PT-2025-44367

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.0.5 Description A parameter in the example dag decorator dag was not properly validated, potentially allowing a user of the Airflow UI to redirect the example to a malicious server and execute code on a worke...

PT-2025-44342

Name of the Vulnerable Software and Affected Versions Zitadel versions prior to 4.6.0 Zitadel versions prior to 3.4.3 Zitadel versions prior to 2.71.18 Description Zitadel, an open-source identity infrastructure software, is susceptible to online brute-force attacks targeting OTP, TOTP, and...

CVE-2025-62796

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Versions 1.7.7 through 2.0.1 allow persistent HTML injection via the unsanitized attachment filename attachmentname when attachments are enabled. An attacker can modify attachmentname before encryption so that,...

CVE-2025-62796 PrivateBin persistent HTML injection in attachment filename enables redirect and defacement

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Versions 1.7.7 through 2.0.1 allow persistent HTML injection via the unsanitized attachment filename attachmentname when attachments are enabled. An attacker can modify attachmentname before encryption so that,...

CVE-2025-62796

CVE-2025-62796 concerns PrivateBin where Versions 1.7.7–2.0.1 allow persistent HTML injection via the unsanitized attachment_name when attachments are enabled. An attacker can modify the filename before encryption, causing unescaped HTML to be inserted near the file size hint after decryption, en...

CVE-2025-40075

In the Linux kernel, the following vulnerability has been resolved: tcpmetrics: use dstdevnetrcu Replace three dstdev with a lockdep enabled helper...

CVE-2025-40074 ipv4: start using dst_dev_rcu()

In the Linux kernel, the following vulnerability has been resolved: ipv4: start using dstdevrcu Change icmpv4xrlimallow, ipdefrag to prevent possible UAF. Change ipmrpreparexmit, ipmrqueuefwdxmit, ipmroutput, ipv4neighlookup to use lockdep enabled dstdevrcu...

EUVD-2025-36454

In the Linux kernel, the following vulnerability has been resolved: ipv4: start using dstdevrcu Change icmpv4xrlimallow, ipdefrag to prevent possible UAF. Change ipmrpreparexmit, ipmrqueuefwdxmit, ipmroutput, ipv4neighlookup to use lockdep enabled dstdevrcu...

Linux Distros Unpatched Vulnerability : CVE-2025-40074

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ipv4: start using dstdevrcu Change icmpv4xrlimallow, ipdefrag to prevent possible UAF. Change ipmrpreparexmit, ipmrqueuefwdxmit, ipmroutput, ipv4neighlookup to...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: open-vm-tools (UTSA-2025-988601)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988601 advisory. VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability.A malicious local actor with non-administrative privileges having access t...

CVE-2025-55752 Apache Tomcat: Directory traversal via rewrite with possible RCE if PUT is enabled

Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the...

CVE-2025-55752 Apache Tomcat: Directory traversal via rewrite with possible RCE if PUT is enabled

Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the...

CVE-2025-55752

CVE-2025-55752 describes a Relative Path Traversal in Apache Tomcat introduced by a fix for bug 60013, allowing manipulation of the request URI to bypass protections for /WEB-INF/ and /META-INF/ and, if PUTs are enabled, potentially upload of malicious files leading to remote code execution. Affe...

Important: kernel-livepatch-4.14.355-280.695

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Use rawsmpprocessorid instead of smpprocessorid CVE-2023-53530 Affected Packages: kernel-livepatch-4.14.355-280.695 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Linux Distros Unpatched Vulnerability : CVE-2022-50582

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - regulator: core: Prevent integer underflow By using a ratio of delay to pollenabledtime that is not integer timeremaining underflows and does not exit the loop ...

CVE-2025-11244

The Password Protected plugin for WordPress is vulnerable to authorization bypass via IP address spoofing in all versions up to, and including, 2.7.11. This is due to the plugin trusting client-controlled HTTP headers such as X-Forwarded-For, HTTPCLIENTIP, and similar headers to determine user IP...

Fedora 42 : python-sqlparse (2025-d2d3a5fa79)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-d2d3a5fa79 advisory. This update backports the upstream fixes for CVE-2023-30608 and CVE-2024-4340. It also enables the test suite and corrects the SPDX license...

CVE-2025-54808 Oxford Nanopore Technologies MinKNOW Insufficiently Protected Credentials

Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 stores authentication tokens in a file located in the system's temporary directory /tmp on the host machine. This directory is typically world-readable, allowing any local user or application to access the token. If the...

CVE-2025-54808

Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 stores authentication tokens in a file located in the system's temporary directory /tmp on the host machine. This directory is typically world-readable, allowing any local user or application to access the token. If the...

CVE-2022-50582

In the Linux kernel, the following vulnerability has been resolved: regulator: core: Prevent integer underflow By using a ratio of delay to pollenabledtime that is not integer timeremaining underflows and does not exit the loop as expected. As delay could be derived from DT and pollenabledtime is...