739 matches found
CVE-2025-30155 Tuleap does not enforce read permissions on parent trackers in the REST API
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap does not enforce read permissions on parent trackers in the REST API. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742392651 and Tuleap Enterprise Edition 16.5-5 and 16.4-8...
CVE-2025-29766 Tuleap has missing CSRF protections on artifact submission & edition from the tracker view
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap has missing CSRF protections on artifact submission & edition from the tracker view. An attacker could use this vulnerability to trick victims into submitting or editing artifacts or follow-up...
CVE-2025-2975
creationtimestamp| type| source ---|---|--- 2025-03-31 04:54:41+00:00| seen| https://bsky.app/profile/potato.software/post/3llnkvw4tke2r 2025-03-31 07:28:40+00:00| seen| https://t.me/cvedetector/21540 2025-03-31 16:33:26+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/969...
Security Bulletin: IBM Automation Decision Services for Jan 2025 - Multiple CVEs addressed
Summary IBM Automation Decision Services is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed Vulnerability Details CVEID:CVE-2024-3596...
CVE-2025-30355
Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known...
Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities
Summary There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Planning Analytics Workspace. For more information about the vulnerability impact, refer to the table in the "Related Information" section. This Security Bulletin relates only to the direct usage of...
CVE-2025-30355 Synapse vulnerable to federation denial of service via malformed events
Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known...
ALSA-2025:3344 Important: grafana security update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing CVE-2025-30204 For more details about the security issues, including the impact, a CVSS...
Security Bulletin: IBM Controller is affected by vulnerabilities
Summary There are vulnerabilities in IBM® Websphere Application Server Liberty and Open-Source Software OSS components used by IBM Controller. Additionally, IBM Controller is vulnerable to Client-Side Desync CSD CVE-2022-39163. Please refer to the table in the Related Information section for...
Important: Red Hat Security Advisory: libreoffice security update
An update for libreoffice is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
[SECURITY] Fedora 42 Update: chromium-134.0.6998.117-1.fc42
Chromium is an open-source web browser, powered by WebKit Blink...
Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities
Summary There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Planning Analytics Workspace. For more information about the vulnerability impact, refer to the table in the "Related Information" section. This Security Bulletin relates only to the direct usage of...
grafana security update
An update is available for grafana. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Grafana is an open source, feature rich metrics dashboard and graph editor fo...
samba bug fix update
An update is available for samba. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Samba is an open-source implementation of the Server Message Block SMB protocol...
[SECURITY] Fedora 42 Update: chromium-134.0.6998.88-3.fc42
Chromium is an open-source web browser, powered by WebKit Blink...
ALSA-2025:2868 Important: libreoffice security update
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...
[SECURITY] Fedora 40 Update: chromium-134.0.6998.88-1.fc40
Chromium is an open-source web browser, powered by WebKit Blink...
[SECURITY] Fedora 41 Update: chromium-134.0.6998.88-1.fc41
Chromium is an open-source web browser, powered by WebKit Blink...
[SECURITY] Fedora 42 Update: InsightToolkit-4.13.3-26.fc42
ITK is an open-source software toolkit for performing registration and segmentation. Segmentation is the process of identifying and classifying data found in a digitally sampled representation. Typically the sampled representation is an image acquired from such medical instrumentation as CT or MR...
[SECURITY] Fedora 42 Update: dcmtk-3.6.9-2.fc42
DCMTK is a collection of libraries and applications implementing large parts the DICOM standard. It includes software for examining, constructing and converting DICOM image files, handling offline media, sending and receiving images over a network connection, as well as demonstrative image storag...