Vite Plugin React 安全漏洞

Vite Plugin React is an open source plugin for Vite. A security vulnerability exists in Vite Plugin React versions prior to 0.5.8 that stems from an arbitrary file read vulnerability in the /viterscfindSourceMapURL endpoint...

PT-2025-51689

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.14.0-rc2-build2+ 1266 Description The Linux kernel contains a flaw in libceph related to a potential use-after-free condition within the have mon and osd map function. The issue arises from a race condition in...

Moderate: podman security update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: golang: archive/tar: Unbounded allocation when parsing GNU sparse map CVE-2025-58183 For...

Linux Distros Unpatched Vulnerability : CVE-2025-68227

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mptcp: Fix proto fallback detection with BPF The sockmap feature allows bpf syscall from userspace, or based on bpf sockops, replacing the skprot of sockets...

PT-2025-51625

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's handling of mount string statistics within the statmount string function. Specifically, the offp variable, intended to track the output offset, remain...

ALSA-2025:23325 Moderate: podman security update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: golang: archive/tar: Unbounded allocation when parsing GNU sparse map CVE-2025-58183 For...

ALSA-2025:23295 Moderate: podman security update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: golang: archive/tar: Unbounded allocation when parsing GNU sparse map CVE-2025-58183 For...

ALSA-2025:23294 Moderate: skopeo security update

The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fixes: golang: archive/tar: Unbounded allocation when parsing GNU sparse map CVE-2025-58183 For more details about the security issues,...

AlmaLinux 9 : grafana (ALSA-2025:23087)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:23087 advisory. golang: archive/tar: Unbounded allocation when parsing GNU sparse map CVE-2025-58183 Tenable has extracted the preceding description block directly from the...

openSUSE 16 Security Update : go1.25 (openSUSE-SU-2025:20157-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025:20157-1 advisory. Update to go1.25.5. Security issues fixed: - CVE-2025-61729: crypto/x509: excessive resource consumption in printing error string for host...

RLSA-2025:23088 Moderate: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang: archive/tar: Unbounded allocation when parsing GNU sparse map CVE-2025-58183 For more details about the security issues, including the impact, a CVSS score,...

kernel security update

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

Remote Code Execution (RCE)

vLLM is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe dynamic loading and execution of classes from remote repositories via the automap configuration, which allows an attacker to execute arbitrary code even when trustremotecode is disabled...

CVE-2025-13846

The Easy Map Creator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acces...

RockyLinux 8 : kernel-rt (RLSA-2025:22800)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:22800 advisory. kernel: mm: kmem: fix a NULL pointer dereference in objstockflushrequired CVE-2023-53401 kernel: RDMA/rxe: Fix incomplete state save in rxerequester...

CVE-2025-14534

A vulnerability was determined in UTT 进取 512W up to 3.1.7.7-171114. This impacts the function strcpy of the file /goform/formNatStaticMap of the component Endpoint. Executing manipulation of the argument NatBind can lead to buffer overflow. The attack can be launched remotely. The exploit has bee...

OPENSUSE-SU-2025:20158-1 Security update for go1.24

This update for go1.24 fixes the following issues: Update to go1.24.11. Security issues fixed: - CVE-2025-47912: net/url: insufficient validation of bracketed IPv6 hostnames bsc1251257. - CVE-2025-58183: archive/tar: unbounded allocation when parsing GNU sparse map bsc1251261. - CVE-2025-58185:...

EUVD-2025-202959

The LS Google Map Router plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'maptype' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

EUVD-2025-202991

The Easy Map Creator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acces...

CVE-2025-13850

The LS Google Map Router plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'maptype' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...