CVE-2025-59949

FreshRSS is a free, self-hostable RSS aggregator. Versions prior to 1.27.1 have a logout cross-site request forgery vulnerability that can lead to denial of service via . Version 1.27.1 patches the issue...

FreshRSS 安全漏洞

FreshRSS is a free, self-hosted RSS aggregator from FreshRSS Open Source. A security vulnerability exists in FreshRSS versions prior to 1.27.1, which stems from a cross-site request forgery vulnerability in the logout feature that could lead to a denial of service attack...

CVE-2025-65036

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to 1.27.1, the macro executes Velocity from the details pages without checking for permissions, which can lead to remote code execution. This vulnerability is fixed in 1.27.1...

DEBIAN-CVE-2024-6383

The bsonstringappend function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue affects libbson versions prior to 1.27.1...

libpangoft2 segfaults on forged font files

Array index error in the hbotlayoutbuildglyphclasses function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service application crash via a crafted font file, related to building a synthetic Glyph Definition aka GDEF table by usin...