91 matches found
ECHO-A407-52AD-5025
Bulletin has no description...
langflow-nightly (=1.8.0.dev24) potentially affected by CVE-2026-5025 via langflow-base (=0.7.2)
langflow-base PYPI version =0.7.2 is affected by a known vulnerability. The following packages have a transitive dependency on langflow-base and may be impacted: - langflow-nightly =1.8.0.dev24 Source cves: CVE-2026-5025 Source advisory: SNYK:PYTHON-LANGFLOWBASE-15813866...
EUVD-2017-6322
Malware in sbrugna...
SUSE: Security Advisory (SUSE-SU-2025:03198-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security update for curl
This update for curl fixes the following issues: Update to version 8.14.1 jscPED-13055, jscPED-13056. Security issues fixed: CVE-2025-0665: eventfd double close can cause libcurl to act unreliably bsc1236589. CVE-2025-4947: QUIC certificate check is skipped with wolfSSL allows for MITM attacks...
SUSE-SU-2025:20675-1 Security update for curl
This update for curl fixes the following issues: - CVE-2025-5399: libcurl can possibly get trapped in an endless busy-loop when processing specially crafted packets bsc1243933. - CVE-2025-5025: No QUIC certificate pinning with wolfSSL bsc1243706. - CVE-2025-4947: QUIC certificate check skip with...
CVE-2025-5025 affecting package cmake for versions less than 3.30.3-6
CVE-2025-5025 affecting package cmake for versions less than 3.30.3-6. A patched version of the package is available...
curl-8.14.0-1.1 on GA media (moderate)
curl-8.14.0-1.1 on GA media Announcement ID: openSUSE-SU-2025:15176-1 Rating: moderate Cross-References: CVE-2025-4947 CVE-2025-5025 CVSS scores: CVE-2025-4947 SUSE : 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N CVE-2025-4947 SUSE : 8.3...
Slackware: Security Advisory (SSA:2025-148-01)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-5025 No QUIC certificate pinning with wolfSSL
libcurl supports pinning of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC...
CVE-2025-5025
libcurl supports pinning of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC...
CVE-2025-5025
CVSS/summary: CVE-2025-5025 affects libcurl’s server public key pinning for HTTPS when using QUIC/HTTP/3 with wolfSSL as TLS backend. The vulnerability arises from an omission where the pinning check is not performed for QUIC/HTTP/3 connections, even though documentation states the feature works ...
CVE-2025-5025 No QUIC certificate pinning with wolfSSL
libcurl supports pinning of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC...
CVE-2025-5025
creationtimestamp| type| source ---|---|--- 2025-05-28 03:48:12+00:00| seen| https://daniel.haxx.se/blog/2025/05/28/curl-8-14-0/ 2025-05-28 03:54:58+00:00| seen| https://seclists.org/oss-sec/2025/q2/174 2025-05-28 07:13:17+00:00| seen|...
CVE-2025-5025
libcurl supports pinning of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC...
curl -- Multiple vulnerabilities
curl security team reports: CVE-2025-5025: No QUIC certificate pinning with wolfSSL CVE-2025-4947: QUIC certificate check skip with wolfSSL...
CVE-2023-5025
A vulnerability was found in KOHA up to 23.05.03. It has been declared as problematic. This vulnerability affects unknown code of the file /cgi-bin/koha/catalogue/search.pl of the component MARC. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has...
CVE-2009-5025
A backdoor aka BMSA-2009-07 was found in PyForum v1.0.3 where an attacker who knows a valid user email could force a password reset on behalf of that user...
curl: CVE-2025-5025: No QUIC certificate pinning with wolfSSL
Summary: When using wolfSSL as the TLS backend, certificate pinning does not work when using HTTP/3. The code should invoke wsslverifypinned, but it has not been implemented. Affected version curl -V WARNING: this libcurl is Debug-enabled, do not use in production curl 8.13.0 x8664-pc-linux-gnu...
CVE-2024-5025
CVE-2024-5025 affects the WordPress plugin Memberpress (vendor: MemberPress) up to version 1.11.29. Root cause: Stored cross-site scripting via the arglist parameter due to insufficient input sanitization and output escaping. Impact: authenticated attackers with Contributor+ access can inject scr...