Security Bulletin: Multiple Vulnerabilities of IBM Java SDK affect VMware Agent from IBM Tivoli Monitoring for Virtual Environments.

Summary IBM java SDK is used by VMware Agent from IBM Tivoli Monitoring for Virtual Environments. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote attacker to cause high confidentiality impact, no...

Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack

Summary Developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. Due to the longstanding decision by the Ray Development team to not implement any sort of authentication on critical endpoints, like the /api/jobs &...

GHSA-Q279-JHRF-CC6V Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack

Summary Developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. Due to the longstanding decision by the Ray Development team to not implement any sort of authentication on critical endpoints, like the /api/jobs &...

Ubuntu EDK2 安全漏洞

Ubuntu EDK2 is an open source firmware development kit for Ubuntu. A security vulnerability exists in Ubuntu edk2 that stems from the Secure Boot environment that allows access to the UEFI Shell, which could lead to Secure Boot constraints being bypassed...

@appium/base-driver (>=10.0.0 <=10.1.1), @breautek/storm (>=9.0.0 <=9.2.4) +77 more potentially affected by CVE-2025-13466 via body-parser (=2.2.0)

body-parser NPM version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on body-parser and may be impacted: - @appium/base-driver =10.0.0, =9.0.0, =3.8.8, =1.114.0, =11.8.0, =3.4.0, =11.0.19, =0.1.0, =8.13.0, =4.0.1, =1.0.0-beta.2, =0.0.1-beta.0,...

Exploit for Use of Uninitialized Resource in Microsoft

Proof-of-Concept exploit for the Untrusted Pointer Dereferenc...

Exploit for Out-of-bounds Write in Microsoft

Contents General Introduction This was made to clarify gen...

CVE-2025-56400

CVE-2025-56400 describes a CSRF-type flaw in the OAuth flow of the Tuya SDK 6.5.0 for Android/iOS, affecting Tuya Smart and Smartlife apps and third‑party apps that integrate the SDK. The root cause is failure to validate the OAuth state parameter during account linking, allowing an attacker to t...

[SECURITY] Fedora 43 Update: dotnet10.0-10.0.100-1.fc43

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

[SECURITY] Fedora 42 Update: dotnet10.0-10.0.100-1.fc42

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

[SECURITY] Fedora 41 Update: dotnet10.0-10.0.100-1.fc41

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

EUVD-2025-198372

Improper authorization in Dynamics OmniChannel SDK Storage Containers allows an unauthorized attacker to elevate privileges over a network...

EUVD-2025-198363

Qlik Sense Enterprise v14.212.13 was discovered to contain an information leak via the /dev-hub/ directory...

CVE-2025-64655 Dynamics OmniChannel SDK Storage Containers Elevation of Privilege Vulnerability

...

CVE-2025-64757

Astro is a web framework. Prior to version 5.14.3, a vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and allows remote...

Dynamics OmniChannel SDK Storage Containers Elevation of Privilege Vulnerability

Improper authorization in Dynamics OmniChannel SDK Storage Containers allows an unauthorized attacker to elevate privileges over a network...

TencentOS Server 4: pcs (TSSA-2025:0213)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0213 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Qlik Sense Enterprise 安全漏洞

Qlik Sense Enterprise is a data analytics platform from Qlik USA. A security vulnerability exists in Qlik Sense Enterprise version v14.212.13, which originates in the /dev-hub/ directory could lead to information disclosure...

TencentOS Server 4: dpdk (TSSA-2025:0071)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0071 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Relative Path Traversal

Overview @astrojs/internal-helpers is an Internal helpers used by core Astro packages. Affected versions of this package are vulnerable to Relative Path Traversal via the href parameter in the image optimization endpoint during development mode. An attacker can access arbitrary local image files...