RLSA-2025:8816 Important: .NET 9.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.107 and .NET Runtime 9.0.6.Securi...

MAL-2025-47574 Malicious code in @discord-external/activity-iframe-sdk (npm)

The package @discord-external/activity-iframe-sdk was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: google-open-source-security c4df7af2ceae80fdc052edf95094a378287786ae21cfec9a6104a2af2b1d9b98 This package installs a dependency hosted on a cust...

CVE-2025-57324

parse is a package designed to parse JavaScript SDK. A Prototype Pollution vulnerability in the SingleInstanceStateController.initializeState function of parse version 5.3.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of...

Cloudflare Workers SDK 信息泄露漏洞

Cloudflare Workers SDK is an open source developer toolkit for Cloudflare. An information disclosure vulnerability exists in Cloudflare Workers SDK versions prior to 1.6.0, which stems from a default configuration where the local development server exposes all files, potentially leading to the...

DEBIAN-CVE-2025-59160

Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated...

MAL-2025-41591 Malicious code in phone-feature-sdk (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in phone-feature-sdk (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2025-36729 RACOM M!DGE2 Privilege Escalation via SDK Testing Endpoint

A non-primary administrator user with admin rights to the web interface but without shell access permissions can display configuration of the device including the master admin password. This vulnerability also allows the user to give themselves shell access with the root gid...

MAL-2025-26193 Malicious code in mentors-sdk-js (npm)

The package mentors-sdk-js was found to contain malicious code...

Malicious code in kinvey-phonegap-angular-sdk (npm)

The package kinvey-phonegap-angular-sdk was found to contain malicious code...

MAL-2025-33095 Malicious code in shield-sdk (npm)

The package shield-sdk was found to contain malicious code...

CVE-2025-32004

CVE-2025-32004 concerns the Intel Edger8r Tool in the Intel SGX SDK. The issue is caused by improper input validation in the Edger8r Tool, which may permit an authenticated user to escalate privileges via local access. Documented impact indicates privilege escalation with local access, applicable...

CVE-2025-32004

Improper input validation in the Intel Edger8r Tool for some IntelR SGX SDK may allow an authenticated user to potentially enable escalation of privilege via local access...

Linux Distros Unpatched Vulnerability : CVE-2025-37935

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtkethsoc: fix SER panic with 4GB+ RAM If the mtkpollrx function detects the...

Security Bulletin: WebSphere Service Registry and Repository (WSSR) is affected by IBM SDK, Java Technology Edition Quarterly CPU - July 2025 - Includes Oracle July 2025 CPU plus CVE-2025-30754

Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository, and it uses the IBM® Java SDK. Information about the IBM® Java SDK July 2025 CPU is available in a Security Bulletin. Vulnerability Details Refer to the security bulletins listed in the...

Airoha Bluetooth audio SDK 安全漏洞

Airoha Bluetooth audio SDK is a software development kit from Airoha. Airoha Bluetooth audio SDK suffers from a security vulnerability that originates from unauthorized access to the RACE protocol and could result in remote elevation of privilege...

CVE-2025-53541

Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1751892857 and Tuleap Enterprise Edition prior to 16.8-5 and 16.9-3, malicious users with some control over certain artifacts could inser...

CVE-2025-52899

Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1750843170 and Tuleap Enterprise Edition prior to 16.8-4 and 16.9-2, the forgot password form allows for user enumeration. This is fixed ...

CVE-2025-53541

Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1751892857 and Tuleap Enterprise Edition prior to 16.8-5 and 16.9-3, malicious users with some control over certain artifacts could inser...

CVE-2025-53902

Tuleap exposes confidential artifact information to unauthorized users via email notifications. CVE-2025-53902 affects Tuleap Community Edition <16.9.99.1752585665 and Tuleap Enterprise Edition <16.8-6 and