CVE-2025-54800 Hydra persistent XSS in build metrics

Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary JavaScript code into the Hydra database that is automatically evaluated in a client's browser when anyone visits the build page. This could be done by a third-par...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ASN1ObjectIdentifier. An attacker can cause excessive resource consumption by submitting specially crafted ASN.1 Object Identifiers, potentially leading to service disruption...

Linux Distros Unpatched Vulnerability : CVE-2022-48996

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: fix wrong empty schemes assumption under online tuning in damonsysfssetschem...

Security Bulletin: NVIDIA Isaac-GR00T - August 2025

NVIDIA has released a software update for NVIDIA Isaac-GR00T. To protect your system, install the software including the Github commit 9ca97e1 of NVIDIA Isaac-GR00T. Go to NVIDIA Product Security...

PT-2025-32685 · Hydra · Hydra

Name of the Vulnerable Software and Affected Versions: Hydra versions prior to commit f7bda02 Description: Hydra is a continuous integration service for Nix based projects. The /api/push-github and /api/push-gitea API endpoints were called by their respective forges without HTTP Basic...

Security Bulletin: NVIDIA Merlin Transformers4Rec - August 2025

NVIDIA has released a software update for NVIDIA Merlin Transformers4Rec. To protect your system, install the software including the Github commit b7eaea5 of NVIDIA Merlin Transformers4Rec. Go to NVIDIA Product Security...

Linux Distros Unpatched Vulnerability : CVE-2024-58094

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jfs: add check read-only before truncation in jfstruncatenolock Added a check for read-only mode in the jfstruncatenolock function to avoid errors related to...

Security Bulletin: NVIDIA WebDataset - August 2025

NVIDIA has released a software update for NVIDIA WebDataset. To protect your system, install the software including the Github commit 9e95f50 of NVIDIA WebDataset. Go to NVIDIA Product Security...

Linux Distros Unpatched Vulnerability : CVE-2024-26892

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921e: fix use-after- free in freeirq From commit a304e1b82808 PATCH Debug...

Linux Distros Unpatched Vulnerability : CVE-2017-7495

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=ordered mode is used, mishandles a needs- flushing-before-commit list, which allows local users...

Linux Distros Unpatched Vulnerability : CVE-2019-11478

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Jonathan Looney discovered that the TCP retransmission queue implementation in tcpfragment in the Linux kernel could be fragmented when handling certain TCP...

Linux Distros Unpatched Vulnerability : CVE-2022-2785

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There exists an arbitrary memory read within the Linux Kernel BPF - Constants provided to fill pointers in structs passed in to bpfsysbpf are not verified and c...

CVE-2025-54950

An out-of-bounds access vulnerability in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit b6b7a16df5e7852d976d8c34c8a7e9a1b6f7d005...

CVE-2025-54951

A group of related buffer overflow vulnerabilities in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit cea9b23aa8ff78aff92829a466da97461cc7930c...

CVE-2025-54949

A heap buffer overflow vulnerability in the loading of ExecuTorch models can potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit ede82493dae6d2d43f8c424e7be4721abe5242be...

CVE-2025-54952

An integer overflow vulnerability in the loading of ExecuTorch models can cause smaller-than-expected memory regions to be allocated, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 8f062d3f661e20bb19b24b767b9a9a46e8359f2b...

CVE-2025-55137

LinkJoin through 882f196 mishandles lacks type checking in password reset...

CVE-2025-55138

LinkJoin through 882f196 mishandles token ownership in password reset...

Linux Distros Unpatched Vulnerability : CVE-2023-53042

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amd/display: Do not set DRR on pipe Commit WHY Writing to DRR registers such as OTGVTOTALMIN on the same frame as a pipe commit can cause underflow...

PT-2025-44144

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to PCI device interrupt handling. Specifically, the issue arises when using the msi create parent irq domain function, which can result in a NUL...