EUVD-2025-12543

Malicious code in bioql PyPI...

CVE-2025-8679

In ExtremeGuest Essentials before 25.5.0, captive-portal may permit unauthorized access via manual brute-force procedure. Under certain ExtremeGuest Essentials captive-portal SSID configurations, repeated manual login attempts may allow an unauthenticated device to be marked as authenticated and...

CVE-2025-8679 ExtremeGuest Essentials Captive Portal Unauthenticated Brute Force

In ExtremeGuest Essentials before 25.5.0, captive-portal may permit unauthorized access via manual brute-force procedure. Under certain ExtremeGuest Essentials captive-portal SSID configurations, repeated manual login attempts may allow an unauthenticated device to be marked as authenticated and...

BIT-GITLAB-2025-9958 Insertion of Sensitive Information Into Sent Data in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 14.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1, that could have allowed Guest users to access sensitive information stored in virtual registry configurations...

Hitachi Energy MACH GWS

SUMMARY Hitachi Energy is aware of these vulnerabilities that affect the MACH GWS product versions listed in this document. An attacker successfully exploiting these vulnerabilities can cause confidentiality, integrity and availability impacts. Please refer to the Recommended Immediate Actions...

Amazon Linux 2 : cups, --advisory ALAS2-2025-3012 (ALAS-2025-3012)

The version of cups installed on the remote host is prior to 1.6.3-51. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3012 advisory. OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, ...

CVE-2025-9958

An issue has been discovered in GitLab CE/EE affecting all versions from 14.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1, that could have allowed Guest users to access sensitive information stored in virtual registry configurations...

CVE-2025-9958

An issue has been discovered in GitLab CE/EE affecting all versions from 14.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1, that could have allowed Guest users to access sensitive information stored in virtual registry configurations...

CVE-2025-9958

Summary: CVE-2025-9958 affects GitLab CE/EE, with vulnerable versions including all 14.10–14.x prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1. The issue could allow Guest users to access sensitive information stored in virtual registry configurations. The CVSS base score is 7.7 (...

CVE-2025-9958 Insertion of Sensitive Information Into Sent Data in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 14.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1, that could have allowed Guest users to access sensitive information stored in virtual registry configurations...

PT-2025-39629

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 14.10 through 18.2.6 GitLab CE/EE versions 18.3 through 18.3.2 GitLab CE/EE versions 18.4 through 18.4.0 Description An issue exists that could allow Guest users to access sensitive information stored in virtual registry...

CVE-2025-57354

A vulnerability exists in the 'counterpart' library for Node.js and the browser due to insufficient sanitization of user-controlled input in translation key processing. The affected versions prior to 0.18.6 allow attackers to manipulate the library's translation functionality by supplying...

OESA-2025-2320 rubygem-fluentd security update

Fluentd is an open source data collector designed to scale and simplify log management. It can collect, process and ship many kinds of data in near real-time. Security Fixes: Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. A...

NetApp StorageGRID 安全漏洞

NetApp StorageGRID is a suite of object storage solutions from Network Appliance NetApp. A security vulnerability exists in NetApp StorageGRID versions prior to 11.8.0.15 and prior to 11.9.0.8, which stems from susceptibility to a reflective cross-site scripting attack that could result in viewin...

CVE-2023-53169

In the Linux kernel, the following vulnerability has been resolved: x86/resctrl: Clear stagedconfig before and after it is used As a temporary storage, stagedconfig in rdtdomain should be cleared before and after it is used. The stale value in stagedconfig could cause an MSR access error. Here is...

CVE-2023-53169 x86/resctrl: Clear staged_config[] before and after it is used

In the Linux kernel, the following vulnerability has been resolved: x86/resctrl: Clear stagedconfig before and after it is used As a temporary storage, stagedconfig in rdtdomain should be cleared before and after it is used. The stale value in stagedconfig could cause an MSR access error. Here is...

CVE-2023-53169 x86/resctrl: Clear staged_config[] before and after it is used

In the Linux kernel, the following vulnerability has been resolved: x86/resctrl: Clear stagedconfig before and after it is used As a temporary storage, stagedconfig in rdtdomain should be cleared before and after it is used. The stale value in stagedconfig could cause an MSR access error. Here is...

Malicious code in tailwind-configs-viewer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eee3c791a92600ef66a7c4165e740bfeda8da8dad109a35e6db271d6fe07caf7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2025-37533

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists in the Linux kernel related to resource control resctrl where the staged config array in rdt domain is not properly cleared before and after use. This can lead to stale...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the btrfsreduceallocprofile function not handling RAID1C23 and DUP configurations correctly, which could...