DEBIAN-CVE-2025-45766

poco v1.14.1-release was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is...

CVE-2025-53544

Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. In versions below 0.97.0, a brute-force protection bypass in the initial sync seed retrieval endpoint allows unauthenticated attackers to guess the login...

CVE-2025-53544 Trilium Notes is Vulnerable to Brute-force Protection Bypass via Initial Sync Seed Retrieval

Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. In versions below 0.97.0, a brute-force protection bypass in the initial sync seed retrieval endpoint allows unauthenticated attackers to guess the login...

CVE-2025-53544 Trilium Notes is Vulnerable to Brute-force Protection Bypass via Initial Sync Seed Retrieval

Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. In versions below 0.97.0, a brute-force protection bypass in the initial sync seed retrieval endpoint allows unauthenticated attackers to guess the login...

CVE-2025-53544 Trilium Notes is Vulnerable to Brute-force Protection Bypass via Initial Sync Seed Retrieval

Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. In versions below 0.97.0, a brute-force protection bypass in the initial sync seed retrieval endpoint allows unauthenticated attackers to guess the login...

CVE-2025-53544

CVE-2025-53544 concerns Trilium Notes prior to 0.97.0, where a brute-force protection bypass in the initial sync seed retrieval endpoint allows unauthenticated attackers to guess the login password without triggering rate limiting. The app is described as a single-user, username-less system, with...

Trilium Notes 安全漏洞

Trilium Notes is a layered notes application by Zadam Personal Developer. It specializes in building large personal knowledge bases. A security vulnerability exists in Trilium Notes versions prior to 0.97.0, which stems from a brute force protection bypass in the initial synchronization seed...

PT-2025-31882 · Unknown · Trilium Notes

Name of the Vulnerable Software and Affected Versions: Trilium Notes versions prior to 0.97.0 Description: Trilium Notes is a cross-platform hierarchical note taking application. A brute-force protection bypass in the initial sync seed retrieval endpoint allows unauthenticated attackers to guess...

The vulnerability of the Notes component in operating systems iPadOS and macOS, which allows a hacker to disclose sensitive information

The vulnerability of the Notes component in iPadOS and macOS systems relates to the disclosure of information through registration files. Exploiting this vulnerability can allow attackers to disclose protected information...

vulnerability-research

This reposit...

CVE-2025-7205

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the donor notes parameter in all versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

SUSE SLES15 Security Update : cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer (SUSE-SU-2025:02554-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:02554-1 advisory. Update to version 1.62.0: Release notes: https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.62.0 Update to version...

Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, cont

This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues: Update to version 1.62.0: Release notes:...

Oracle Linux 10 / 8 / 9 : java-21-openjdk (ELSA-2025-10873)

The remote Oracle Linux 10 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-10873 advisory. 1:21.0.8.0.9-1.0.1 - Add Oracle vendor bug URL Orabug: 34340155 1:21.0.8.0.9-1.1 - Update to jdk-21.0.8+9 GA - Update release notes to 21.0.8...

BIT-GITLAB-2025-4976 Exposure of Sensitive Information Due to Incompatible Policies in GitLab

An issue has been discovered in GitLab EE affecting all versions from 17.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under certain circumstances, could have allowed an attacker to access internal notes in GitLab Duo responses...

java-21-openjdk security update

1:21.0.8.0.9-1.0.1 - Add Oracle vendor bug URL Orabug: 34340155 1:21.0.8.0.9-1.1 - Update to jdk-21.0.8+9 GA - Update release notes to 21.0.8+9 - Switch to GA mode - Sync the copy of the portable specfile with the latest update - This tarball is embargoed until 2025-07-15 @ 1pm PT. - Resolves:...

Important: kernel-livepatch-6.12.29-33.102

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: vxlan: Annotate FDB data races CVE-2025-38037 Affected Packages: kernel-livepatch-6.12.29-33.102 Issue Correction: Please ensure you have live patching enabled. Run dnf update kernel-livepatch-6.12.29-33.102...

SUSE-SU-2025:20510-1 Security update for docker

This update for docker fixes the following issues: - Update to Go 1.24 for builds, to match upstream. - Update to Docker 28.3.2-ce. See upstream changelog online at - Update to Docker 28.3.1-ce. See upstream changelog online at - Update to Docker 28.3.0-ce. See upstream changelog online at...

Important: Red Hat Security Advisory: 7.1 container image is now available in the Red Hat Ecosystem Catalog.

Updated rhceph-7.1 container image is now available in the Red Hat Ecosystem Catalog. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support...

CVE-2025-27800

The Episerver Content Management System CMS by Optimizely was affected by multiple Stored Cross-Site Scripting XSS vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. The Admin dashboard offered the functionality to add gadgets to...