CVE-2025-12204

A security vulnerability has been detected in Kamailio 5.5. Impacted is the function rvedestroy of the file src/core/rvalue.c of the component Configuration File Handler. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed...

CVE-2025-12206

A flaw has been found in Kamailio 5.5. The impacted element is the function rveisconstant of the file src/core/rvalue.c. This manipulation causes null pointer dereference. The attack needs to be launched locally. The exploit has been published and may be used. It is still unclear if this...

CVE-2025-9158

The Request Tracker software is vulnerable to a Stored XSS vulnerability in calendar invitation parsing feature, which displays invitation data without HTML sanitization. XSS vulnerability allows an attacker to send a specifically crafted e-mail enabling JavaScript code execution by displaying th...

thunderbird: firefox: Memory safety bugs

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corrupti...

CVE-2024-45780 affecting package grub2 for versions less than 2.06-15

CVE-2024-45780 affecting package grub2 for versions less than 2.06-15. A patched version of the package is available...

CVE-2025-59375 affecting package expat for versions less than 2.6.4-2

CVE-2025-59375 affecting package expat for versions less than 2.6.4-2. A patched version of the package is available...

CVE-2022-50576

In the Linux kernel, the following vulnerability has been resolved: serial: pch: Fix PCI device refcount leak in pchrequestdma As comment of pcigetslot says, it returns a pcidevice with its refcount increased. The caller must decrement the reference count by calling pcidevput. Since 'dmadev' is...

GHSA-M68Q-4HQR-MC6F vulnerabilities

Vulnerabilities for packages: falco...

CVE-2025-11411

NLnet Labs Unbound up to and including version 1.24.1 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive DNS replies in the authority section can be used to trick resolvers to update their delegation information for the zone. Usually these RRSets are...

ROS-20251022-01

Authentication and authorization module for Apache 2.x HTTP server Modauthopenidc vulnerability is related to an information disclosure. Exploitation of the vulnerability allows an attacker acting remotely to disclose protected information...

CVE-2025-62641

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

CVE-2025-9648 affecting package ceph for versions less than 16.2.10-10

CVE-2025-9648 affecting package ceph for versions less than 16.2.10-10. A patched version of the package is available...

CVE-2025-59438

Mbed TLS through 3.6.4 has an Observable Timing Discrepancy...

CVE-2025-11678

Stack-based Buffer Overflow in lwsadnsparselabel in warmcat libwebsockets allows, when the LWSWITHSYSASYNCDNS flag is enabled during compilation, to overflow the labelstack, when the attacker is able to sniff a DNS request in order to craft a response with a matching id containing a label longer...

ROS-20251020-01

Vulnerability in open source external resource management software Terraform is associated with an incorrect restriction on the path name of a restricted directory. Exploitation of the vulnerability could allow an attacker to download arbitrary files...

SUSE CVE-2025-60361

radare2 v5.9.8 and before contains a memory leak in the function bochsopen...

CVE-2025-60360

radare2 v5.9.8 and before contains a memory leak in the function r2rsubprocessinit...

CVE-2025-62375 vulnerabilities

Vulnerabilities for packages: tekton-chains, tkn...

GHSA-RCV9-QM8P-9P6J vulnerabilities

Vulnerabilities for packages: text-generation-inference...

CVE-2025-62490

In quickjs, in jsprintobject, when printing an array, the function first fetches the array length and then loops over it. The issue is, printing a value is not side-effect free. An attacker-defined callback could run during jsprintvalue, during which the array could get resized and len1 become ou...