GHSA-J3W7-9QC3-G96P Kottster app reinitialization can be re-triggered allowing command injection in development mode

Impact Development mode only. Kottster contains a pre-authentication remote code execution RCE vulnerability when running in development mode. The vulnerability combines two issues: 1. The initApp action can be called repeatedly without checking if the app is already initialized, allowing attacke...

EUVD-2025-35701

Kottster app reinitialization can be re-triggered allowing command injection in development mode...

Access Control Bypass

Overview @kottster/common is a Common types and utilities for Kottster Affected versions of this package are vulnerable to Access Control Bypass via the initApp and installPackagesForDataSource actions. An attacker can gain unauthorized administrative access and execute arbitrary system commands ...

Kottster 访问控制错误漏洞

Kottster is an instant Node.js admin panel from kottster open source. It is secure, self-hosted and easy to set up. An access control error vulnerability exists in Kottster versions 3.2.0 through prior to 3.3.2, which stems from a pre-authenticated remote code execution vulnerability in developme...

RHEL 7 : java-1.8.0-openjdk (RHSA-2025:18814)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:18814 advisory. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security...

PT-2025-43531

Name of the Vulnerable Software and Affected Versions Kottster versions 3.2.0 through 3.3.1 Description Kottster is a self-hosted Node.js admin panel. Versions 3.2.0 through 3.3.1 contain a pre-authentication remote code execution RCE vulnerability when running in development mode. Production...

RHEL 10 / 8 / 9 : java-21-openjdk (RHSA-2025:18824)

The remote Redhat Enterprise Linux 10 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:18824 advisory. The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security...

Moderate: Red Hat Security Advisory: OpenJDK 17.0.17 Security Update for Portable Linux Builds

An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References...

Ask What Your Country Can Do for You: Towards a Public Red Teaming Model

AI systems have the potential to produce both benefits and harms, but without rigorous and ongoing adversarial evaluation, AI actors will struggle to assess the breadth and magnitude of the AI risk surface. Researchers from the field of systems design have developed several effective sociotechnic...

CVE-2025-61755

Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE component: Compiler. Supported versions that are affected are Oracle GraalVM for JDK: 17.0.16 and 21.0.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromi...

UBUNTU-CVE-2025-53066

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle...

EUVD-2025-35254

Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE component: Compiler. Supported versions that are affected are Oracle GraalVM for JDK: 17.0.16 and 21.0.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromi...

CVE-2025-53057

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracl...

Node.js Express DevMode Enabled

Node.js Express installed on the remote host is configured to operate in development mode devMode. While this environment can help speed up development of web applications, it can leak information about the underlying web applications as well as the installation of Express, Node.js. No source dat...

CVE-2025-62353

A path traversal vulnerability in all versions of the Windsurf IDE enables a threat actor to read and write arbitrary local files in and outside of current projects on an end user’s system. The vulnerability can be reached directly and through indirect prompt injection...

PT-2025-42804

Name of the Vulnerable Software and Affected Versions Vite versions 2.9.18 through 3.0.0 Vite versions 3.2.9 through 4.0.0 Vite versions 4.5.3 through 5.0.0 Vite versions 5.2.6 through 5.4.21 Vite versions 6.0.0 through 6.4.1 Vite versions 7.0.0 through 7.0.8 Vite versions 7.1.0 through 7.1.11...

.NET 8.0 security update

An update is available for dotnet8.0. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET is a managed-software framework. It implements a subset of the .NET...

.NET 9.0 security update

An update is available for dotnet9.0. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET is a managed-software framework. It implements a subset of the .NET...

CVE-2025-62353

A path traversal vulnerability in all versions of the Windsurf IDE enables a threat actor to read and write arbitrary local files in and outside of current projects on an end user’s system. The vulnerability can be reached directly and through indirect prompt injection...

EUVD-2025-34831

D-Link Nuclias Connect firmware versions = 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Login' endpoint returns distinct JSON responses depending on whether the supplied username is associated with an existing account. Because the responses differ in the...