CVE-2025-40183 bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6}

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix metadatadst leak bpfredirectneighv4,6 Cilium has a BPF egress gateway feature which forces outgoing K8s Pod traffic to pass through dedicated egress gateways which then SNAT the traffic in order to interact with stable I...

CVE-2025-11700

N-central versions 2025.4 are vulnerable to multiple XML External Entities injection leading to information disclosure...

EUVD-2025-122291

Malicious code in sagitta-xml-child-process-loopback npm...

EUVD-2025-113328

Malicious code in galaxy-andromeda-non-blocking-xml npm...

EUVD-2025-121340

Malicious code in testcafe-callisto-levels-xml npm...

CVE-2025-35968

Protection mechanism failure in the UEFI firmware for the Slim Bootloader within firmware may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via...

kernel: vxlan: check vxlan_vnigroup_init() return value

In the Linux kernel, the following vulnerability has been resolved: vxlan: check vxlanvnigroupinit return value vxlaninit must check vxlanvnigroupinit success otherwise a crash happens later, spotted by syzbot. Oops: general protection fault, probably for non-canonical address 0xdffffc000000002c:...

PT-2025-46437

Name of the Vulnerable Software and Affected Versions UEFI firmware with Slim Bootloader affected versions not specified Description A flaw exists in the UEFI firmware for the Slim Bootloader that could allow for privilege escalation. A local attacker with privileged user access and high complexi...

CVE-2025-64518 CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection

The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Starting in version 2.1.0 and prior to version 11.0.1, the XML Validator used by cyclonedx-core-java was not configured securely, making the library...

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the validation process which use XML Validator with not configured securely. An attacker can access sensitive information from internal files or external resources by submitting specially crafted XM...

Updated strongswan packages fix security vulnerability

Buffer Overflow When Handling EAP-MSCHAPv2 Failure Requests. CVE-2025-62291...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990523)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990523 advisory. In the Linux kernel, the following vulnerability has been resolved: xhci: Fix command ring pointer corruption while aborting a command The command ring pointer is...

CVE-2025-47151

A type confusion vulnerability exists in the lassonodeimplinitfromxml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability...

PT-2025-45110

Name of the Vulnerable Software and Affected Versions Entr'ouvert Lasso versions 2.5.1 and 2.8.2 Description A type confusion issue exists within the lasso node impl init from xml function. A specially crafted SAML response can trigger this issue, potentially leading to arbitrary code execution. ...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989074)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989074 advisory. In the Linux kernel, the following vulnerability has been resolved: efi: runtime: avoid EFIv2 runtime services on Apple x86 machines Aditya reports 0 that his recent...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989446)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989446 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/ioremap: Map EFI-reserved memory as encrypted for SEV Some drivers require memory that is...

EUVD-2025-37511

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...

Astra Linux – Vulnerability in libxml2

A flaw was discovered in the xmlBuildQName function of libxml2. Integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue may result in memory corruption or a denial of service when processing malicious input...

Astra Linux – Vulnerability in libxml2

A vulnerability was discovered in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to create a malicious XML input file that can cause libxml to crash, resulting in a denial of service or other undefined...

efi: Don't map the entire mokvar table to determine its size

...