CVE-2025-11953 Command injection in React Native Community CLI allows remote attackers to perform remote code execution by sending HTTP requests

The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary...

Azure Access Technology BLU-IC2和Azure Access Technology BLU-IC4 安全漏洞

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in the Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 that stems from multiple devices sharing the...

Photon OS 4.0: Openjdk21 PHSA-2025-4.0-0896

An update of the openjdk21 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0896. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2025-10693 Silicon Labs Z-Wave PIR Sensor Joins Network as Non-Secure

When SmartStart Inclusion fails during the onboarding of a Z-Wave PIR sensor, the sensor will join the network as a non-secure device. This vulnerability exists in Silicon Labs' Z-Wave PIR Sensor Reference design delivered as part of SiSDK v2025.6.0 and v2025.6.1...

OpenAI Unveils Aardvark: GPT-5 Agent That Finds and Fixes Code Flaws Automatically

OpenAI has announced the launch of an "agentic security researcher" that's powered by its GPT-5 large language model LLM and is programmed to emulate a human expert capable of scanning, understanding, and patching code. Called Aardvark , the artificial intelligence AI company said the autonomous...

[SECURITY] Fedora 42 Update: qt-creator-16.0.2-3.fc42

Qt Creator is a cross-platform IDE integrated development environment tailored to the needs of Qt developers...

Build AI Agents with Spin and the OpenAI Agents SDK

...

kernel-devel-6.17.5-1.1 on GA media (moderate)

kernel-devel-6.17.5-1.1 on GA media Announcement ID: openSUSE-SU-2025:15671-1 Rating: moderate Cross-References: CVE-2025-39991 CVE-2025-39992 CVE-2025-39993 CVE-2025-39994 CVE-2025-39995 CVE-2025-39996 CVE-2025-39997 CVE-2025-39998 CVE-2025-39999 CVE-2025-40000 CVE-2025-40001 CVE-2025-40002...

OPENSUSE-SU-2025:15671-1 kernel-devel-6.17.5-1.1 on GA media

These are all security issues fixed in the kernel-devel-6.17.5-1.1 package on the GA media of openSUSE Tumbleweed...

[SECURITY] Fedora 43 Update: python3.9-3.9.24-1.fc43

Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedo...

CVE-2025-62713

Kottster is a self hosted Node.js admin panel. From versions 3.2.0 to before 3.3.2, Kottster contains a pre-authentication remote code execution RCE vulnerability when running in development mode. This affects development mode only, production deployments were never affected. This issue has been...

OESA-2025-2523 spdk security update

The Storage Performance Development Kit provides a set of tools and libraries for writing high performance, scalable, user-mode storage applications. Security Fixes: Storage Performance Development Kit SPDK 25.05 is vulnerable to Buffer Overflow in the NVMe-oF target component in SPDK -...

openjdk: Enhance certificate handling (Oracle CPU 2025-10)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracl...

Moderate: Red Hat Security Advisory: OpenJDK 11.0.29 ELS Security Update for Portable Linux Builds

An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References...

MAL-2025-48855 Malicious code in node-dev-config (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2025-62713

Kottster is a self hosted Node.js admin panel. From versions 3.2.0 to before 3.3.2, Kottster contains a pre-authentication remote code execution RCE vulnerability when running in development mode. This affects development mode only, production deployments were never affected. This issue has been...

CVE-2025-62713 Kottster app reinitialization can be re-triggered allowing command injection in development mode

Kottster is a self hosted Node.js admin panel. From versions 3.2.0 to before 3.3.2, Kottster contains a pre-authentication remote code execution RCE vulnerability when running in development mode. This affects development mode only, production deployments were never affected. This issue has been...

CVE-2025-62713 Kottster app reinitialization can be re-triggered allowing command injection in development mode

Kottster is a self hosted Node.js admin panel. From versions 3.2.0 to before 3.3.2, Kottster contains a pre-authentication remote code execution RCE vulnerability when running in development mode. This affects development mode only, production deployments were never affected. This issue has been...

CVE-2025-62713 Kottster app reinitialization can be re-triggered allowing command injection in development mode

Kottster is a self hosted Node.js admin panel. From versions 3.2.0 to before 3.3.2, Kottster contains a pre-authentication remote code execution RCE vulnerability when running in development mode. This affects development mode only, production deployments were never affected. This issue has been...

CVE-2025-62713

Kottster is a self-hosted Node.js admin panel. A pre-authentication remote code execution (RCE) vulnerability exists in development mode for versions 3.2.0–before 3.3.2; production deployments are unaffected. The issue allows code execution via development-mode behaviors, and has been fixed in ve...