CVE-2025-54782

Nest is a framework for building scalable Node.js server-side applications. In versions 0.2.0 and below, a critical Remote Code Execution RCE vulnerability was discovered in the @nestjs/devtools-integration package. When enabled, the package exposes a local development HTTP server with an API...

GHSA-85CG-CMQ5-QJM7 @nestjs/devtools-integration: CSRF to Sandbox Escape Allows for RCE against JS Developers

Summary A critical Remote Code Execution RCE vulnerability was discovered in the @nestjs/devtools-integration package. When enabled, the package exposes a local development HTTP server with an API endpoint that uses an unsafe JavaScript sandbox safe-eval-like implementation. Due to improper...

CVE-2025-53541

Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1751892857 and Tuleap Enterprise Edition prior to 16.8-5 and 16.9-3, malicious users with some control over certain artifacts could inser...

MCP Server Prompt Injection

Model Context Protocol MCP Server Prompt Injection occurs when malicious actors use tools response to inject malicious prompts to the calling LLM through the MCP client. This can lead to the execution of unauthorized commands, data corruption, or the deployment of malicious tools. Such...

CVE-2025-43227

This issue was addressed through improved state management. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may disclose sensitive user information...

CVE-2025-43216

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash...

CVE-2025-53541

Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1751892857 and Tuleap Enterprise Edition prior to 16.8-5 and 16.9-3, malicious users with some control over certain artifacts could inser...

CVE-2025-52899

Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1750843170 and Tuleap Enterprise Edition prior to 16.8-4 and 16.9-2, the forgot password form allows for user enumeration. This is fixed ...

CVE-2025-53902

Tuleap exposes confidential artifact information to unauthorized users via email notifications. CVE-2025-53902 affects Tuleap Community Edition <16.9.99.1752585665 and Tuleap Enterprise Edition <16.8-6 and

CVE-2025-53902 Tuleap exposes artifacts to a mentioned user via email notifications

Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1752585665 and Tuleap Enterprise Edition prior to 16.8-6 and 16.9-5, users may potentially access confidential information from artifacts...

CVE-2025-53541

CVE-2025-53541 affects Tuleap Community Edition (before 16.9.99.1751892857) and Tuleap Enterprise Edition (before 16.8-5 and 16.9-3). Malicious users could insert malicious code when displaying the children of a parent artifact, causing XSS. The fixed versions are Tuleap Community Edition 16.9.99...

CVE-2025-52899 Tuleap vulnerable to user enumeration via the lost password form

Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1750843170 and Tuleap Enterprise Edition prior to 16.8-4 and 16.9-2, the forgot password form allows for user enumeration. This is fixed ...

CVE-2025-52899 Tuleap vulnerable to user enumeration via the lost password form

Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1750843170 and Tuleap Enterprise Edition prior to 16.8-4 and 16.9-2, the forgot password form allows for user enumeration. This is fixed ...

RLSA-2025:11802 Important: nodejs:22 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: sqlite: Integer Truncation in SQLite CVE-2025-6965 For more details about the security issues, including the impact, a CVSS score, acknowledgments...

nodejs:20 security update

An update is available for module.nodejs-nodemon, module.nodejs-packaging, nodejs, nodejs-nodemon, module.nodejs, nodejs-packaging. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

RLSA-2025:8514 Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Remote Crash via SignTraits::DeriveBits in Node.js CVE-2025-23166 For more details about the security issues, including the impact, a CVSS...

RLSA-2025:11803 Important: nodejs:22 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: sqlite: Integer Truncation in SQLite CVE-2025-6965 For more details about the security issues, including the impact, a CVSS score, acknowledgments...

RLSA-2025:8506 Important: nodejs:22 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Remote Crash via SignTraits::DeriveBits in Node.js CVE-2025-23166 For more details about the security issues, including the impact, a CVSS...

nodejs:22 security update

An update is available for module.nodejs-nodemon, nodejs, nodejs-nodemon, nodejs-packaging, module.nodejs, module.nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Important: nodejs:22 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: sqlite: Integer Truncation in SQLite CVE-2025-6965 For more details about the security issues, including the impact, a CVSS score, acknowledgments...