SUSE-SU-2025:1004-2 Security update for python-Jinja2

This update for python-Jinja2 fixes the following issues: - CVE-2025-27516: Fixed sandbox breakout through attr filter selecting format method bsc1238879...

EUVD-2025-202375

Malicious code in rum-events-format npm...

Malicious Package

Overview rum-events-format is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in rum-events-format (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f6a17ba09614cd69d096859385577957b2737a3dce290dda9712c51fd7179c5 The package rum-events-format was found to contain malicious code. Source: ghsa-malware...

MAL-2025-192417 Malicious code in rum-events-format (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f6a17ba09614cd69d096859385577957b2737a3dce290dda9712c51fd7179c5 The package rum-events-format was found to contain malicious code. Source: ghsa-malware...

PT-2025-50515

Eibiz i-Media Server Digital Signage 3.8.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through AMF-encoded object manipulation. Attackers can send crafted serialized objects to the /messagebroker/amf endpoint to create administrative...

CVE-2025-65296

CVE-2025-65296 affects Aqara Hub M2 (version 4.3.6_0027), Aqara Hub M3 (4.3.6_0025), and Aqara Camera Hub G3 (4.1.9_0027). The issue is a NULL-pointer dereference in the JSON processing component, which enables denial-of-service attacks via malformed JSON inputs. Public details consistently descr...

CLSA-2025-1765310613 python-jinja2: Fix of CVE-2024-56326

CVE-2024-56326: fix format string vulnerability impacting users of applications which execute untrusted template...

CLSA-2025-1765289777 Fix CVE(s): CVE-2025-11839, CVE-2025-11840

SECURITY UPDATE: remove abort call in debug format printing code - debian/patches/CVE-2025-11839.patch: remove call to abort in the debug format printing code, allowing display of fuzzed input files to complete without triggering an abort - CVE-2025-11839 SECURITY UPDATE: fix SEGV in vfinfo -...

CLSA-2025-1765287413 python-jinja2: Fix of CVE-2024-56326

CVE-2024-56326: fix format string vulnerability impacting users of applications which execute untrusted template...

gimp: GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

A heap-based buffer overflow vulnerability was discovered in GIMP’s DICOM DCM file parser. The flaw occurs because the application fails to properly validate the length of user-supplied data before copying it to a heap buffer. This can lead to arbitrary code execution when a user opens a speciall...

PT-2025-50132

Name of the Vulnerable Software and Affected Versions DNG SDK versions 1.7.0 and earlier Description The DNG SDK is affected by a Heap-based Buffer Overflow that may result in memory exposure or application denial of service. An attacker could exploit this issue to disclose sensitive memory...

crackme-project

Crackme - Binary Exploitation Challenge Projektbeschreibun...

CVE-2025-13066

CVE-2025-13066 refers to the WordPress plugin Demo Importer Plus (versions up to and including 2.0.6) with an authenticated file upload flaw: insufficient file-type validation allows WXR files, letting double-extension files bypass sanitization and upload arbitrary files. The vulnerability requir...

[SECURITY] Fedora 43 Update: xpdf-4.06-1.fc43

Xpdf is an X Window System based viewer for Portable Document Format PDF files. Xpdf is a small and efficient program which uses standard X fonts...

CVE-2025-66516

Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parsers 1.13-1.28.5 modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability as in CVE-2025-54988...

CVE-2025-66516

CVE-2025-66516 is a critical XXE in Apache Tika affecting tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5). The root cause is XML External Entity injection triggered by a crafted XFA file in a PDF, allowing an attacker to access sensitive data or trigger intern...

CVE-2025-66516

Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parsers 1.13-1.28.5 modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability as in CVE-2025-54988...

[SECURITY] Fedora 42 Update: usd-25.02a-3.fc42

Universal Scene Description USD is a time-sampled scene description for interchange between graphics applications...

[SECURITY] Fedora 43 Update: usd-25.08-11.fc43

Universal Scene Description USD is a time-sampled scene description for interchange between graphics applications...