CVE-2025-54593

FreshRSS is a free, self-hostable RSS aggregator. In versions 1.26.1 and below, an authenticated administrator user can execute arbitrary code on the FreshRSS server by modifying the update URL to one they control, and gain code execution after running an update. After successfully executing code...

CVE-2025-53009

MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In versions 1.39.2 and below, when parsing an MTLX file with multiple nested nodegraph implementations, the MaterialX XML parsing logic can potentially crash due to stac...

CVE-2025-48074 OpenEXR's Unbounded File Header Values can Lead to Out-Of-Memory Errors

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, applications trust unvalidated dataWindow size values from file headers, which can lead to excessive memory allocation and performance...

RHSA-2025:12361 Red Hat Security Advisory: firefox security update

Bulletin has no description...

RHSA-2025:12353 Red Hat Security Advisory: firefox security update

Bulletin has no description...

RHSA-2025:12360 Red Hat Security Advisory: firefox security update

Bulletin has no description...

PT-2025-31707

Name of the Vulnerable Software and Affected Versions: @nestjs/devtools-integration versions 0.2.0 and below Description: A critical Remote Code Execution RCE vulnerability exists in the @nestjs/devtools-integration package. When enabled, the package exposes a local development HTTP server with a...

PT-2025-31680 · Hashicorp · Vault +1

Name of the Vulnerable Software and Affected Versions: Vault versions prior to 1.20.1 Vault Enterprise versions prior to 1.20.1, 1.19.7, 1.18.12, and 1.16.23 Description: Vault and Vault Enterprise’s login MFA rate limits could be bypassed, and TOTP tokens could be reused. Recommendations: Update...

CVE-2025-48073 OpenEXR ScanLineProcess::run_fill NULL Pointer Write In "reduceMemory" Mode

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, when reading a deep scanline image with a large sample count in reduceMemory mode, it is possible to crash a target application with a...

CVE-2025-27514

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 9.5.0 through 10.0.18, a technician can use a malicious payload to trigger a stored XSS on the project's kanban. This is fixed in version 10.0.1...

CVE-2025-54589

Copyparty is a portable file server. In versions 1.18.6 and below, when accessing the recent uploads page at /?ru, users can filter the results using an input field at the top. This field appends a filter parameter to the URL, which reflects its value directly into a block without proper escaping...

CGA-W886-Q38X-5PVW

Bulletin has no description...

RHSA-2025:12332 Red Hat Security Advisory: icu security update

Bulletin has no description...

RHSA-2025:12282 Red Hat Security Advisory: jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base security update

Bulletin has no description...

Apache JSPWiki Cross-Site Scripting (XSS) Vulnerability in the Image Plugin

A carefully crafted request using the Image plugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.3 or later...

BIT-DISCOURSE-2025-53102 Discourse's WebAuthn challenge isn't cleared from user session after authentication

Discourse is an open-source community discussion platform. Prior to version 3.4.7 on the stable branch and version 3.5.0.beta.8 on the tests-passed branch, upon issuing a physical security key for 2FA, the server generates a WebAuthn challenge, which the client signs. The challenge is not cleared...

MINI-C6XF-MR69-5H53

Bulletin has no description...

PT-2025-31585 · Openexr · Openexr

Name of the Vulnerable Software and Affected Versions: OpenEXR versions 3.3.0 through 3.3.2 Description: OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. A heap-based buffer overflow occurs during a...

PT-2025-31591 · Materialx · Materialx

Name of the Vulnerable Software and Affected Versions: MaterialX versions prior to 1.39.3 Description: MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. When parsing shader nodes in a MTLX file, the MaterialXCore code...

WordPress WP Modal Popup with Cookie Integration Plugin plugin <= 2.4 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Que Thanh Tuan Blue Rock in WordPress Plugin WP Modal Popup with Cookie Integration versions = 2.4...