PT-2026-21332

Name of the Vulnerable Software and Affected Versions GIMP versions 3.0.8 through 3.0.8-5 Fedora 43 Description A heap-buffer-overflow exists in the PSD loader component of the software, specifically within the fread pascal string function due to a missing null terminator. This issue can be...

PT-2026-28660

Name of the Vulnerable Software and Affected Versions GIMP affected versions not specified Description A heap buffer over-read exists in the PCX file loader due to an off-by-one error. A remote attacker can exploit this by tricking a user into opening a specially crafted PCX image, potentially...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992708)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992708 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: zero idisksize when initializing the bootloader inode If the boot loader inode has never...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993296)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993296 advisory. In the Linux kernel, the following vulnerability has been resolved: powerpc/spufs: Fix refcount leak in spufsinitisolatedloader offindnodebypath returns remote devic...

SUSE-RU-2026:20004-1 Recommended update for shim

This update for shim fixes the following issues: This update for shim fixes the following issues: shim is updated to version 16.1: - shimstartimage: fix guid/handle pairing when uninstalling protocols - Fix uncompressed ipv6 netboot - fix test segfaults caused by uninitialized memory -...

Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor

The Chinese hacking group known as Mustang Panda aka HoneyMyte has leveraged a previously undocumented kernel-mode rootkit driver to deliver a new variant of backdoor dubbed TONESHELL in a cyber attack detected in mid-2025 targeting an unspecified entity in Asia. The findings come from Kaspersky,...

PT-2025-53148

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to ext4 quota handling. Specifically, a bug in the es tree search function can occur due to a bad quota inode. This issue arises when the inode...

CVE-2025-68475

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2, a Regular Expression Denial of Service ReDoS vulnerability exists in Fedify's document loader. The HTML parsing regex at...

OPENSUSE-SU-2026:20000-1 Security update for salt

This update for salt fixes the following issues: Changes in salt: - Add minimumauthversion to enforce security CVE-2025-62349 - Backport security fixes for vendored tornado BDSA-2024-3438 BDSA-2024-3439 BDSA-2024-9026 - Junos module yaml loader fix CVE-2025-62348 - Require Python dependencies onl...

Malicious code in @ownbackup/ob-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 687afc025587f4d90747fd2ebf5cfe350f93f2abc39393f85d07fa96c69161e3 The package @ownbackup/ob-loader was found to contain malicious code...

MAL-2025-192705 Malicious code in @ownbackup/ob-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 687afc025587f4d90747fd2ebf5cfe350f93f2abc39393f85d07fa96c69161e3 The package @ownbackup/ob-loader was found to contain malicious code...

EUVD-2025-204948

Malicious code in @ownbackup/ob-loader npm...

CVE-2025-68475

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2, a Regular Expression Denial of Service ReDoS vulnerability exists in Fedify's document loader. The HTML parsing regex at...

Fedify has ReDoS Vulnerability in HTML Parsing Regex

Hi Fedify team! 👋 Thank you for your work on Fedify—it's a fantastic library for building federated applications. While reviewing the codebase, I discovered a Regular Expression Denial of Service ReDoS vulnerability that I'd like to report. I hope this helps improve the project's security. ---...

EUVD-2025-204741

Fedify has ReDoS Vulnerability in HTML Parsing Regex...

GHSA-RCHF-XWX2-HM93 Fedify has ReDoS Vulnerability in HTML Parsing Regex

Hi Fedify team! 👋 Thank you for your work on Fedify—it's a fantastic library for building federated applications. While reviewing the codebase, I discovered a Regular Expression Denial of Service ReDoS vulnerability that I'd like to report. I hope this helps improve the project's security. ---...

CVE-2025-68475

CVE-2025-68475 describes a ReDoS in Fedify's HTML document loader. A vulnerable regex in packages/fedify/src/runtime/docloader.ts uses nested quantifiers that enable catastrophic backtracking when parsing malicious HTML, potentially blocking the Node.js event loop. Affected versions are prior to ...

CVE-2025-68475 Fedify has ReDoS Vulnerability in HTML Parsing Regex

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2, a Regular Expression Denial of Service ReDoS vulnerability exists in Fedify's document loader. The HTML parsing regex at...

CVE-2025-68475 Fedify has ReDoS Vulnerability in HTML Parsing Regex

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2, a Regular Expression Denial of Service ReDoS vulnerability exists in Fedify's document loader. The HTML parsing regex at...

CVE-2025-68475 Fedify has ReDoS Vulnerability in HTML Parsing Regex

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2, a Regular Expression Denial of Service ReDoS vulnerability exists in Fedify's document loader. The HTML parsing regex at...