CVE-2025-69806

CVE-2025-69806 describes an out-of-bounds read in the p2r3 bareiron commit 8e4d4020d, enabling unauthenticated remote information leakage via a crafted server packet. The provided description does not specify affected versions or remediation, and no exploitation details are present in the connect...

CVE-2025-69806

p2r3 bareiron commit: 8e4d4020d contains an Out-of-bounds Read, which allows unauthenticated remote attackers to get relative information leakage via a packet sent to the server...

CVE-2025-69806

p2r3 bareiron commit: 8e4d4020d contains an Out-of-bounds Read, which allows unauthenticated remote attackers to get relative information leakage via a packet sent to the server...

[SECURITY] Fedora 42 Update: sad-0.4.32-4.fc42

Space Age seD - Batch File Edit tool. It will show you a really nice diff of proposed changes before you commit them...

kernel: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid

A flaw null pointer dereference in the Linux kernel NFS functionality was found in the way client does some specific action for existing NFS connection. A client user could use this flaw to crash the server system...

CVE-2026-26009

Catalyst is a platform built for enterprise game server hosts, game communities, and billing panel integrations. Install scripts defined in server templates execute directly on the host operating system as root via bash -c, with no sandboxing or containerization. Any user with template.create or...

CVE-2026-26009 Catalyst Affected by Remote Code Execution as Root via Containerized Install Script Execution

Catalyst is a platform built for enterprise game server hosts, game communities, and billing panel integrations. Install scripts defined in server templates execute directly on the host operating system as root via bash -c, with no sandboxing or containerization. Any user with template.create or...

CVE-2026-26009

CVE-2026-26009 affects the Catalyst platform used for enterprise game server hosting, game communities, and billing panel integrations. The issue arises because install scripts defined in server templates run on the host OS via bash -c without sandboxing or containerization. Any user with templat...

[SECURITY] Fedora 43 Update: sad-0.4.32-4.fc43

Space Age seD - Batch File Edit tool. It will show you a really nice diff of proposed changes before you commit them...

PT-2026-7278

An issue in mquickjs before commit 74b7e 2026-01-15 allows a local attacker to cause a denial of service via a crafted file to the get mblock size function at mquickjs.c...

CVE-2025-70347

An issue in mquickjs before commit 74b7e 2026-01-15 allows a local attacker to cause a denial of service via a crafted file to the getmblocksize function at mquickjs.c...

PT-2026-7439

Name of the Vulnerable Software and Affected Versions Catalyst versions prior to 11980aaf3f46315b02777f325ba02c56b110165d Description The platform allows users with template.create or template.update permissions to define arbitrary shell commands within server templates. These commands are execut...

kernel: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid

A flaw null pointer dereference in the Linux kernel NFS functionality was found in the way client does some specific action for existing NFS connection. A client user could use this flaw to crash the server system...

SUSE CVE-2026-25538

Devtron is an open source tool integration platform for Kubernetes. In version 2.0.0 and prior, a vulnerability exists in Devtron's Attributes API interface, allowing any authenticated user including low-privileged CI/CD Developers to obtain the global API Token signing key by accessing the...

CVE-2026-23632

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, the endpoint "PUT /repos/:owner/:repo/contents/" does not require write permissions and allows access with read permission only via repoAssignment. After passing the permission check, PutContents invokes UpdateRepoFile,...

Gogs user can update repository content with read-only permission

Vulnerability Description The endpoint PUT /repos/:owner/:repo/contents/ does not require write permissions and allows access with read permission only via repoAssignment. After passing the permission check, PutContents invokes UpdateRepoFile, which results in: Commit creation Execution of git pu...

GHSA-5QHX-GWFJ-6JQR Gogs user can update repository content with read-only permission

Vulnerability Description The endpoint PUT /repos/:owner/:repo/contents/ does not require write permissions and allows access with read permission only via repoAssignment. After passing the permission check, PutContents invokes UpdateRepoFile, which results in: Commit creation Execution of git pu...

CVE-2026-2008

A vulnerability was detected in abhiphile fermat-mcp up to 47f11def1cd37e45dd060f30cdce346cbdbd6f0a. This vulnerability affects the function eqnchart of the file fmcp/mplmcp/core/eqnchart.py. Performing a manipulation of the argument equations results in code injection. It is possible to initiate...

PT-2026-6852

Vulnerability Description The endpoint PUT /repos/:owner/:repo/contents/ does not require write permissions and allows access with read permission only via repoAssignment. After passing the permission check, PutContents invokes UpdateRepoFile, which results in: Commit creation Execution of git pu...

CVE-2025-71031

Water-Melon Melon commit 9df9292 and below is vulnerable to Denial of Service. The HTTP component doesn't have any maximum length. As a result, an excessive request header could cause a denial of service by consuming RAM memory...