EUVD-2022-45061

Malicious code in bioql PyPI...

CVE-2025-60661

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the cloneType parameter in the fromAdvSetMacMtuWan function...

PT-2025-40406

Name of the Vulnerable Software and Affected Versions Tenda AC18 version 15.03.05.19 Description The Tenda AC18 version 15.03.05.19 contains a stack overflow issue. This occurs through the cloneType parameter within the fromAdvSetMacMtuWan function. Recommendations At the moment, there is no...

CVE-2025-59531

CVE-2025-59531 affects Argo CD versions 1.2.0–1.8.7, 2.0.0-rc1–2.14.19, and 3.0.0-rc1–3.2.0-rc1, plus 3.1.7 and 3.0.18. The issue arises when the webhook Bitbucket Server payload is malformed and webhook.bitbucketserver.secret is not configured, causing the /api/webhook endpoint to crash and pote...

CVE-2023-53489

In the Linux kernel, the following vulnerability has been resolved: tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp. syzkaller reported 0 memory leaks of an UDP socket and ZEROCOPY skbs. We can reproduce the problem with these sequences: sk = socketAFINET, SOCKDGRAM, 0...

Improper Check or Handling of Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check or Handling of Exceptional Conditions in the /api/webhook endpoint. An attacker can cause the server to crash and disrupt service availability by sending a Bitbucket Server Push event with JSON field repository.links.clon...

Improper Check or Handling of Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check or Handling of Exceptional Conditions in the /api/webhook endpoint. An attacker can cause the server to crash and disrupt service availability by sending a Bitbucket Server Push event with JSON field repository.links.clon...

Improper Check or Handling of Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check or Handling of Exceptional Conditions in the /api/webhook endpoint. An attacker can cause the server to crash and disrupt service availability by sending a Bitbucket Server Push event with JSON field repository.links.clon...

GHSA-F9GQ-PRRC-HRHC Unauthenticated argocd-server panic via a malicious Bitbucket-Server webhook payload

Summary Unpatched Argo CD versions are vulnerable to malicious API requests which can crash the API server and cause denial of service to legitimate clients. With the default configuration, no webhook.bitbucketserver.secret set, Argo CD’s /api/webhook endpoint will crash the entire argocd-server...

PT-2025-40055

Name of the Vulnerable Software and Affected Versions Argo CD versions 1.2.0 through 1.8.7 Argo CD versions 2.0.0-rc1 through 2.14.19 Argo CD versions 3.0.0-rc1 through 3.2.0-rc1 Argo CD version 3.1.7 Argo CD version 3.0.18 Description Argo CD is susceptible to denial of service through malicious...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2025-20632)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-20632 advisory. - cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns Al Viro Orabug: 38453918 CVE-2025-38499 Tenable has extracted the...

realme Clone Phone APP 安全漏洞

realme Clone Phone APP is a data backup and recovery feature from China-based realme realme. A security vulnerability exists in realme Clone Phone APP version 15.1.122810c08250314, which stems from improper handling of the URI scheme in com.coloros.pc.PcToolMainActivity, which could lead to a cra...

Important: ImageMagick

Issue Overview: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, ImageMagick is vulnerable to heap-buffer overflow read around the handling of images with separate alpha channels when performing image magnification in...

SUSE-SU-2025:03151-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2025-55004: Fixed heap buffer over-read in in ReadOneMNGIMage when processing images with separate alpha channels bsc1248076. - CVE-2025-55005: Fixed heap buffer overflow when transforming from Log to sRGB colorspaces bsc1248077. -...

CVE-2025-58763

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. A command injection vulnerability in Tautulli v2.15.3 and prior allows attackers with administrative privileges to obtain remote code execution on the application server. This vulnerability requires the application to...

CVE-2025-58763 Tautulli vulnerable to Authenticated Remote Code Execution via Command Injection

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. A command injection vulnerability in Tautulli v2.15.3 and prior allows attackers with administrative privileges to obtain remote code execution on the application server. This vulnerability requires the application to...

CVE-2025-58763 Tautulli vulnerable to Authenticated Remote Code Execution via Command Injection

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. A command injection vulnerability in Tautulli v2.15.3 and prior allows attackers with administrative privileges to obtain remote code execution on the application server. This vulnerability requires the application to...

CVE-2025-58763

Tautulli (Python-based Plex monitoring) has a command-injection vulnerability affecting v2.15.3 and earlier. The flaw arises when cloning from GitHub and installing manually, where the update/version logic calls runGit via subprocess.Popen with shell=True. The checkout_git_branch path stores un s...

CVE-2025-39717

In the Linux kernel, the following vulnerability has been resolved: opentreeattr: do not allow id-mapping changes without OPENTREECLONE As described in commit 7a54947e727b 'Merge patch series "fs: allow changing idmappings"', opentreeattr2 was necessary in order to allow for a detached mount to b...

UBUNTU-CVE-2025-39717

In the Linux kernel, the following vulnerability has been resolved: opentreeattr: do not allow id-mapping changes without OPENTREECLONE As described in commit 7a54947e727b 'Merge patch series "fs: allow changing idmappings"', opentreeattr2 was necessary in order to allow for a detached mount to b...