EUVD-2023-52305

Malicious code in bioql PyPI...

EUVD-2025-5099

Malicious code in bioql PyPI...

EUVD-2023-43234

Malicious code in bioql PyPI...

EUVD-2023-28821

Malicious code in bioql PyPI...

CVE-2025-59829

CVE-2025-59829 affects Claude Code (Anthropic) prior to version 1.0.120. The root cause is improper handling of symbolic links when evaluating permission-deny rules, enabling a user-denied file to be accessed via a symlink pointing to that file. The issue is fixed in 1.0.120. Impact is exposure o...

CVE-2025-59829 Claude Code: Permission deny bypass is possible through symlink

Claude Code is an agentic coding tool. Versions below 1.0.120 failed to account for symlinks when checking permission deny rules. If a user explicitly denied Claude Code access to a file and Claude Code had access to a symlink pointing to that file, it was possible for Claude Code to access the...

[SECURITY] [DSA 6018-1] gegl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6018-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 03, 2025 https://www.debian.org/security/faq -...

A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability. NOTE: The real existence of this vulnerability is still doubted at the moment. The inputs that induce this vulnerability are basically addresses of the running application that is built with gmon enabled. It's basically trusted input or input that needs an actual security flaw to be compromised or controlled.

...

PT-2025-40954

Name of the Vulnerable Software and Affected Versions HAProxy versions prior to 2.6.12-1+deb12u3 HAProxy versions prior to 3.0.11-1+deb13u1 HAProxy version 3.0.8-1ubuntu1.2 Description HAProxy is susceptible to a denial of service condition when parsing specific JSON numbers. An attacker could...

CVE-2025-38626 affecting package kernel for versions less than 6.6.104.2-1

CVE-2025-38626 affecting package kernel for versions less than 6.6.104.2-1. An upgraded version of the package is available that resolves this issue...

Malicious Package

Overview plonkscript-ui-project is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

RHEL 8 / 9 : OpenShift Container Platform 4.16.49 (RHSA-2025:16724)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:16724 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private...

Security Bulletin: due to the use of Apache Tomcat, IBM webMethods developer portal is affected by Multiple Vulnerabilities

Summary Multiple vulnerabilities in ApacheTomcat have been addressed in IBM webMethods developer portal Vulnerability Details CVEID:CVE-2023-46589 DESCRIPTION: Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from...

[SECURITY] [DLA 4314-1] python-internetarchive security update

Debian LTS Advisory DLA-4314-1 [email protected] https://www.debian.org/lts/security/ Daniel Leidert September 30, 2025 https://wiki.debian.org/LTS Package : python-internetarchive Version : 1.9.9-1+deb11u1 CVE ID : CVE-2025-58438 Debian Bug : 1114635 A vulnerability has been discovered...

Medium: perl-JSON-XS

Issue Overview: JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact CVE-2025-40928 Affected Packages: perl-JSON-XS Issue Correction: Run dnf update perl-JSON-XS --releasev...

CVE-2025-11046

A security flaw has been discovered in Tencent WeKnora 0.1.0. This impacts the function testEmbeddingModel of the file /api/v1/initialization/embedding/test. The manipulation of the argument baseUrl results in server-side request forgery. The attack can be launched remotely. The exploit has been...

CVE-2025-11046

A security flaw has been discovered in Tencent WeKnora 0.1.0. This impacts the function testEmbeddingModel of the file /api/v1/initialization/embedding/test. The manipulation of the argument baseUrl results in server-side request forgery. The attack can be launched remotely. The exploit has been...

CVE-2025-11046 Tencent WeKnora test testEmbeddingModel server-side request forgery

A security flaw has been discovered in Tencent WeKnora 0.1.0. This impacts the function testEmbeddingModel of the file /api/v1/initialization/embedding/test. The manipulation of the argument baseUrl results in server-side request forgery. The attack can be launched remotely. The exploit has been...

CVE-2025-11046

CVE-2025-11046 affects Tencent WeKnora 0.1.0. The vulnerability resides in the testEmbeddingModel function under /api/v1/initialization/embedding/test, where manipulating the baseUrl argument can trigger server-side request forgery (SSRF) and may be exploited remotely. The exploit has been releas...

CVE-2025-11031 DataTables examples.php path traversal

A flaw has been found in DataTables up to 1.10.13. The affected element is an unknown function of the file /examples/resources/examples.php. This manipulation of the argument src causes path traversal. It is possible to initiate the attack remotely. The exploit has been published and may be used...