PT-2025-48580

Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.11.1 Description vLLM is an inference and serving engine for large language models LLMs. A critical issue exists in the Nemotron Nano VL Config class where remote code execution can occur. When vLLM loads a model...

PUB-A-326045940

In bigomap of bigoiommu.c, there is a possible information disclosure due to a use after free. This could lead to local escalation of privilege in the OS Kernel level with System execution privileges needed. User interaction is not needed for exploitation...

RUSTSEC-2025-0132 `Reader::open_mmap` unsoundly marks unsafe memmap operation as safe

maxminddb prior to version 0.27 declared Reader::openmmap as safe despite wrapping an inherently unsafe memmap2 operation with no extra step done to guarantee safety. This could have led to undefined behaviour if the file were to be modified on disk while the memory map was still active...

`Reader::open_mmap` unsoundly marks unsafe memmap operation as safe

maxminddb prior to version 0.27 declared Reader::openmmap as safe despite wrapping an inherently unsafe memmap2 operation with no extra step done to guarantee safety. This could have led to undefined behaviour if the file were to be modified on disk while the memory map was still active...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The package was flagged as malicious during the Sha1-hulud supply chain attack. Although the Sha1-hulud IoCs are not present within the package, the contents of the affected version were removed from the officia...

OPENSUSE-SU-2025:20099-1 Security update for xwayland

This update for xwayland fixes the following issues: - CVE-2025-62229: Fixed use-after-free in XPresentNotify structures creation bsc1251958. - CVE-2025-62230: Fixed use-after-free in Xkb client resource removal bsc1251959. - CVE-2025-62231: Fixed value overflow in Xkb extension XkbSetCompatMap...

SUSE-SU-2025:21149-1 Security update for xwayland

This update for xwayland fixes the following issues: - CVE-2025-62229: Fixed use-after-free in XPresentNotify structures creation bsc1251958. - CVE-2025-62230: Fixed use-after-free in Xkb client resource removal bsc1251959. - CVE-2025-62231: Fixed value overflow in Xkb extension XkbSetCompatMap...

libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c

A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map', leading to stack exhaustion and a local denial of service...

libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c

A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map', leading to stack exhaustion and a local denial of service...

Moderate: Red Hat Security Advisory: libxml2 security update

An update for libxml2 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c

A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map', leading to stack exhaustion and a local denial of service...

PT-2025-52891

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the Linux kernel’s BPF Berkeley Packet Filter implementation related to exclusive maps. Specifically, when excl prog hash is zero and excl prog hash size is...

CVE-2025-21621

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.25.0, a reflected cross-site scripting XSS vulnerability exists in the WMS GetFeatureInfo HTML output format that enables a remote attacker to execute arbitrary JavaScript code in a victim's...

EUVD-2025-199607

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.25.0, a reflected cross-site scripting XSS vulnerability exists in the WMS GetFeatureInfo HTML output format that enables a remote attacker to execute arbitrary JavaScript code in a victim's...

CVE-2025-21621 GeoServer Reflected Cross-Site Scripting (XSS) vulnerability in WMS GetFeatureInfo HTML format

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.25.0, a reflected cross-site scripting XSS vulnerability exists in the WMS GetFeatureInfo HTML output format that enables a remote attacker to execute arbitrary JavaScript code in a victim's...

CVE-2025-58360

GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External Entity XXE vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap...

CVE-2025-58360 GeoServer is vulnerable to an Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature

GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External Entity XXE vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap...

EUVD-2025-199606

GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External Entity XXE vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap...

CVE-2025-58360

CVE-2025-58360 : GeoServer contains an XML External Entity (XXE) vulnerability in the GetMap operation (/geoserver/wms). The issue arises from insufficient XML input sanitization, allowing external entities to be defined in requests. Affected: GeoServer versions 2.26.0–2.26.1 and 2.25.0–2.25.5 (i...

CVE-2025-58360 GeoServer is vulnerable to an Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature

GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External Entity XXE vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap...