CVE-2025-65513

fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forgery SSRF vulnerability, which allows attackers to bypass private IP validation and access internal network resources...

CVE-2025-40334

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate userq buffer virtual address and size It needs to validate the userq object virtual address to determine whether it is residented in a valid vm mapping...

CVE-2025-65513

fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forgery SSRF vulnerability, which allows attackers to bypass private IP validation and access internal network resources...

Debian dsa-6069 : openvpn - security update

The remote Debian 12 / 13 host has a package installed that is affected by a vulnerability as referenced in the dsa-6069 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6069-1 [email protected] https://www.debian.org/security/...

[SECURITY] [DSA 6069-1] openvpn security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6069-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 03, 2025 https://www.debian.org/security/faq -...

CVE-2025-13086

Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7alpha1 through 2.7rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client...

CVE-2025-13086

OpenVPN CVE-2025-13086 involves improper validation of source IP addresses in OpenVPN versions 2.6.0–2.6.15 and 2.7_alpha1–2.7_rc1, allowing a remote attacker to initiate a session from an IP address that did not start the connection, leading to a denial of service for the originating client. Con...

CVE-2025-13086

Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7alpha1 through 2.7rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client...

CVE-2025-13086

Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7alpha1 through 2.7rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client...

Ubuntu 24.04 LTS / 25.04 / 25.10 : OpenVPN vulnerability (USN-7898-1)

The remote Ubuntu 24.04 LTS / 25.04 / 25.10 host has a package installed that is affected by a vulnerability as referenced in the USN-7898-1 advisory. Joshua Rogers discovered that OpenVPN incorrectly handled HMAC verification checks. A remote attacker could possibly use this issue to bypass sour...

USN-7898-1: OpenVPN vulnerability

Joshua Rogers discovered that OpenVPN incorrectly handled HMAC verification checks. A remote attacker could possibly use this issue to bypass source IP address validation...

USN-7898-1 openvpn vulnerability

Joshua Rogers discovered that OpenVPN incorrectly handled HMAC verification checks. A remote attacker could possibly use this issue to bypass source IP address validation...

Improper Input Validation

OpenVPN is vulnerable to Improper Input Validation. The vulnerability is due to improper validation of source IP addresses during session handling, which allows an attacker to open a session from a different IP address than the one that initiated the connection and cause a denial of service for t...

CVE-2025-64126

An OS command injection vulnerability exists due to improper input validation. The application accepts a parameter directly from user input without verifying it is a valid IP address or filtering potentially malicious characters. This could allow an unauthenticated attacker to inject arbitrary...

CVE-2025-11521

The Astra Security Suite – Firewall & Malware Scan plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient validation of remote URLs for zip downloads and an easily guessable key in all versions up to, and including, 0.2. This makes it possible for unauthenticated attacke...

CVE-2025-64688

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers...

CVE-2025-55155

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.27.1 and below, when a user edits their profile to change their e-mail address, the system saves it without validating that it actually belongs to the user. This could result in storing an invalid email address, preventing...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989334)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989334 advisory. In the Linux kernel, the following vulnerability has been resolved: net: mdio: validate parameter addr in mdiobusgetphy The caller may pass any value as addr, what m...

Server Side Request Forgery (SSRF)

Ghost is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of user-supplied URLs, which allows an attacker to send crafted requests to internal resources and potentially access sensitive information...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 5.6.14, which stems from insufficient validatio...