CVE-2025-10729 affecting package qtsvg for versions less than 6.6.1-3

CVE-2025-10729 affecting package qtsvg for versions less than 6.6.1-3. A patched version of the package is available...

GHSA-C2HV-4PFJ-MM2R vulnerabilities

Vulnerabilities for packages: argo-workflows, kubeflow-pipelines...

thunderbird: firefox: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This...

GHSA-R657-RXJC-J557 vulnerabilities

Vulnerabilities for packages: ruby3.3-rack, ruby3.2-rack, ruby4.0-rack, ruby3.2-rails, logstash, kube-fluentd-operator, ruby3.3-rails, ruby3.4-rails, ruby3.4-rack...

CVE-2025-39974

In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix slab-out-of-bounds in parseintegerlimit When config osnoise cpus by write syscall, the following KASAN splat may be observed: BUG: KASAN: slab-out-of-bounds in parseintegerlimit+0x103/0x130 Read of size 1 at...

CVE-2025-54278

Bridge versions 14.1.8, 15.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that ...

CVE-2025-61911 vulnerabilities

Vulnerabilities for packages: awx...

CVE-2025-11715

Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox...

CVE-2025-11731

A flaw was found in the exsltFuncResultComp function of libxslt, which handles EXSLT elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads...

CVE-2025-11731

A flaw was found in the exsltFuncResultComp function of libxslt, which handles EXSLT elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads...

CVE-2025-9648 affecting package ceph for versions less than 18.2.2-11

CVE-2025-9648 affecting package ceph for versions less than 18.2.2-11. A patched version of the package is available...

webkitgtk: Processing maliciously crafted web content may lead to memory corruption

A flaw was found in WebKitGTK. Processing malicious web content can cause memory corruption due to improper memory handling...

CVE-2025-39964

In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - Disallow concurrent writes in afalgsendmsg Issuing two writes to the same afalg socket is bogus as the data will be interleaved in an unpredictable fashion. Furthermore, concurrent writes may create inconsistencie...

GHSA-RWVP-R38J-9RGG vulnerabilities

Vulnerabilities for packages: syft, k9s, chezmoi, zarf, wolfictl, mattermost, nuclei, kots, gitleaks, trufflehog, grype, undock, gptscript, kubescape, filebrowser...

GHSA-WR9H-G72X-MWHM vulnerabilities

Vulnerabilities for packages: tritonserver-backend-vllm-cuda-12.9, py3-vllm-cuda-12.4...

CVE-2025-6242 vulnerabilities

Vulnerabilities for packages: tritonserver-backend-vllm-cuda-12.9, py3-vllm-cuda-12.4...

[SECURITY] Fedora 41 Update: cri-o1.32-1.32.9-1.fc41

Open Container Initiative-based implementation of Kubernetes Container Runtime Interface...

CVE-2025-52885

Poppler ia a library for rendering PDF files, and examining or modifying their structure. A use-after-free write vulnerability has been detected in versions Poppler prior to 25.10.0 within the StructTreeRoot class. The issue arises from the use of raw pointers to elements of a std::vector, which...

[SECURITY] Fedora 42 Update: ibus-bamboo-0.8.4~RC6-2.fc42

A Vietnamese IME for IBus using Bamboo Engine. The open source Vietnamese keyboard supports most common encodings, popular Vietnamese typing methods, smart diacritics, spell checking, shortcuts,...

GHSA-M42M-M8CR-8M58 vulnerabilities

Vulnerabilities for packages: open-webui, py3-langchain-text-splitters...