SUSE-SU-2026:0828-1 Security update for python-Authlib

This update for python-Authlib fixes the following issues: - CVE-2025-68158: Fixed 1-click account takeover in applications that use the Authlib library bsc1256414...

EUVD-2025-206240

muffon is a cross-platform music streaming client for desktop. Versions prior to 2.3.0 have a one-click Remote Code Execution RCE vulnerability in. An attacker can exploit this issue by embedding a specially crafted muffon:// link on any website they control. When a victim visits the site or clic...

EUVD-2025-24161

Malicious code in bioql PyPI...

CVE-2025-55733

DeepChat is a smart assistant that connects powerful AI to your personal world. DeepChat before 0.3.1 has a one-click remote code execution vulnerability. An attacker can exploit this vulnerability by embedding a specially crafted deepchat: URL on any website, including a malicious one they...

CVE-2025-54063

CVE-2025-54063 affects Cherry Studio desktop client (versions 1.4.8–1.5.0) due to improper handling of custom URLs, enabling remote code execution when a user clicks a crafted link or visits a malicious site. The underlying vulnerability is triggered by the app’s custom URL handler, leading to co...