AWS Outage: Lessons Learned

What can we learn from the recent AWS outage, and how can we apply those lessons to our own infrastructure? What Happened? On October 20, 2025 , AWS experienced a major disruption that rippled across the internet and social media, affecting widely used services such as Zoom, Microsoft Teams, Slac...

CVE-2025-61752

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle WebLogic Server...

Unspecified Vulnerability in Apache StreamPark (CNVD-2025-24728)

Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. Apache StreamPark has a security vulnerability that can be exploited by attackers to cause confidentiality, integrity and availability to be compromised...

ChurchCRM Authentication Error Vulnerability

ChurchCRM is ChurchCRM open source an open source CRM system for churches. ChurchCRM 5.18.0 and earlier versions have an authentication error vulnerability that stems from a lack of authentication in the AuthMiddleware function in the API Endpoint component, which can be exploited by an attacker ...

This Week in Spring - October 21st, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm writing this from the fantastic Vaadin Create conference here in Frankfurt, Germany. What an amazing show and community. Since we last spoke, I have been in Boston; New York city; Sofia, Bulgaria; Krakow, Poland; and now...

OPENSUSE-SU-2025:15650-1 ImageMagick-7.1.2.7-1.1 on GA media

These are all security issues fixed in the ImageMagick-7.1.2.7-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15652-1 cargo-audit-advisory-db-20251021-1.1 on GA media

These are all security issues fixed in the cargo-audit-advisory-db-20251021-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15653-1 fetchmail-6.5.6-1.1 on GA media

These are all security issues fixed in the fetchmail-6.5.6-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15656-1 sccache-0.12.0~1-1.1 on GA media

These are all security issues fixed in the sccache-0.12.01-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15651-1 binutils-2.45-1.2 on GA media

These are all security issues fixed in the binutils-2.45-1.2 package on the GA media of openSUSE Tumbleweed...

JLSEC-2025-121 An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks chec...

An issue was discovered in the FFmpeg package, where vp3decodeframe in libavcodec/vp3.c lacks check of the return value of avmalloc and will cause a null pointer dereference, impacting availability...

ctdb-4.22.5+git.431.dc5a539f124-1.1 on GA media (moderate)

ctdb-4.22.5+git.431.dc5a539f124-1.1 on GA media Announcement ID: openSUSE-SU-2025:15649-1 Rating: moderate Cross-References: CVE-2025-10230 CVE-2025-9640 CVSS scores: CVE-2025-10230 SUSE : 10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2025-9640 SUSE : 4.3...

OPENSUSE-SU-2025:15649-1 ctdb-4.22.5+git.431.dc5a539f124-1.1 on GA media

These are all security issues fixed in the ctdb-4.22.5+git.431.dc5a539f124-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15648-1 libpoppler-cpp2-25.09.1-2.1 on GA media

These are all security issues fixed in the libpoppler-cpp2-25.09.1-2.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15647-1 ollama-0.12.6-1.1 on GA media

These are all security issues fixed in the ollama-0.12.6-1.1 package on the GA media of openSUSE Tumbleweed...

JLSEC-2025-70 A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors wh...

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest...

JLSEC-2025-72 There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this...

CVE-2025-6894

An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in the API authorization logic of the affected device allows an authenticated, low-privileged user to execute the administrative ping function, which is restricted ...

CVE-2025-6894

An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in the API authorization logic of the affected device allows an authenticated, low-privileged user to execute the administrative ping function, which is restricted ...

CVE-2025-6894

CVE-2025-6894 is a documented API authorization flaw in Moxa network security appliances/routers that allows a low-privileged, authenticated user to execute an administrative ping, potentially enabling internal network reconnaissance and limited impact to device confidentiality/availability. Rela...