ALSA-2025:16116 Moderate: gnutls security, bug fix, and enhancement update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: Vulnerability in GnuTLS certtool template parsing CVE-2025-32990 gnutls: Vulnerability in GnuTLS SCT extension...

CVE-2025-59161

CVE-2025-59161 affects Element Web and Element Desktop prior to 1.11.112. The issue stems from insufficient validation of room predecessor links, which could allow a remote attacker to impermanently replace a room’s entry in the room list with an attacker-supplied room. The effect is described as...

Security Bulletin: IBM ICCSAP cross site scripting vulnerablity fix.

Summary Vulnerability were disclosed part of Cross Site Scripting With PDF Vulnerability Details CVEID:CVE-2024-4367 DESCRIPTION: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox 126,...

PT-2025-38060

Name of the Vulnerable Software and Affected Versions: Linkr versions through 2.0.0 Description: Linkr is a lightweight file delivery system that downloads files from a webserver. Linkr does not verify the integrity or authenticity of .linkr manifest files before using their contents, allowing a...

psPAS does not enforce TLS 1.2 within Get-PASSAMLResponse

RISK EVALUATION psPAS is a PowerShell module for the CyberArk API. psPAS does not explicitly enforce TLS 1.2 when using the 'Get-PASSAMLResponse' function. An unauthenticated attacker in a 'Man-in-the-Middle' position could manipulate the TLS handshake and downgrade TLS to a deprecated protocol...

RHSA-2025:15728 Red Hat Security Advisory: aide security update

Bulletin has no description...

PT-2025-37425

Name of the Vulnerable Software and Affected Versions ImageIO affected versions not specified Description An issue exists in ImageIO that could allow for arbitrary code execution through maliciously crafted images. This issue was actively exploited. The vulnerability does not provide access to...

CVE-2025-58764

Claude Code is an agentic coding tool. Due to an error in command parsing, versions prior to 1.0.105 were vulnerable to a bypass of the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claud...

RHSA-2025:15643 Red Hat Security Advisory: Satellite 6.15.5.4 Async Update

Bulletin has no description...

DSA-5998-1 cups - security update

Bulletin has no description...

RHSA-2020:4058 Red Hat Security Advisory: virt:rhel security update

Bulletin has no description...

CVE-2025-55317

CVE-2025-55317 concerns Microsoft AutoUpdate (MAU) and its elevation of privilege via improper link resolution before file access ("link following"). Affected: MAU components on macOS; vulnerability allows an authorized local attacker to escalate privileges. Root cause: improper link resolution b...

Advisory ROSA-SA-2025-2983

software: qt6-qtbase 6.8.3 OS: ROSA-CHROME unaffected versions = qt6-qtbase-6.8.3-3 affected versions qt6-qtbase-6.8.3-3 CVE-ID: CVE-2025-5455 BDU-ID: 2025-06498 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the qDecodeDataUrl function of the QtCore module of the QtCore cross-platform software...

PT-2025-36567

Name of the Vulnerable Software and Affected Versions: Tautulli versions prior to 2.16.0 Description: Tautulli is a Python-based monitoring and tracking tool for Plex Media Server. The /image API endpoint is vulnerable to path traversal, allowing unauthenticated attackers to read arbitrary files...

MCP Inspector is Vulnerable to Potential Command Execution via XSS When Connecting to an Untrusted MCP Server

An XSS flaw exists in the MCP Inspector local development tool when it renders a redirect URL returned by a remote MCP server. If the Inspector connects to an untrusted server, a crafted redirect can inject script into the Inspector context and, via the built-in proxy, be leveraged to trigger...

RHSA-2025:15436 Red Hat Security Advisory: thunderbird security update

Bulletin has no description...

JVN#75307484: RICOH Streamline NX vulnerable to tampering with operation history

RICOH Streamline NX provided by Ricoh Company, Ltd. contains the following vulnerability. Use of Less Trusted Source CWE-348 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 2.3 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score 3.1 CVE-2025-58422 Impact If an...

PT-2025-36620

An XSS issue was reported in the MCP Inspector local development tool when connecting to an untrusted remote MCP server with a malicious redirect URI. This could be leveraged to interact directly with the inspector proxy to trigger arbitrary command execution. Users are advised to update to 0.16....

Obsidian GitHub Copilot Plugin stores sensitive information in cleartext

Overview Obsidian GitHub Copilot Plugin provided by Pierre-Adrien Vasseur is vulnerable to the following vulnerability. Cleartext storage of sensitive information CWE-312 - CVE-2025-58401 Rui Nakajima reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

CVE-2025-30277

An improper certificate validation vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: Qsync Central...