USN-7835-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Ublk userspace block driver; -...

CVE-2025-53052

Vulnerability in the Oracle Workflow product of Oracle E-Business Suite component: Workflow Notification Mailer. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Workflow...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987553)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987553 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: don't BUG if someone dirty pages without asking ext4 first unpinuserpagesremote is dirtying...

GHSA-VFFH-C9PQ-4CRH Uptime Kuma Server-side Template Injection (SSTI) in Notification Templates Allows Arbitrary File Read

Summary In some Notification types e.g., Webhook, Telegram, the send function allows user-controlled renderTemplate input. This leads to a Server-side Template Injection SSTI vulnerability that can be exploited to read arbitrary files from the server. Details The root cause is how Uptime Kuma...

EUVD-2025-35098

Uptime Kuma Server-side Template Injection SSTI in Notification Templates Allows Arbitrary File Read...

Uptime Kuma Server-side Template Injection (SSTI) in Notification Templates Allows Arbitrary File Read

Summary In some Notification types e.g., Webhook, Telegram, the send function allows user-controlled renderTemplate input. This leads to a Server-side Template Injection SSTI vulnerability that can be exploited to read arbitrary files from the server. Details The root cause is how Uptime Kuma...

Malicious Package

Overview notification-layer is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview notification-displayer is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

CVE-2025-59211

Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally...

CVE-2025-59209

Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally...

K000156572: Quarterly Security Notification (October 2025)

Security Advisory Description On October 15, 2025, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associate...

EUVD-2025-34291

Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally...

EUVD-2025-34387

Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally...

CVE-2025-59211

Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally...

CVE-2025-59209

Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally...

CVE-2025-59211

Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally...

CVE-2025-59209

Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally...

CVE-2025-59209

CVE-2025-59209 is listed by NCSC as a vulnerability in Windows Push Notification Core that can lead to unauthorized disclosure of sensitive data locally. The advisory table assigns it a base impact of access to sensitive data (CVSS-like 5.5) with local attack vector. No specific patch/version rem...

CVE-2025-59209 Windows Push Notification Information Disclosure Vulnerability

...

CVE-2025-59209 Windows Push Notification Information Disclosure Vulnerability

...