R2, and prior. When e.g., a local administrator performs an uninstall, a symlink may get followed on removal of a user writeable configuration directory and induce a Denial of...

CVE-2025-12409

A SQL injection vulnerability was discovered in Looker Studio that allowed for data exfiltration from BigQuery data sources. By creating a malicious report with native functions enabled, and having the victim access the report, an attacker could execute injected SQL queries with the victim's...

Duplicate Advisory: ProsemirrorToHtml has a Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-52c5-vh7f-26fx. This link is maintained to preserve external references. Original Description Impact The prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute...

CVE-2025-12418

CVE-2025-12418 affects Revenera InstallShield (versions 2025 R1, 2024 R2, 2023 R2 and earlier). The issue arises when a local administrator uninstalls and a symlink is followed during removal of a user-writable configuration directory, potentially causing Denial of Service. The root cause is rela...

CVE-2025-12418 Potential Denial of Service in Supported Versions of Revenera InstallShield

Potential Denial of Service issue in all supported versions of Revenera InstallShield version 2025 R1, 2024 R2, 2023 R2, and prior. When e.g., a local administrator performs an uninstall, a symlink may get followed on removal of a user writeable configuration directory and induce a Denial of...

CLSA-2025-1762537123 cups: Fix of CVE-2024-35235

CVE-2024-35235: patch arbitrary chmod vulnerability in cupsd process when starting server with symbolic link Listen configuration item...

Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: Upgrade to upstream tag jdk-11.0.29+7 October 2025 CPU: CVE-2025-53057: Fixed unauthenticated attacker can achieve unauthorized creation, deletion or modification access to critical data bsc1252414. CVE-2025-53066: Fixed unauthenticated...

Security update for tiff

This update for tiff fixes the following issues: CVE-2025-8851: Fixed stack-based buffer overflow vulnerability in tools/tiffcrop.c function readSeparateStripsIntoBuffer by implementing additional error handling bsc1248278. Patch Instructions: To install this SUSE update use the SUSE recommended...

OESA-2025-2626 gdb security update

GDB, the GNU Project debugger, allows you to see what is going on inside another program while it executes -- or what another program was doing at the moment it crashed. Security Fixes: A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfdelfgcrecordvtentry of the fil...

CLSA-2025-1762449077 Fix CVE(s): CVE-2023-30630

SECURITY UPDATE: Overwrite a local file - debian/patches/CVE-2023-30630.patch: Prevent --dump-bin from overwriting local files to address privilege escalation vulnerability - CVE-2023-30630...

LangGraph Checkpoint affected by RCE in "json" mode of JsonPlusSerializer

Summary Prior to langgraph-checkpoint version 3.0 , LangGraph’s JsonPlusSerializer used as the default serialization protocol for all checkpointing contains a remote code execution RCE vulnerability when deserializing payloads saved in the "json" serialization mode. If an attacker can cause your...

CVE-2025-12745

A weakness has been identified in QuickJS up to eb2c89087def1829ed99630cb14b549d7a98408c. This affects the function jsarraybufferslice of the file quickjs.c. This manipulation causes buffer over-read. The attack is restricted to local execution. The exploit has been made available to the public a...

Security update for tiff

This update for tiff fixes the following issues: Update to 4.7.1: CVE-2025-8851: Fixed stack-based buffer overflow bsc1248278. CVE-2025-9900: Fixed write-what-where via TIFFReadRGBAImageOriented bsc1250413. Patch Instructions: To install this SUSE update use the SUSE recommended installation...

Exploit for CVE-2025-48593

⚠️ CRITICAL ⚠️ CVE-2025-48593 - Zero-Click RCE in Android Syste...

PT-2025-45149

Name of the Vulnerable Software and Affected Versions QuickJS versions prior to eb2c89087def1829ed99630cb14b549d7a98408c Description A flaw exists in QuickJS that allows for a buffer over-read. This issue is related to the js array buffer slice function within the quickjs.c file. Exploitation is...

CVE-2025-48396

Arbitrary code execution is possible due to improper validation of the file upload functionality in Eaton BLSS. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS 7.3.0.SCP004...

CVE-2025-43421

Multiple issues were addressed by disabling array allocation sinking. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, Safari 26.1. Processing maliciously crafted web content may lead to an unexpected process crash...

400,000 WordPress Sites Affected by Account Takeover Vulnerability in Post SMTP WordPress Plugin

On October 11th, 2025, we received a submission for an Account Takeover via Email Log Disclosure vulnerability in Post SMTP, a WordPress plugin with more than 400,000 active installations. This vulnerability makes it possible for an unauthenticated attacker to view email logs, including password...

Ubuntu: Security Advisory (USN-7833-4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for squid

This update for squid fixes the following issues: CVE-2025-62168: Fixed proxy auth data visible to scripts bsc1252281. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command list...