Oracle E-Business Suite (EBS) is a comprehensive suite of integrated business applications that enable organizations to make better decisions, reduce costs, and increase performance. It covers a wide range of business functions, including financials, supply chain management, human resources, customer relationship management, procurement, project management, and more.

Oracle E-Business Suite

Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration).  Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing.  Successful attacks of this vulnerability can result in takeover of Oracle Concurrent Processing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVE-2025-61882

Linux

Linux Kernel

Redis is a data structure server. It is open-source, networked, in-memory, and stores keys with optional durability.

Redis

Valkey is a high-performance, open-source, in-memory data store used as a database, cache, and message broker. It is a community-driven fork of Redis, created in 2024 after Redis changed its license to a more restrictive model. Valkey retains full Redis compatibility and remains under the permissive BSD license, ensuring it's free and open-source for all use cases.

Valkey

Debian GNU/Linux is a Linux distribution composed of free and open-source software.

Linux Debian

Ubuntu is a Linux distribution based on Debian, mostly composed of free and open-source software. Ubuntu is officially released in three editions: Desktop, Server, and Core for internet of things devices and robots. All the editions can run on the computer alone or in a virtual machine.

Linux Ubuntu

Red Hat Enterprise Linux is a Linux distribution developed by Red Hat for the commercial market.

Linux Red Hat

Linux openSUSE

Alpine Linux is a Linux distribution based on musl and BusyBox, designed for security, simplicity, and resource efficiency.

Linux Alpine

Oracle Linux is a Linux distribution packaged and freely distributed by Oracle, available partially under the GNU General Public License since late 2006. It is compiled from Red Hat Enterprise Linux source code, replacing Red Hat branding with Oracle's.

Linux Oracle

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.

CVE-2025-49844

Alpine

Alpine Security Tracker

CBL-Mariner

CBL Mariner

Debian

Debian Security Tracker

Homebrew

MinimOS

Minimus

NixOS

Red Hat

Red Hat Errata

Ubuntu

Ubuntu Security Tracker

Cisco Adaptive Security Appliance (ASA) is a security device that combines firewall, antivirus, intrusion prevention, and virtual private network (VPN) capabilities. It provides proactive threat defense that stops attacks before they spread through the network.

Cisco Adaptive Security Appliance (ASA)

Cisco Firepower Threat Defense (FTD) is a unified software solution that integrates comprehensive network security features, including firewall capabilities, application control, intrusion prevention, and malware protection.

Cisco Firepower Threat Defense (FTD)

A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to access restricted URL endpoints that are related to remote access VPN that should otherwise be inaccessible without authentication.
 This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted web server on a device. A successful exploit could allow the attacker to access a restricted URL without authentication.

CVE-2025-20362

A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code on an affected device.
 This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker with valid VPN user credentials could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as root, possibly resulting in the complete compromise of the affected device.

CVE-2025-20333

GoAnywhere MFT is a secure managed file transfer (MFT) software solution that allows businesses to securely exchange files with trading partners, customers, and internal systems.

GoAnywhere MFT

A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection.

CVE-2025-10035

Windows

Windows Cumulative Update

WordPress is a content management system paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system, referred to within WordPress as Themes.

WordPress

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's colibri_newsletter shortcode in all versions up to, and including, 1.0.334 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2025-9560

The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'everest_process_status' AJAX action in all versions up to, and including, 2.3.5. This makes it possible for unauthenticated attackers to retrieve back-up file locations that can be subsequently accessed and downloaded. This does require a back-up to be running in order for an attacker to retrieve the back-up location.

CVE-2025-11380

### Impact
A vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node.
In order to carry out the attack, the attacker establishes a peer connections to the victim, and sends a malicious `GetBlockHeadersRequest` message with a `count` of `0`, using the `Parallax` protocol.
In `descendants := chain.GetHeadersFrom(num+count-1, count-1)`, the value of `count-1` is passed to the function `GetHeadersFrom(number, count uint64)` as parameter `count`. Due to integer overflow, `UINT64_MAX` value is then passed as the `count` argument to function `GetHeadersFrom(number, count uint64)`. This allows an attacker to bypass `maxHeadersServe` and request all headers from the latest block back to the genesis block.
### Patches
The fix has been included in the Parallax client version `0.1.4` and onwards.
The vulnerability was patched in: https://github.com/microstack-tech/parallax/commit/f759e9090aaf00a43c616d7cbd133c44bb1ed01e
### Workarounds
No workarounds have been made public.
### Credit
This issue was disclosed responsibly by DongHan Kim via the Ethereum bug bounty program, the cooperation is appreciated.

GHSA-xc79-566c-j4qx

GoLang

GitHub Advisory Database

Rust is a multi-paradigm programming language focused on performance and safety, especially safe concurrency.

Rust

cel-rust is a Common Expression Language interpreter written in Rust. Starting in version 0.10.0 and prior to version 0.11.4, parsing certain malformed CEL expressions can cause the parser to panic, terminating the process. When the crate is used to evaluate untrusted expressions (e.g., user-supplied input over an API), an attacker can send crafted input to trigger a denial of service (DoS). Version 0.11.4 fixes the issue.

CVE-2025-62162

Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education.

Wireshark

MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to 4.2.13 allows denial of service

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-61882	CRITICAL	9.8	Oracle E-Business Suite	cpe:2.3:a:oracle:e-business_suite	Yes	No	Oct 05, 2025
CVE-2025-49844	CRITICAL	9.9	Redis	redis:7::redis	No	Yes	Oct 03, 2025
CVE-2025-20362	MEDIUM	6.5	Cisco Adaptive Security Appliance (ASA)	cpe:2.3:a:cisco:firepower_threat_defense	Yes	Yes	Sep 25, 2025
CVE-2025-20333	CRITICAL	9.9	Cisco Adaptive Security Appliance (ASA)	cpe:2.3:a:cisco:firepower_threat_defense	Yes	Yes	Sep 25, 2025
CVE-2025-10035	CRITICAL	10	GoAnywhere MFT	cpe:2.3:a:fortra:goanywhere_managed_file_transfer	Yes	Yes	Sep 18, 2025

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-9560	MEDIUM	6.4	WordPress	colibri-page-builder	No	Yes	Oct 11, 2025
CVE-2025-11380	MEDIUM	5.9	WordPress	everest-backup	No	Yes	Oct 11, 2025
GHSA-xc79-566c-j4qx	HIGH	7.5	N/A	github.com/microstack-tech/parallax	No	Yes	Oct 10, 2025
CVE-2025-62162	HIGH	7.5	Rust	cel	No	Yes	Oct 10, 2025
CVE-2025-11626	MEDIUM	5.5	Wireshark	cpe:2.3:a:wireshark:wireshark	No	Yes	Oct 10, 2025

Wiz Vulnerability Database

Explore by technology

Popular filters

High Profile

Most Recent

Vulnerabilities by the numbers

The good, the bad, and the vulnerable

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?