Amazon Linux 2023 : fontforge, fontforge-devel (ALAS2023-2025-1262)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1262 advisory. FontForge v20230101 was discovered to contain a memory leak via the component DlgCreate8. CVE-2025-50949 Tenable has extracted the preceding description block directly from the tested product security...

[SECURITY] Fedora 41 Update: dotnet9.0-9.0.111-1.fc41

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

SUSE SLES15 / openSUSE 15 Security Update : java-11-openjdk (SUSE-SU-2025:3996-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3996-1 advisory. Upgrade to upstream tag jdk-11.0.29+7 October 2025 CPU: - CVE-2025-53057: Fixed unauthenticated attacker can achieve...

[SECURITY] Fedora 42 Update: dtkwidget-5.7.7-4.fc42

DtkWidget is Deepin graphical user interface for deepin desktop development...

Security update for sccache

This update for sccache fixes the following issues: CVE-2025-55159 - updated slab with the uninit memory access fix bsc1248003 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...

kernel-devel-6.17.7-1.1 on GA media (moderate)

kernel-devel-6.17.7-1.1 on GA media Announcement ID: openSUSE-SU-2025:15702-1 Rating: moderate Cross-References: CVE-2025-40018 CVE-2025-40019 CVE-2025-40025 CVE-2025-40026 CVE-2025-40027 CVE-2025-40028 CVE-2025-40029 CVE-2025-40030 CVE-2025-40031 CVE-2025-40032 CVE-2025-40033 CVE-2025-40034...

CVE-2025-11953

The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary...

Critical React Native CLI Flaw Exposed Millions of Developers to Remote Attacks

Details have emerged about a now-patched critical security flaw in the popular "@react-native-community/cli" npm package that could be potentially exploited to run malicious operating system OS commands under certain conditions. "The vulnerability allows remote unauthenticated attackers to easily...

[SECURITY] Fedora 43 Update: dotnet9.0-9.0.111-1.fc43

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

OPENSUSE-SU-2025:15702-1 kernel-devel-6.17.7-1.1 on GA media

These are all security issues fixed in the kernel-devel-6.17.7-1.1 package on the GA media of openSUSE Tumbleweed...

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and WebSphere Application Server Liberty due to the October 2025 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVEs listed in this document might affect some configurations of IBM WebSphere Application Server traditiona...

EUVD-2025-37505

The Metro Development Server, which is opened by the React Native CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary...

@react-native-community/cli has arbitrary OS command injection

The Metro Development Server, which is opened by the React Native CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary...

CVE-2025-11953

The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary...

CVE-2025-11953

The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary...

CVE-2025-11953 Command injection in React Native Community CLI allows remote attackers to perform remote code execution by sending HTTP requests

The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary...

CVE-2025-11953

The CVE-2025-11953 issue affects the React Native Community CLI Server API Node.js Package (versions 4.8.0 up to, but not including, 20.0.0). The Metro Development Server bound to external interfaces exposes an endpoint vulnerable to OS command injection, enabling unauthenticated network attacker...

CVE-2025-11953 Command injection in React Native Community CLI allows remote attackers to perform remote code execution by sending HTTP requests

The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary...

Azure Access Technology BLU-IC2和Azure Access Technology BLU-IC4 安全漏洞

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in the Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 that stems from multiple devices sharing the...

Photon OS 4.0: Openjdk21 PHSA-2025-4.0-0896

An update of the openjdk21 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0896. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...