Security update for curl

This update for curl fixes the following issues: CVE-2025-9086: Fixed Out of bounds read for cookie path bsc1249191 CVE-2025-10148: Predictable WebSocket mask bsc1249348 Fix the --ftp-pasv option in curl v8.14.1 bsc1246197 tooloperate: fix return code when --retry is used but not triggered...

Exploit for Origin Validation Error in Edex-Ui_Project Edex-Ui

CVE-2023-30856 Security Patch for eDEX-UI ⚠️ Critical Secu...

Fedora: Security Advisory (FEDORA-2025-97ae15dc56)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 42 : curl (2025-97ae15dc56)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-97ae15dc56 advisory. - Fix Out of bounds read for cookie path CVE-2025-9086 - Fix predictable WebSocket mask CVE-2025-10148 Tenable has extracted the preceding descripti...

SUSE CVE-2025-54376

Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, Hoverfly's admin WebSocket endpoint /api/v2/ws/logs is not protected by the same authentication middleware that guards the REST admin API. Consequently, an unauthenticated remote attacker can stream real-time applicatio...

Jenkins Cross-Site WebSocket Hijacking

A vulnerability exists in Jenkins versions from 2.217 before 2.442 and from LTS 2.222.1 before LTS 2.426.3 allowing an unauthenticated and remote attacker to trick a user authenticated on the target Jenkins instance and perform Jenkins CLI cross-site arbitrary commands through websockets. No sour...

SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2025:03267-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03267-1 advisory. Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to...

Security update for curl

This update for curl fixes the following issues: Security issues fixed: CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer bsc1249191. CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server...

SUSE-SU-2025:03268-1 Security update for curl

This update for curl fixes the following issues: Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer bsc1249191. - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious serv...

Security update for curl

This update for curl fixes the following issues: Security issues fixed: CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer bsc1249191. CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server...

SUSE-SU-2025:03267-1 Security update for curl

This update for curl fixes the following issues: Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer bsc1249191. - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious serv...

GO-2025-3945 WebSocket endpoint `/api/v2/ws/logs` reachable without authentication even when --auth is enabled in github.com/SpectoLabs/hoverfly

WebSocket endpoint /api/v2/ws/logs reachable without authentication even when --auth is enabled in github.com/SpectoLabs/hoverfly...

Important: libsoup

Issue Overview: A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service DoS. CVE-2025-32049 Affected Packages: libsoup Issue Correction: Run dnf update libsoup --releasever...

Linux Distros Unpatched Vulnerability : CVE-2025-10148

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted...

Amazon Linux 2023 : libsoup, libsoup-devel (ALAS2023-2025-1187)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1187 advisory. A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service DoS. CVE-2025-32049 Tenable has...

CVE-2025-10318

A vulnerability was identified in JeecgBoot up to 3.8.2. Affected by this vulnerability is an unknown functionality of the file /api/system/sendWebSocketMsg of the component WebSocket Message Handler. The manipulation of the argument userIds leads to improper authorization. The attack can be...

Linux Distros Unpatched Vulnerability : CVE-2025-30360

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1, webpack-dev-server users' source...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : curl (SUSE-SU-2025:03198-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03198-1 advisory. Update to version 8.14.1 jscPED-13055, jscPED-13056. Security issues fixed: - CVE-2025-0665:...

CVE-2025-54376

Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, Hoverfly’s admin WebSocket endpoint /api/v2/ws/logs is not protected by the same authentication middleware that guards the REST admin API. Consequently, an unauthenticated remote attacker can stream real-time applicatio...

CVE-2025-10318

A vulnerability was identified in JeecgBoot up to 3.8.2. Affected by this vulnerability is an unknown functionality of the file /api/system/sendWebSocketMsg of the component WebSocket Message Handler. The manipulation of the argument userIds leads to improper authorization. The attack can be...