PT-2025-44589

Netwrix Endpoint Protector formerly known as CoSoSys Endpoint Protector Details on CVE-2025-59796 will be released soon. The vendor has released an announcement and security patch; please update promptly: https://t.co/XNvjTaLOdD https://t.co/LVO6Y32UT1...

GHSA-F9F4-5859-29MF sqls-server/sqls is vulnerable to command injection in the config command

sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands. This issue has been patched via commit...

[SECURITY] Fedora 42 Update: qt6-qtcoap-6.9.3-1.fc42

Qt CoAP API provides classes and functions to access the CoAP protocol...

[SECURITY] Fedora 42 Update: mingw-qt6-qtsensors-6.9.3-1.fc42

This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler...

GHSA-CFJQ-28R2-4JV5 Zitadel May Bypass Second Authentication Factor

Summary A vulnerability in Zitadel's token verification prematurely marked sessions as authenticated when only one factor was verified. Impact Zitadel provides an API for managing sessions, enabling custom login experiences in a dedicated UI or direct integration into applications. Session Tokens...

Security update for strongswan

This update for strongswan fixes the following issues: CVE-2025-62291: fixed buffer overflow when handling EAP-MSCHAPv2 failure requests bsc1251941 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively...

100,000 WordPress Sites Affected by Arbitrary File Read Vulnerability in Anti-Malware Security and Brute-Force Firewall WordPress Plugin

On October 3rd, 2025, we received a submission for an Arbitrary File Read vulnerability in Anti-Malware Security and Brute-Force Firewall, a WordPress plugin with more than 100,000 active installations. This vulnerability makes it possible for an authenticated attacker, with subscriber-level...

CLSA-2025-1761576180 Fix CVE(s): CVE-2025-31651

SECURITY UPDATE: Bypassing of some rewrite rules by a specially crafted request - debian/patches/CVE-2025-31651.patch: better handling of URLs - CVE-2025-31651...

PT-2025-43958

Name of the Vulnerable Software and Affected Versions StarCharge Artemis AC Charger versions 1.0.4 Description The StarCharge Artemis AC Charger version 1.0.4 contains a stack overflow issue. This occurs through the cgiMain function at the download.cgi endpoint. The vulnerability is triggered via...

SUSE SLES15 Security Update : kernel (Live Patch 9 for SLE 15 SP6) (SUSE-SU-2025:3768-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3768-1 advisory. This update for the Linux Kernel 6.4.0-1506002342 fixes several issues. The following security issues were fixed: - CVE-2025-38678: netfilter:...

OESA-2025-2530 netty security update

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers clients. %package help Summary: Documents for Buildarch: noarch Requires: man info Provides: -javadoc = - Obsoletes: -javadoc - %description help Man pages a...

OESA-2025-2528 netty security update

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers clients. %package help Summary: Documents for Buildarch: noarch Requires: man info Provides: -javadoc = - Obsoletes: -javadoc - %description help Man pages a...

Security update for podman

This update for podman fixes the following issues: CVE-2025-9566: Fixed kube play command overwriting host files bsc1249154 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command...

CVE-2025-62614

BookLore is a self-hosted web app for organizing and managing personal book collections. In versions 1.8.1 and prior, an authentication bypass vulnerability in the BookMediaController allows any unauthenticated user to access and download book covers, thumbnails, and complete PDF/CBX page content...

GHSA-XCG2-9PP4-J82X rollbar vulnerable to Prototype Pollution in merge()

Impact Prototype pollution vulnerability in merge. If application code calls rollbar.configure with untrusted input, prototype pollution is possible. Patches Fixed in 2.26.5 and 3.0.0-beta5. Workarounds Ensure that values passed to rollbar.configure do not contain untrusted input. References Fixe...

EUVD-2022-54627

In the Linux kernel, the following vulnerability has been resolved: igc: Reinstate IGCREMOVED logic and implement it properly The initially merged version of the igc driver code via commit 146740f9abc4, "igc: Add support for PF" contained the following IGCREMOVED checks in the igcrd32/wr32 MMIO...

Photon OS 5.0: Openssl PHSA-2025-5.0-0648

An update of the openssl package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0648. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2025-62710 Sakai kernel-impl: predictable PRNG used to generate server‑side encryption key in EncryptionUtilityServiceImpl

Sakai is a Collaboration and Learning Environment. Prior to versions 23.5 and 25.0, EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password serverSecretKey using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted...

UBUNTU-CVE-2025-62611

aiomysql is a library for accessing a MySQL database from the asyncio. Prior to version 0.3.0, the client-side settings are not checked before sending local files to MySQL server, which allows obtaining arbitrary files from the client using a rogue server. It is possible to create a rogue MySQL...

GHSA-GHFH-FMX4-26H8 OpenBao leaks HTTPRawBody in Audit Logs

Impact OpenBao's audit log experienced a regression wherein raw HTTP bodies used by few endpoints were not correctly redacted HMAC'd. This impacted the following subsystems: - When using the ACME functionality of PKI, this would result in short-lived ACME verification challenge codes being leaked...