CVE-2025-59344 AliasVault Vulnerable to Server-Side Request Forgery via Favicon Extraction

AliasVault is a privacy-first password manager with built-in email aliasing. A server-side request forgery SSRF vulnerability exists in the favicon extraction feature of AliasVault API versions 0.23.0 and lower. The extractor fetches a user-supplied URL, parses the returned HTML, and follows...

CVE-2025-54572

CVE-2025-54572 is a DoS in the Ruby SAML library used for SAML client-side assertions. The initial description states affected versions are ≤1.18.0 with a fix in 1.18.1. A Debian LTS advisory confirms a patch and provides a Debian-specific fix version (1.11.0-1+deb11u3) and recommends upgrading t...