CVE-2025-30273 QTS, QuTS hero

An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory. We have already fixed the vulnerability in the following versions: QTS 5.2.5.314...

CVE-2025-30265

CVE-2025-30265 describes a buffer overflow in QNAP QTS and QuTS hero. The vulnerability arises from an application boundary error when handling untrusted input, permitting a remote attacker who has a user account to modify memory or crash processes. Affected products include QTS and QuTS hero; fi...

CGA-VR55-2G25-R3J2

Bulletin has no description...

CGA-286W-X6R9-WG7Q

Bulletin has no description...

GHSA-4X4M-3C2P-QPPC vulnerabilities

Vulnerabilities for packages: azurefile-csi, kubernetes-dns-node-cache, kapp, node-feature-discovery, cluster-autoscaler-fips, mesosphere-vsphere-csi, argocd-image-updater-fips, node-feature-discovery-fips, yunikorn-k8shim-fips, kubernetes-csi-driver-nfs-fips, k8ssandra-client-fips,...

GHSA-JC7W-C686-C4V9 vulnerabilities

Vulnerabilities for packages: gitea-fips, datadog-agent-fips, falco, gotenberg, k9s, gitleaks, cloudbeat-fips, gitness, guac, envoy-gateway-fips, zarf, trivy-fips, syft-fips, grafana-alloy, google-osconfig-agent, nsc-fips, terraform, nuclei, trivy-operator, tflint, bootc-image-builder,...

Amazon Disrupts APT29 Watering Hole Campaign Abusing Microsoft Device Code Authentication

Amazon on Friday said it flagged and disrupted what it described as an opportunistic watering hole campaign orchestrated by the Russia-linked APT29 actors as part of their intelligence gathering efforts. The campaign used "compromised websites to redirect visitors to malicious infrastructure...

CGA-7M7P-CMWC-CPPQ

Bulletin has no description...

CVE-2025-9606

Portabilis i-Educar (up to 2.10; some sources indicate a fix in 2.11) has a SQL injection in /intranet/agenda_preferencias.php via the cod_agenda parameter. The vulnerability allows remote exploitation and the exploit is publicly available. Affected component: the unknown functionality surroundin...

CVE-2025-57809 vulnerabilities

Vulnerabilities for packages: tritonserver-backend-vllm...

openSUSE Security Advisory (SUSE-SU-2025:02993-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7725-2: Linux kernel (Real-time) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Overlay file system; - Network traffic control; CVE-2025-21887, CVE-2024-57996, CVE-2025-38350, CVE-2025-37752...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues

Summary IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerabilities have been addressed in this update. Please read the details for remediation below. Vulnerability...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details CVEID:CVE-2021-23336...

CLSA-2025-1756409595 clamav: Fix of 4 CVEs

Update to 1.4.3 LTS - CVE-2025-20260: Fixed a possible buffer overflow write bug in the PDF file parser - CVE-2025-20234: Fixed a possible buffer overflow read bug in the UDF file parser - CVE-2025-20128: Fixed a possible buffer overflow read bug in the OLE2 file parser - CVE-2024-20506: Changed...

GHSA-5PM9-R2M8-RCMJ

creationtimestamp| type| source ---|---|--- 2025-08-28 17:53:15+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115107665952068380...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Improper Access Control vulnerability in Apache Commons [CVE-2025-48734]

Summary Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Improper Access Control vulnerability in Apache Commons, where the BeanIntrospector class is not enabled by default, and could allow an attacker to access the enum's class loader via the "declaredClass" property...

The API Security Reality Check: Key Takeaways from Q2 2025 API ThreatStats Report

API security has never been more crucial. Vulnerabilities are growing in volume and severity. AI integrations are a burgeoning attack vector. Increasing GraphQL adoption presents hidden dangers. To protect your organization, you must secure your APIs. Keep reading for our key takeaways from the...

Arbitrary File Deletion

github.com/ollama/ollama is vulnerable to arbitrary file deletion. The vulnerability is due to improper validation of crafted packets sent to the /api/pull endpoint, which allows an attacker to delete arbitrary files...

MAL-2025-41514 Malicious code in @twork-data-services/proxy-prime-api-v1-account-counters (npm)

--- -= Per source details. Do not edit below this line.=-...