CVE-2025-21627

GLPI is a free asset and IT management software package. In versions prior to 10.0.18, a malicious link can be crafted to perform a reflected XSS attack on the search page. If the anonymous ticket creation is enabled, this attack can be performed by an unauthenticated user. Version 10.0.18 contai...

CVE-2025-1176 affecting package binutils for versions less than 2.41-3

CVE-2025-1176 affecting package binutils for versions less than 2.41-3. A patched version of the package is available...

GHSA-F73R-7G7H-494M vulnerabilities

Vulnerabilities for packages: gitlab-pages, gitlab-cng...

GHSA-X774-V4VM-3H8M vulnerabilities

Vulnerabilities for packages: gitlab-pages, gitlab-cng...

GHSA-8JGF-8R3G-HXH8 vulnerabilities

Vulnerabilities for packages: haproxy...

GHSA-VP7M-M4V3-GXC5 vulnerabilities

Vulnerabilities for packages: openjdk...

GHSA-QF54-2QX8-3VCV vulnerabilities

Vulnerabilities for packages: libspf2, exim...

GHSA-F666-246M-P7MG vulnerabilities

Vulnerabilities for packages: firefox...

GHSA-QP3J-RXH4-Q4H8 vulnerabilities

Vulnerabilities for packages: firefox...

GHSA-C42G-RMXF-64CH vulnerabilities

Vulnerabilities for packages: curl...

GHSA-HJ65-9WFC-JMF4 vulnerabilities

Vulnerabilities for packages: firefox...

GHSA-M77W-6VJW-WH2F vulnerabilities

Vulnerabilities for packages: glibc...

GHSA-XC82-5M89-G4JV vulnerabilities

Vulnerabilities for packages: kind, go, falco...

GHSA-G9M4-VFQ7-W439 vulnerabilities

Vulnerabilities for packages: ghostscript...

GHSA-8XFX-RJ4P-23JM vulnerabilities

Vulnerabilities for packages: hello-world-golang, mods, q, tailscale, mage, slsa-verifier, local-static-provisioner, grafana-alloy, nri-discovery-kubernetes, melange, minio-operator, external-dns, go-licenses, tflint, ip-masq-agent, tempo, nri-kubernetes, buf, protoc-gen-go-grpc, kubebuilder,...

GHSA-X57X-3C65-5F3J vulnerabilities

Vulnerabilities for packages: bind...

CVE-2025-26595

A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size...

CVE-2025-26597

A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey is called with a 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If the same function is later called with a non-zero value of groups, this will cause a buffer overflow because t...

CVE-2025-26601

A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger is called. If one of the changes triggers an error, the function will return...

CVE-2025-0938 affecting package python3 for versions less than 3.9.19-10

CVE-2025-0938 affecting package python3 for versions less than 3.9.19-10. A patched version of the package is available...