CVE-2025-53541

CVE-2025-53541 affects Tuleap Community Edition (before 16.9.99.1751892857) and Tuleap Enterprise Edition (before 16.8-5 and 16.9-3). Malicious users could insert malicious code when displaying the children of a parent artifact, causing XSS. The fixed versions are Tuleap Community Edition 16.9.99...

CVE-2025-52899 Tuleap vulnerable to user enumeration via the lost password form

Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1750843170 and Tuleap Enterprise Edition prior to 16.8-4 and 16.9-2, the forgot password form allows for user enumeration. This is fixed ...

CVE-2025-52899 Tuleap vulnerable to user enumeration via the lost password form

Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1750843170 and Tuleap Enterprise Edition prior to 16.8-4 and 16.9-2, the forgot password form allows for user enumeration. This is fixed ...

nodejs:20 security update

An update is available for module.nodejs-nodemon, module.nodejs-packaging, nodejs, nodejs-nodemon, module.nodejs, nodejs-packaging. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

RLSA-2025:11802 Important: nodejs:22 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: sqlite: Integer Truncation in SQLite CVE-2025-6965 For more details about the security issues, including the impact, a CVSS score, acknowledgments...

RLSA-2025:8514 Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Remote Crash via SignTraits::DeriveBits in Node.js CVE-2025-23166 For more details about the security issues, including the impact, a CVSS...

nodejs:22 security update

An update is available for module.nodejs-nodemon, nodejs, nodejs-nodemon, nodejs-packaging, module.nodejs, module.nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

RLSA-2025:11803 Important: nodejs:22 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: sqlite: Integer Truncation in SQLite CVE-2025-6965 For more details about the security issues, including the impact, a CVSS score, acknowledgments...

RLSA-2025:8506 Important: nodejs:22 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Remote Crash via SignTraits::DeriveBits in Node.js CVE-2025-23166 For more details about the security issues, including the impact, a CVSS...

The vulnerability of the rgxfw_write_robustness_buffer() function in the Driver Development Kit (DDK) toolset allows a hacker to gain unauthorized access to protected information.

The vulnerability of the rgxfwwriterobustnessbuffer function in the Driver Development Kit DDK toolset is related to context privilege switching errors. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

The vulnerability of the rgxfw_pcset_ungrab() function in the Driver Development Kit (DDK) allows a hacker to trigger a service failure.

The vulnerability of the rgxfwpcsetungrab function in the Driver Development Kit DDK relates to a pointer shift beyond the allocated memory range when processing the psFWMemContext parameter. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the rgxfw_hwr_log_info() function in the Driver Development Kit (DDK) – a set of tools for developing graphics processor drivers – allows a hacker to compromise the integrity of protected information.

The vulnerability of the rgxfwhwrloginfo function in the Driver Development Kit DDK involves a pointer being moved beyond the allocated memory area when processing the psHWRInfoBuf parameter. Exploiting this vulnerability can allow an attacker to compromise the integrity of the protected...

The vulnerability of the RGXFWIF_HWPERF_CTL_BLK() function in the Driver Development Kit (DDK) allows a hacker to execute arbitrary code.

The vulnerability of the RGXFWIFHWPERFCTLBLK function in the Driver Development Kit DDK is related to a pointer overflow that occurs beyond the allocated memory range. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

Important: nodejs:22 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: sqlite: Integer Truncation in SQLite CVE-2025-6965 For more details about the security issues, including the impact, a CVSS score, acknowledgments...

Exploit for CVE-2025-31486

Vite Path Traversal Lab CVE-2025-31486 !Open in GitHub Co...

CVE-2025-7427

Uncontrolled Search Path Element in Arm Development Studio before 2025 may allow an attacker to perform a DLL hijacking attack. Successful exploitation could lead to local arbitrary code execution in the context of the user running Arm Development Studio...

A Bootiful Podcast: José Paumard, Java developer advocate and professor

Hi, Spring fans! In this installment, recorded at Devoxx UK 2025, I talk to the legendary professor of computer science and legend José Paumard about Java, the ecosystem, and more,...

The vulnerability of the TIA Administrator software development environment, related to access control deficiencies, allows attackers to escalate their privileges and execute arbitrary code.

The vulnerability of the TIA Administrator software development environment is related to lack of access control. Exploiting this vulnerability can allow attackers to enhance their privileges and execute arbitrary code...

An Empirical Study on Virtual Reality Software Security Weaknesses

Virtual Reality VR has emerged as a transformative technology across industries, yet its security weaknesses, including vulnerabilities, are underinvestigated. This study investigates 334 VR projects hosted on GitHub, examining 1,681 software security weaknesses to understand: what types of...

CVE-2025-7427

Uncontrolled Search Path Element in Arm Development Studio before 2025 may allow an attacker to perform a DLL hijacking attack. Successful exploitation could lead to local arbitrary code execution in the context of the user running Arm Development Studio...