Linux Distros Unpatched Vulnerability : CVE-2025-40220

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fuse: fix livelock in synchronous file put from fuseblk workers I observed a hang when running generic/323 against a fuseblk server. This test opens a file,...

Linux Distros Unpatched Vulnerability : CVE-2025-40243

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hfs: fix KMSAN uninit-value issue in hfsfindsetzerobits The syzbot reported issue in hfsfindsetzerobits: =====================================================...

PT-2025-49149

Name of the Vulnerable Software and Affected Versions Anthropic Sandbox Runtime versions prior to 0.0.16 Description Anthropic Sandbox Runtime is a sandboxing tool designed to enforce filesystem and network restrictions on processes. Prior to version 0.0.16, a flaw in the sandboxing logic allowed...

PT-2025-49076

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.18.0-rc4-djwx Description The Linux kernel contains a flaw related to out-of-bounds memory access during symlink repair within the XFS filesystem. Specifically, an incorrect calculation in the min function lead...

CVE-2025-66371

Peppol-py before 1.1.1 allows XXE attacks because of the Saxon configuration. When validating XML-based invoices, the XML parser could read files from the filesystem and expose their content to a remote host...

Oracle Linux 9 : kernel (ELSA-2025-21112)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-21112 advisory. - crypto: xts - Handle EBUSY correctly Vladis Dronov RHEL-119236 CVE-2023-53494 - ipv6: sr: Fix MAC comparison to be constant-time CKI Backport Bot...

UBUNTU-CVE-2025-64750

SingularityCE and SingularityPRO are open source container platforms. Prior to SingularityCE 4.3.5 and SingularityPRO 4.1.11 and 4.3.5, if a user relies on LSM restrictions to prevent malicious operations then, under certain circumstances, an attacker can redirect the LSM label write operation so...

Use of Incorrectly-Resolved Name or Reference

Overview Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference in the handling of procfs file writes that leads to improper enforcement of the two --security options: --security=apparmor: and --security=selinux:. An attacker can bypass intended security...

BIT-FLUX-2022-24877 Improper path handling in kustomization files allows path traversal

Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to expose sensitive data from the controller’s pod filesystem and possibly privilege escalation in multi-tenancy deployments...

CVE-2025-64750 Singluarity ineffectively applies of selinux / apparmor LSM process labels

SingularityCE and SingularityPRO are open source container platforms. Prior to SingularityCE 4.3.5 and SingularityPRO 4.1.11 and 4.3.5, if a user relies on LSM restrictions to prevent malicious operations then, under certain circumstances, an attacker can redirect the LSM label write operation so...

EUVD-2025-200255

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to escalate privileges by booting from a USB device with a valid root filesystem. This occurs because of insecure default settings in the Legacy GRUB Bootloader...

CVE-2025-66302 Grav vulnerable to Path Traversal allowing server files backup

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A path traversal vulnerability has been identified in Grav CMS, allowing authenticated attackers with administrative privileges to read arbitrary files on the underlying server filesystem. This vulnerability arises due to insufficient inp...

CVE-2025-66302 Grav vulnerable to Path Traversal allowing server files backup

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A path traversal vulnerability has been identified in Grav CMS, allowing authenticated attackers with administrative privileges to read arbitrary files on the underlying server filesystem. This vulnerability arises due to insufficient inp...

OESA-2025-2765 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries.CVE-2024-36357 In the Lin...

CLSA-2025-1764325063 libblockdev: Fix of CVE-2025-6019

CVE-2025-6019: don't allow suid and dev set on fs resize...

Peppol-py is vulnerable to XXE attacks due to Saxon configuration

Peppol-py before 1.1.1 allows XXE attacks because of the Saxon configuration. When validating XML-based invoices, the XML parser could read files from the filesystem and expose their content to a remote host...

CVE-2025-66371

Peppol-py before 1.1.1 allows XXE attacks because of the Saxon configuration. When validating XML-based invoices, the XML parser could read files from the filesystem and expose their content to a remote host...

CVE-2025-66371

Peppol-py before 1.1.1 allows XXE attacks because of the Saxon configuration. When validating XML-based invoices, the XML parser could read files from the filesystem and expose their content to a remote host...

EUVD-2025-199852

Peppol-py before 1.1.1 allows XXE attacks because of the Saxon configuration. When validating XML-based invoices, the XML parser could read files from the filesystem and expose their content to a remote host...

EUVD-2025-199851

Kivitendo before 3.9.2 allows XXE injection. By uploading an electronic invoice in the ZUGFeRD format, it is possible to read and exfiltrate files from the server's filesystem...