CVE-2025-63687

The CVE-2025-63687 issue affects the rymcu forest project (commit f782e85, 2025-09-04) where the vulnerability exists in AuthorshipAspect.java’s doBefore function. This flaw could allow an authorized attacker to delete arbitrary user posts. Multiple sources (NVD, Red Hat, EUVD/ENISA, CIRCL, CNNVD...

PT-2025-45449

Name of the Vulnerable Software and Affected Versions ycf1998 money-pos system versions prior to commit 11f276bd20a41f089298d804e43cb1c39d041e59 2025-09-14 Description The ycf1998 money-pos system contains multiple SQL injection vulnerabilities. A remote attacker can potentially execute arbitrary...

GHSA-FV2R-R8MP-PG48 Soft Serve does not sanitize ANSI escape sequences in user input

Impact In several places where the user can insert data e.g. names, ANSI escape sequences are not being removed, which can then be used, for example, to show fake alerts. In the same token, git messages, when printed, are also not being sanitized. Places in which this was found: 1. Repository...

Soft Serve does not sanitize ANSI escape sequences in user input

Impact In several places where the user can insert data e.g. names, ANSI escape sequences are not being removed, which can then be used, for example, to show fake alerts. In the same token, git messages, when printed, are also not being sanitized. Places in which this was found: 1. Repository...

CVE-2025-10966

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990370)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990370 advisory. In the Linux kernel, the following vulnerability has been resolved: nfs: fix UAF in direct writes In production we have been hitting the following warning...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988981)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988981 advisory. In the Linux kernel, the following vulnerability has been resolved: Fix page corruption caused by racy check in freepages When we upgraded our kernel, we started...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988802)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988802 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix ext4mbmarkbb with flexbg with fastcommit In case of flexbg feature which is by default...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989380)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989380 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: add error checking to ext4extreplaysetiblocks If the call to ext4mapblocks fails due to an...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989354)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989354 advisory. In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix an Oops in pnfsmarkrequestcommit when doing ODIRECT Fix an Oopsable condition in...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988984)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988984 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: filter out EXT4FCREPLAY from on-disk superblock field sstate The EXT4FCREPLAY bit in...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989318)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989318 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: memleak flow rule from commit path Abort path release flow rule object,...

Exploit for CVE-2025-62726

N8N Remote Code Execution CVE-2025-62726 POC/Exploit This vul...

Astra Linux – Vulnerability in jpeg-xl

There exists a stack buffer overflow in libjxl. A specifically crafted file can cause the JPEG XL decoder to use large amounts of stack space up to 256MB, possibly up to 512MB, potentially exhausting the stack. An attacker can create a file that will lead to excessive memory usage. We recommend...

CVE-2025-62726

n8n is an open source workflow automation platform. Prior to 1.113.0, a remote code execution vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n. When a malicious actor clones a remote repository containing a pre-commit hook, the subsequent use ...

EUVD-2025-37317

Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. It has been fixed in the following commit: ...

NFSD: Define a proc_layoutcommit for the FlexFiles layout type

...

SUSE CVE-2025-40087

In the Linux kernel, the following vulnerability has been resolved: NFSD: Define a proclayoutcommit for the FlexFiles layout type Avoid a crash if a pNFS client should happen to send a LAYOUTCOMMIT operation on a FlexFiles layout...

CVE-2025-60950

An arbitrary file upload vulnerability in the Data Preparation function of AIxBlock commit f60975 allows attackers to execute arbitrary code via a crafted SVG file...

GHSA-F9F4-5859-29MF sqls-server/sqls is vulnerable to command injection in the config command

sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands. This issue has been patched via commit...