Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Exposed Dangerous Method or Function, Origin Validation Error due to webpack-dev-server

Summary webpack-dev-server is used by IBM watsonx Orchestrate Developer Edition as part of wxo-chat Vulnerability Details CVEID:CVE-2025-30359 DESCRIPTION: webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1,...

Malicious Package

Overview webpacks-dev-servers is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

@c0va23/react-router-dev (=7.8.3-alpha.2), @catmint/cli (>=0.0.0-prealpha.1 <=0.0.0-prealpha.26) +30 more potentially affected by CVE-2025-68155 via @vitejs/plugin-rsc (>=0.4.11 <=0.5.26)

@vitejs/plugin-rsc NPM version =0.4.11, =0.0.0-prealpha.1, =0.0.0-prealpha.1, =0.2.0, =0.0.1-alpha.0, =16.2.6, =0.0.9, =0.6.0, =0.0.0-experimental.1, =0.1.0, =0.0.1, =0.0.0-1ae0b37, =0.0.0-experimental.00a81282, =0.0.0-experimental-2a6c7bc, =0.0.77-dev20260430111227, =0.0.77-dev20260506020152 and...

EUVD-2025-203715

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Remove calls to drmputdev Since the allocation of the drivers main structure was changed to devmdrmdevalloc drmputdev'ing to trigger it to be free'd should be done by devres. However, drmputdev is still in the probe...

CVE-2025-68181

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Remove calls to drmputdev Since the allocation of the drivers main structure was changed to devmdrmdevalloc drmputdev'ing to trigger it to be free'd should be done by devres. However, drmputdev is still in the probe...

UBUNTU-CVE-2025-68188

In the Linux kernel, the following vulnerability has been resolved: tcp: use dstdevrcu in tcpfastopenactivedisableofocheck Use RCU to avoid a pair of atomic operations and a potential UAF on dstdev-flags...

UBUNTU-CVE-2025-68181

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Remove calls to drmputdev Since the allocation of the drivers main structure was changed to devmdrmdevalloc drmputdev'ing to trigger it to be free'd should be done by devres. However, drmputdev is still in the probe...

CVE-2025-68194 media: imon: make send_packet() more robust

In the Linux kernel, the following vulnerability has been resolved: media: imon: make sendpacket more robust syzbot is reporting that imon has three problems which result in hung tasks due to forever holding device lock 1. First problem is that when usbrxcallbackintf0 once got -EPROTO error after...

CVE-2025-68188 tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check()

In the Linux kernel, the following vulnerability has been resolved: tcp: use dstdevrcu in tcpfastopenactivedisableofocheck Use RCU to avoid a pair of atomic operations and a potential UAF on dstdev-flags...

CVE-2025-68181 drm/radeon: Remove calls to drm_put_dev()

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Remove calls to drmputdev Since the allocation of the drivers main structure was changed to devmdrmdevalloc drmputdev'ing to trigger it to be free'd should be done by devres. However, drmputdev is still in the probe...

CVE-2025-68181 drm/radeon: Remove calls to drm_put_dev()

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Remove calls to drmputdev Since the allocation of the drivers main structure was changed to devmdrmdevalloc drmputdev'ing to trigger it to be free'd should be done by devres. However, drmputdev is still in the probe...

PT-2025-51709

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a race condition within the Bluetooth implementation, specifically in the interaction between socket binding and socket write iteration. This condition can lead...

Linux Distros Unpatched Vulnerability : CVE-2025-68181

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/radeon: Remove calls to drmputdev Since the allocation of the drivers main structure was changed to devmdrmdevalloc drmputdev'ing to trigger it to be free'd...

esm-dev 136 - Path Traversal

Exploit Title: esm-dev 136 - Path Traversal Date: 2025-07-11 Exploit Author: Byte Reaper Vendor Homepage: https://github.com/esm-dev/esm.sh Software Link: https://github.com/esm-dev/esm.sh CVE-2025-59342 - File : exploit.c - Date : 09/17/2025 - Target : esm-dev - Version: 136 - Target Endpoint :...

CVE-2025-68146

creationtimestamp| type| source ---|---|--- 2025-12-15 23:55:35+00:00| published-proof-of-concept| https://github.com/tox-dev/filelock/security/advisories/GHSA-w853-jp5j-5j7f...

Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Ansible DevSpaces Container Release Update

An update is now available for Red Hat Ansible Automation Platform Ansible DevSpaces Container Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied...

OESA-2025-2820 runc security update

runc is a CLI tool for spawning and running containers according to the OCI specification. Security Fixes: runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would...

CVE-2025-36919

In aoccread of aocchanneldev.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2025-2483)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : scsi: qla2xxx: Fix warning message due to adisc being flushedCVE-2022-49158 scsi: qla2xxx: Implement ref count for SRBCVE-2022-49159 tcp: add...

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2025-2464)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : scsi: qla2xxx: Fix warning message due to adisc being flushedCVE-2022-49158 scsi: qla2xxx: Implement ref count for SRBCVE-2022-49159 tcp: add...