org.webjars.npm:compression (>=1.5.2 <=1.7.4), org.webjars.npm:express-session (>=1.15.6 <=1.17.1) +1 more potentially affected by CVE-2025-7339 via org.webjars.npm:on-headers (=1.0.2)

org.webjars.npm:on-headers MAVEN version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:on-headers and may be impacted: - org.webjars.npm:compression =1.5.2, =1.15.6, =1.9.0, =1.9.1 Source cves: CVE-2025-7339 Source advisory:...

go-toolset:rhel8 security update

delve 1.24.1-1.0.1 - Disable DWARF compression which has issues Alex Burmashev golang 1.24.4-1 - Update to Go 1.24.4 fips-1 - Resolves: RHEL-85264 go-toolset 1.24.4-1 - Update to Go 1.24.4 fips-1 - Resolves: RHEL-85264...

ALSA-2025:11035 Moderate: lz4 security update

The lz4 packages provide support for LZ4, a very fast, lossless compression algorithm that provides compression speeds of 400 MB/s per core and scales with multicore CPUs. It also features an extremely fast decoder that reaches speeds of multiple GB/s per core and typically reaches RAM speed limi...

Moderate: lz4 security update

The lz4 packages provide support for LZ4, a very fast, lossless compression algorithm that provides compression speeds of 400 MB/s per core and scales with multicore CPUs. It also features an extremely fast decoder that reaches speeds of multiple GB/s per core and typically reaches RAM speed limi...

CVE-2025-24294

The attack vector is a potential Denial of Service DoS. The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses suc...

SUSE-SU-2025:02282-1 Security update for umoci

This update for umoci fixes the following issues: Update to umoci v0.5.0. Upstream changelog is available from bsc1243388 A security flaw was found in the OCI image-spec, where it is possible to cause a blob with one media-type to be interpreted as a different media-type. As umoci is not a regist...

CVE-2025-49667

Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally...

SAP SAPCAR 安全漏洞

SAP SAPCAR is a utility program for compressing and/or decompressing SAP archive files from SAP, Germany. A security vulnerability exists in SAP SAPCAR that stems from the ability of an elevated privilege user to create malicious SAR archives that could result in elevated privileges...

K000152366: XZ Utils vulnerability CVE-2025-31115

Security Advisory Description XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and...

Oracle Linux 10 : delve (ELSA-2025-9317)

The remote Oracle Linux 10 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2025-9317 advisory. 1.24.1-2.0.1 - Disable DWARF compression which has issues Alex Burmashev 1.24.1-2 - Rebuild without changes Tenable has extracted the preceding description blo...

Kaleris NAVIS N4 安全漏洞

Kaleris NAVIS N4 is a container terminal operating system from Kaleris Corporation, USA. A security vulnerability exists in Kaleris NAVIS N4 versions prior to 4.0 that stems from the use of zlib to compress data for transmission over HTTP, which could lead to information disclosure...

CVE-2025-49969

Missing Authorization vulnerability in Zara 4 Zara 4 Image Compression zara-4 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zara 4 Image Compression: from n/a through = 1.2.17.2...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: schhfsc: Fix qlen accounting bug when using peek in hfscenqueue CVE-2025-38000 In the Linux kernel, the following vulnerability has been resolved: netsched: hfsc: Address reentrant enqueue adding class to eltree...

SecurityLingua: Efficient Defense of LLM Jailbreak Attacks Via Security-Aware Prompt Compression

Large language models LLMs have achieved widespread adoption across numerous applications. However, many LLMs are vulnerable to malicious attacks even after safety alignment. These attacks typically bypass LLMs' safety guardrails by wrapping the original malicious instructions inside adversarial...

CVE-2025-38068

In the Linux kernel, the following vulnerability has been resolved: crypto: lzo - Fix compression buffer overrun Unlike the decompression code, the compression code in LZO never checked for output overruns. It instead assumes that the caller always provides enough buffer space, disregarding the...

CVE-2025-49969

CVE-2025-49969 concerns WordPress plugin Zara 4 Image Compression (versions ≤ 1.2.17.2). The issue is described as a Missing Authorization vulnerability (broken access control) that allows exploitation due to improperly configured access control levels. Public sources in the connected data indica...

CVE-2025-49969 WordPress Zara 4 Image Compression plugin <= 1.2.17.2 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Zara 4 Zara 4 Image Compression zara-4 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zara 4 Image Compression: from n/a through = 1.2.17.2...

CVE-2025-49969 WordPress Zara 4 Image Compression plugin <= 1.2.17.2 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Zara 4 Zara 4 Image Compression allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zara 4 Image Compression: from n/a through 1.2.17.2...

WordPress plugin Zara 4 Image Compression 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-26337 · Unknown · Zara 4 Image Compression

Name of the Vulnerable Software and Affected Versions: Zara 4 Image Compression versions 1.2.17.2 and earlier Description: The issue is related to a Missing Authorization vulnerability, allowing exploitation of incorrectly configured access control security levels. Recommendations: For versions...