RHSA-2025:12769 Red Hat Security Advisory: redis:6 security update

Bulletin has no description...

RHSA-2025:12520 Red Hat Security Advisory: unbound security update

Bulletin has no description...

RHSA-2025:12519 Red Hat Security Advisory: python-requests security update

Bulletin has no description...

BIT-VAULT-2025-6015 Vault Login MFA Bypass of Rate Limiting and TOTP Code Reuse

Vault and Vault Enterprise’s “Vault” login MFA rate limits could be bypassed and TOTP tokens could be reused. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

PT-2025-32006 · Unknown · Janssen Project

Name of the Vulnerable Software and Affected Versions: Janssen Project versions 1.9.0 and below Description: The Janssen Project, an open-source identity and access management IAM platform, stores passwords in plaintext in the local cli cmd.log file. Recommendations: Update to a version later tha...

PT-2025-31944 · Roche Diagnostics · Navify Monitoring

Name of the Vulnerable Software and Affected Versions: Roche Diagnostics navify Monitoring versions prior to 1.08.00 Description: An improper input validation issue exists in Roche Diagnostics navify Monitoring. An attacker can manipulate input data, potentially leading to a denial of service DoS...

PT-2025-32003 · Fiber · Fiber

Name of the Vulnerable Software and Affected Versions: Fiber versions 2.52.8 and below Description: Fiber is an Express inspired web framework written in Go. When using Fiber's Ctx.BodyParser to parse form data containing a large numeric key that represents a slice index e.g., test.18446744073704...

PT-2025-31941 · Firstnum · Firstnum Jc21A-04

Name of the Vulnerable Software and Affected Versions: FIRSTNUM JC21A-04 devices versions through 2.01ME/FN Description: An issue allows authenticated attackers to execute arbitrary OS system commands with root privileges via crafted payloads to the xml action.cgi?method= endpoint. Recommendation...

PT-2025-31973 · Seacms · Seacms

Name of the Vulnerable Software and Affected Versions: seacms versions prior to 13.2 Description: The software contains a cross site scripting issue. The issue is located in the vid parameter within the path Upload/js/player/dmplayer/player. Recommendations: Update seacms to version 13.2 or later...

WordPress Download Counter plugin <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via name Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via name Parameter vulnerability discovered by Gilang in WordPress Plugin Download Counter versions = 1.3...

GHSA-X56V-X2H6-7J34 Claude Code echo command allowed bypass of user approval prompt for command execution

Due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. Users on standard Claude Code auto-update...

GHSA-PMW4-PWVC-3HX2 Claude Code Research Preview has a Path Restriction Bypass which could allow unauthorized file access

Due to a path validation flaw using prefix matching instead of canonical path comparison, it was possible to bypass directory restrictions and access files outside the CWD. Successful exploitation depends on the presence of or ability to create a directory with the same prefix as the CWD and the...

CVE-2025-49832

A flaw was found in Asterisk. This vulnerability allows a remote attacker to trigger an application-level denial of service or potentially achieve remote code execution due to an unchecked resource consumption vulnerability in the Asterisk core. This condition is triggered by processing a special...

CVE-2025-54792

LocalSend is an open-source app to securely share files and messages with nearby devices over local networks without needing an internet connection. In versions 1.16.1 and below, a critical Man-in-the-Middle MitM vulnerability in the software's discovery protocol allows an unauthenticated attacke...

Security Bulletin: NVIDIA Triton Inference Server - August 2025

NVIDIA has released a software update for NVIDIA Triton Inference Server to address the issue disclosed in this bulletin. To protect your system, install the latest release from the Triton Inference Server Releases page on GitHub, and view the Secure Deployment Considerations Guide. Go to NVIDIA...

Amazon Linux 2 : firefox (ALASFIREFOX-2025-041)

The version of firefox installed on the remote host is prior to 128.13.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2025-041 advisory. On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT,...

Advisory ROSA-SA-2025-2912

software: mosquitto 2.0.20 WASP: ROSA-CHROME unaffected versions = mosquitto-2.0.20-1 affected versions mosquitto-2.0.20-1 CVE-ID: CVE-2024-3935 BDU-ID: 2024-09880 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Eclipse Mosquitto message broker is related to memory re-release. Exploitation of th...

CVE-2025-54792

LocalSend is an open-source app to securely share files and messages with nearby devices over local networks without needing an internet connection. In versions 1.16.1 and below, a critical Man-in-the-Middle MitM vulnerability in the software's discovery protocol allows an unauthenticated attacke...

Security Bulletin: Outbound Email for SOAR App is using a component with a known vulnerability (CVE-2025-27516)

Summary The Outbound Email for SOAR App uses an older version of the jinja template library that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to Outbound Email for SOAR version 2.1.4 or later. Vulnerabilit...

Hashicorp Vault has Incorrect Validation for Non-CA Certificates

Vault and Vault Enterprise “Vault” TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as +trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/certcertificate. In this configuration, an attacker may be able to...