Security update for the Linux Kernel

This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE update use the SUSE...

PYSEC-2025-69

In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates devel and responsive...

UBUNTU-CVE-2025-53865

In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates devel and responsive...

Exploit for CVE-2025-31125

Vite Exploit CVE-2025-31125 Description: Exploits path tr...

[SECURITY] Fedora 42 Update: python3.6-3.6.15-47.fc42

Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software...

[SECURITY] Fedora 41 Update: php-8.3.23-1.fc41

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

Magento 2 Shipping Automation: Cut Costs While Enhancing Customer Experience

Disclosure: The information in this article highlights Elsner’s Magento development offerings and related solutions...

Understanding the NCSC’s New API Security Guidance

Legislative, regulatory, and advisory bodies the world over are waking up to the importance of API security. Most recently, the UK’s National Cyber Security Centre NCSC has published detailed guidance on best practices for building and maintaining secure APIs. In this blog, we’ll break down that...

Information Disclosure

@cloudflare/vite-plugin is vulnerable to information disclosure. The vulnerability is due to the default configuration exposing all files via the local development server, which allows an attacker to access sensitive files like .env and .dev.vars that may contain secrets...

Building Serverless Apps with Spin and HTMX

A tutorial on building serverless applications using Fermyon Spin and htmx, demonstrating a shopping list app with a Rust back end and htmx-enhanced front end...

PT-2025-30105 · Npm · @Cloudflare/Vite-Plugin

Summary Note: originally posted on H1 but closed. Cross-posting over to here in abundance of caution instead of a public issue. When utilising the Cloudflare Vite plugin in its default configuration, all files are exposed by the local dev server, including files in the root directory that contain...

CVE-2025-3264 Regular Expression Denial of Service (ReDoS) in huggingface/transformers

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically in the getimports function within dynamicmoduleutils.py. This vulnerability affects versions 4.49.0 and is fixed in version 4.51.0. The issue arises from a regular...

OSCP-Prep

This is a comprehensive guide for information security infosec professionals, particularly those preparing for the OSCP Offensive Security Certified Professional exam. The guide is a collection of various files, including a PDF document, a text file, and a set of cheat sheets. The PDF document,...

libetebase-devel-0.5.8-1.1 on GA media (moderate)

libetebase-devel-0.5.8-1.1 on GA media Announcement ID: openSUSE-SU-2025:15238-1 Rating: moderate Cross-References: CVE-2025-3416 CVSS scores: CVE-2025-3416 SUSE : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2025-3416 SUSE : 6.3...

CVE-2025-38187 drm/nouveau: fix a use-after-free in r535_gsp_rpc_push()

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix a use-after-free in r535gsprpcpush The RPC container is released after being passed to r535gsprpcsend. When sending the initial fragment of a large RPC and passing the caller's RPC container, the container will b...

Model Context Protocol Python SDK 安全漏洞

Model Context Protocol Python SDK is a Model Context Protocol open source development tool for Model Context Protocol servers and clients. A security vulnerability exists in the Model Context Protocol Python SDK prior to version 1.9.4, which stems from an unhandled exception when handling malform...

SAMEP: a Secure Protocol for Persistent Context Sharing across AI Agents

Current AI agent architectures suffer from ephemeral memory limitations, preventing effective collaboration and knowledge sharing across sessions and agent boundaries. We introduce SAMEP Secure Agent Memory Exchange Protocol, a novel framework that enables persistent, secure, and semantically...

OPENSUSE-SU-2025:15239-1 libgcrypt-devel-1.11.1-2.1 on GA media

These are all security issues fixed in the libgcrypt-devel-1.11.1-2.1 package on the GA media of openSUSE Tumbleweed...

CVE-2025-20309

A vulnerability in Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that...

CVE-2025-48991

Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a vulnerability present in Tuleap Community Edition prior to version 16.8.99.1748845907 and Tuleap Enterprise Edition prior to versions 16.8-3 and 16.7-5 to trick victims into...