CVE-2025-64326 Weblate leaks the IP of project members inviting users to assume reviewer roles in Audit log

Weblate is a web based localization tool. In versions 5.14 and below, Weblate leaks the IP address of the project member inviting the user to the project in the audit log. The audit log includes IP addresses from admin-triggered actions, which can be viewed by invited users. This issue is fixed i...

BIT-GITLAB-2025-11702 Missing Authorization in GitLab

GitLab has remediated an issue in EE affecting all versions from 17.1 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker with specific permissions to hijack project runners from other projects...

EUVD-2025-37859

MARIN3R is a lightweight, CRD based envoy control plane for kubernetes. In versions 0.13.3 and below, there is a cross-namespace secret access vulnerability in the project's DiscoveryServiceCertificate which allows users to bypass RBAC and access secrets in unauthorized namespaces. This issue is...

CVE-2025-54496

A maliciously crafted project file may cause a heap-based buffer overflow in Fuji Electric Monitouch V-SFT-6, which may allow the attacker to execute arbitrary code...

CVE-2025-62520

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.27.1 and below, due to insufficient access-level checks, any non-admin user with access to manageconfigcolumnspage.php can use the Copy From action to retrieve the columns configuration from a private project they have no...

CVE-2025-54526

Fuji Electric Monitouch V-SFT-6 is vulnerable to a stack-based buffer overflow while processing a specially crafted project file, which may allow an attacker to execute arbitrary code...

youki container escape via "masked path" abuse due to mount race conditions

Impact youki utilizes bind mounting the container's /dev/null as a file mask. When performing this operation, the initial validation of the source /dev/null was insufficient. Specifically, we initially failed to verify whether /dev/null was genuinely present. However, we did perform validation to...

GO-2025-4022 Omni vulnerable to information leak via API in github.com/siderolabs/omni

Omni vulnerable to information leak via API in github.com/siderolabs/omni...

GO-2025-4002 Canonical LXD Project Existence Determination Through Error Handling in Image Export Function in github.com/canonical/lxd

Canonical LXD Project Existence Determination Through Error Handling in Image Export Function in github.com/canonical/lxd...

GO-2025-4005 Canonical LXD Project Existence Determination Through Error Handling in Image Get Function in github.com/canonical/lxd

Canonical LXD Project Existence Determination Through Error Handling in Image Get Function in github.com/canonical/lxd...

[SECURITY] Fedora 43 Update: rust-reqsign-aws-v4-2.0.0-1.fc43

AWS SigV4 signing implementation for reqsign...

MantisBT < 2.27.2 Unauthorized Disclosure (GHSA-g582-8vwr-68h2)

The version of MantisBT installed on the remote host is prior to 2.27.2. It is, therefore, affected by a vulnerability as referenced in the GHSA-g582-8vwr-68h2 advisory. - Due to insufficient access-level checks, any non-admin user having access to manageconfigcolumnspage typically project manage...

CVE-2025-62520

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.27.1 and below, due to insufficient access-level checks, any non-admin user with access to manageconfigcolumnspage.php can use the Copy From action to retrieve the columns configuration from a private project they have no...

CVE-2025-54496

A maliciously crafted project file may cause a heap-based buffer overflow in Fuji Electric Monitouch V-SFT-6, which may allow the attacker to execute arbitrary code...

CVE-2025-54526

Fuji Electric Monitouch V-SFT-6 is vulnerable to a stack-based buffer overflow while processing a specially crafted project file, which may allow an attacker to execute arbitrary code...

CVE-2025-54526

Fuji Electric Monitouch V-SFT-6 is vulnerable to a stack-based buffer overflow while processing a specially crafted project file, which may allow an attacker to execute arbitrary code...

CVE-2025-54526 Fuji Electric Monitouch V-SFT-6 Stack-based Buffer Overflow

Fuji Electric Monitouch V-SFT-6 is vulnerable to a stack-based buffer overflow while processing a specially crafted project file, which may allow an attacker to execute arbitrary code...

CVE-2025-54526

CVE-2025-54526 concerns Fuji Electric Monitouch V-SFT-6/V-SFT with a stack-based buffer overflow in parsing crafted project/V7 files, leading to remote code execution . ZDI advisories describe the flaw as a lack of proper validation of the length of user-supplied data before copying it into a fix...

CVE-2025-54526 Fuji Electric Monitouch V-SFT-6 Stack-based Buffer Overflow

Fuji Electric Monitouch V-SFT-6 is vulnerable to a stack-based buffer overflow while processing a specially crafted project file, which may allow an attacker to execute arbitrary code...

CVE-2025-54496 Fuji Electric Monitouch V-SFT-6 Heap-based Buffer Overflow

A maliciously crafted project file may cause a heap-based buffer overflow in Fuji Electric Monitouch V-SFT-6, which may allow the attacker to execute arbitrary code...