EUVD-2025-204277

WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 is vulnerable to Broken Access Control in initial configuration wizard.cgi endpoint. Malicious attacker can change admin panel password without authorization. The vulnerability can also be exploited after the initial configuration has...

Security update for golang-github-prometheus-alertmanager

This update for golang-github-prometheus-alertmanager fixes the following issues: Update to version 0.28.1 jscPED-13285: Improved performance of inhibition rules when using Equal labels. Improve the documentation on escaping in UTF-8 matchers. Update alertmanagerconfighash metric help to document...

Low: Red Hat Security Advisory: OpenShift File Integrity Operator bug fix and enhancement update

An updated OpenShift File Integrity Operator image that fixes various bugs and adds new enhancements is now available for the Red Hat OpenShift Enterprise 4 catalog. The OpenShift File Integrity Operator v1.3.8 is now available. See the documentation for bug fix information:...

CVE-2025-68316

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix invalid probe error return value After DME Link Startup, the error return value is set to the MIPI UniPro GenericErrorCode which can be 0 SUCCESS or 1 FAILURE. Upon failure during driver probe, the error code...

PT-2025-51728

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Linux kernel where an incorrect error return value during device probe can lead to system instability. Specifically, after DME Link Startup, a failure during drive...

CVE-2025-64338

CVE-2025-64338 affects ClipBucket v5. In versions 5.5.2 - #156 and below, an authenticated regular user can create a photo collection whose Collection Name contains HTML/JavaScript payloads. The payload is rendered unsafely in the Admin → Manage Photos interface, enabling a Stored XSS condition i...

EUVD-2025-202886

In GetTachyonCommand of tachyonservercommon.h, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

[SECURITY] Fedora 43 Update: python3-docs-3.14.2-1.fc43

The python3-docs package contains documentation on the Python 3 programming language and interpreter...

SUSE CVE-2025-40336

In the Linux kernel, the following vulnerability has been resolved: drm/gpusvm: fix hmmpfntomaporder usage Handle the case where the hmm range partially covers a huge page like 2M, otherwise we can potentially end up doing something nasty like mapping memory which is outside the range, and maybe...

Fedora: Security Advisory (FEDORA-2025-e235793f10)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MINI-94H9-W4GF-6CHR

Bulletin has no description...

Security Bulletin: IBM Documentation Offline is vulnerable to `Node.js ReadFileUtf8 and HTTP Parser flaws` due to Node.js (CVE-2025-23165, CVE-2025-23167)

Summary IBM Documentation Offline utilizes Node.js as a third-party component, which contains two vulnerabilities that could potentially affect your product's stability and security. CVE-2025-23165 CVSS: 3.7 is a Denial of Service DoS vulnerability in the ReadFileUtf8 internal binding. Repeated u...

Important: Red Hat Security Advisory: Red Hat OpenShift Pipelines Release 1.19.4

The 1.19.4 GA release of Red Hat OpenShift Pipelines Operator.. For more details see product documentation. The 1.19.4 release of Red Hat OpenShift Pipelines Operator...

BELL-CVE-2025-40322

Bulletin has no description...

[SECURITY] Fedora 42 Update: texlive-base-20230311-94.fc42

The TeX Live software distribution offers a complete TeX system for a variety of Unix, Macintosh, Windows and other platforms. It encompasses programs for editing, typesetting, previewing and printing of TeX documents in many different languages, and a large collection of TeX macros and font...

[SECURITY] Fedora 43 Update: texlive-base-20230311-94.fc43

The TeX Live software distribution offers a complete TeX system for a variety of Unix, Macintosh, Windows and other platforms. It encompasses programs for editing, typesetting, previewing and printing of TeX documents in many different languages, and a large collection of TeX macros and font...

arcade-mcp-server Has Default Hardcoded Worker Secret That Allows Full Unauthorized Access to All HTTP MCP Worker Endpoints

Summary The arcade-mcp HTTP server uses a hardcoded default worker secret "dev" that is never validated or overridden during normal server startup. As a result, any unauthenticated attacker who knows this default key can forge valid JWTs and fully bypass the FastAPI authentication layer. This...

CLSA-2025-1764598717 gstreamer1: Fix of CVE-2024-47606

CVE-2024-47606: allocator: avoid integer overflow when allocating sysmem - Fix documentation build with the newer gtk-doc...

CVE-2018-17082

creationtimestamp| type| source ---|---|--- 2025-12-01 07:51:52+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2018/CVE-2018-17082.yaml 2025-12-02 21:02:28+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3m6ztowc7ky2w 2026-01-27...

CLSA-2025-1764325574 gstreamer1-plugins-good: Fix of CVE-2024-47606

CVE-2024-47606: qtdemux: avoid integer overflow when parsing Theora extension - Fix documentation build with the newer gtk-doc...