ALSA-2025:9304 Important: xorg-x11-server-Xwayland security update

Xwayland is an X server for running X clients under Wayland. Security Fixes: xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Out-of-Bounds Read in X Rendering Extension Animated Cursors CVE-2025-49175 xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in Big Requests...

SUSE-SU-2025:01979-1 Security update for xorg-x11-server

This update for xorg-x11-server fixes the following issues: - CVE-2025-49175: Out-of-bounds access in X Rendering extension Animated cursors bsc1244082. - CVE-2025-49176: Integer overflow in Big Requests Extension bsc1244084. - CVE-2025-49177: Data leak in XFIXES Extension 6...

TencentOS Server 4: pcs (TSSA-2024:0533)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0533 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

TencentOS Server 4: tomcat (TSSA-2025:0224)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0224 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Specification and Evaluation of Multi-Agent LLM Systems -- Prototype and Cybersecurity Applications

Recent advancements in LLMs indicate potential for novel applications, e.g., through reasoning capabilities in the latest OpenAI and DeepSeek models. For applying these models in specific domains beyond text generation, LLM-based multi-agent approaches can be utilized that solve complex tasks by...

CVE-2025-29902

Remote code execution that allows unauthorized users to execute arbitrary code on the server machine...

CVE-2025-0923

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system...

CVE-2025-29902

Remote code execution that allows unauthorized users to execute arbitrary code on the server machine...

CVE-2025-30183

CyberData 011209 Intercom does not properly store or protect web server admin credentials...

CVE-2025-0923 IBM Cognos Analytics information disclosure

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system...

CVE-2025-30183

CyberData 011209 Intercom does not properly store or protect web server admin credentials...

HAX CMS vulnerable to Local File Inclusion via saveOutline API Location Parameter

Summary An authenticated Local File Inclusion LFI vulnerability in the HAXCMS saveOutline endpoint allows a low-privileged user to read arbitrary files on the server by manipulating the location field written into site.json. This enables attackers to exfiltrate sensitive system files such as...

CVE-2025-3321

A predefined administrative account is not documented and cannot be deactivated. This account cannot be misused from the network, only by local users on the server...

CVE-2025-3365

A missing protection against path traversal allows to access any file on the server...

CVE-2025-5273

All versions of the package mcp-markdownify-server are vulnerable to Files or Directories Accessible to External Parties via the get-markdown-file tool. An attacker can craft a prompt that, once accessed by the MCP host, will allow it to read arbitrary files from the host running the server...

PT-2025-23160 · Huocms · Huocms

Name of the Vulnerable Software and Affected Versions: HuoCMS version 3.5.1 Description: The issue allows an attacker to exploit a flaw and bypass whitelist restrictions, enabling them to craft malicious files with specific suffixes and potentially gain control of the server. Recommendations: For...

CVE-2024-48853

An escalation of privilege vulnerability in ASPECT could provide an attacker root access to a server when logged in as a "non" root ASPECT user. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03...

CVE-2024-52517

Nextcloud Server is a self hosted personal cloud system. After storing "Global credentials" on the server, the API returns them and adds them into the frontend again, allowing to read them in plain text when an attacker already has access to an active session of a user. It is recommended that the...

CVE-2024-42349

FOG is a cloning/imaging/rescue suite/inventory management system. FOG Server 1.5.10.41.4 and earlier can leak authorized and rejected logins via logs stored directly on the root of the web server. FOG Server creates 2 logs on the root of the web server fogloginaccepted.log and fogloginfailed.log...

CVE-2024-30270

mailcow: dockerized is an open source groupware/email suite based on docker. A security vulnerability has been identified in mailcow affecting versions prior to 2024-04. This vulnerability is a combination of path traversal and arbitrary code execution, specifically targeting the rspamdmaps...