PT-2025-45051

Name of the Vulnerable Software and Affected Versions Tencent Docs Desktop versions 3.9.20 and earlier Description The update component in Tencent Docs Desktop does not properly validate SSL certificates. This could allow for potential security risks during the update process. Recommendations...

Tencent Docs Desktop 安全漏洞

Tencent Docs Desktop is a multiplayer online collaborative document tool from Tencent China. A security vulnerability exists in Tencent Docs Desktop 3.9.20 and prior versions, which stems from a lack of SSL certificate validation in the update component...

CVE-2025-56230

Product affected: Tencent Docs Desktop (versions 3.9.20 and earlier). Vulnerability: Missing SSL certificate validation in the update component. Impact: security risk during update (described as lack of SSL certificate validation). Remediation: update to a version later than 3.9.20 (per PT securi...

Important: Red Hat Security Advisory: Red Hat Developer Hub 1.7.2 release.

Red Hat Developer Hub 1.7.2 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

Metasploit Wrap-Up 10/31/2025

New module content 3 ReDoc API Docs UI Exposed Author: Hamza Sahin Type: Auxiliary Pull request: 20594 contributed by HamzaSahin61 Path: scanner/http/redocexposed Description: Adds a module to detect publicly exposed ReDoc API documentation pages using read-only HTTP GET requests searching for...

CVE-2025-62230

A flaw was discovered in the X.Org X server’s X Keyboard Xkb extension when handling client resource cleanup. The software frees certain data structures without properly detaching related resources, leading to a use-after-free condition. This can cause memory corruption or a crash when affected...

CVE-2025-62229

A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an...

Malicious code in react-ts-tradingview-widgets-docs (npm)

The package react-ts-tradingview-widgets-docs was found to contain malicious code...

MAL-2025-48763 Malicious code in starlight-for-rabbitmq-docs (npm)

The package starlight-for-rabbitmq-docs was found to contain malicious code...

MAL-2025-48756 Malicious code in react-ts-tradingview-widgets-docs (npm)

The package react-ts-tradingview-widgets-docs was found to contain malicious code...

[SECURITY] Fedora 43 Update: gi-docgen-2025.5-1.fc43

GI-DocGen is a document generator for GObject-based libraries. GObject is the base type system of the GNOME project. GI-Docgen reuses the introspection data generated by GObject-based libraries to generate the API reference of these libraries, as well as other ancillary documentation. GI-DocGen i...

[SECURITY] Fedora 43 Update: python3.10-3.10.19-1.fc43

Python 3.10 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.10 package provides the "python3.10" executable:...

ReDoc API Docs UI Exposed

Detects publicly exposed ReDoc API documentation pages. The module performs safe, read-only GET requests and reports likely ReDoc instances based on HTML markers. Module Options msf use auxiliary/scanner/http/redocexposed msf auxiliaryredocexposed show actions ...actions... msf...

[SECURITY] Fedora 42 Update: python3.10-3.10.19-1.fc42

Python 3.10 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.10 package provides the "python3.10" executable:...

Malicious code in circleci-docs (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6d54b71e0248eb8babb0f78827eff5338450108a9cb2814de5573278a5eac86c Any computer that has this package installed or running should be considered...

Malicious code in enjin-docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 24afa8ea540d65aaac41e9b8290ea35057d333217eca4a50410143aa9e993bd4 The OpenSSF Package Analysis project identified 'enjin-docs' @ 15.2.0 npm as malicious. It is considered malicious because: - The package...

EUVD-2025-34700

Malicious code in enjin-docs npm...

MAL-2025-48431 Malicious code in enjin-docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 24afa8ea540d65aaac41e9b8290ea35057d333217eca4a50410143aa9e993bd4 The OpenSSF Package Analysis project identified 'enjin-docs' @ 15.2.0 npm as malicious. It is considered malicious because: - The package...

[SECURITY] Fedora 41 Update: python3.12-3.12.12-1.fc41

Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the "python3.12" executable:...

net.optionfactory.keycloak:optionfactory-keycloak-providers (>=8.1 <=8.9), org.keycloak.testframework:keycloak-test-framework-clustering (>=26.3.0 <=26.3.3) +21 more potentially affected by CVE-2025-9162 via org.keycloak:keycloak-model-storage-services (>=26.3.0 <=26.3.3)

org.keycloak:keycloak-model-storage-services MAVEN version =26.3.0, =8.1, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.3 and more Source cves: CVE-2025-...