Insecure Default Initialization of Resource

Overview @modelcontextprotocol/sdk is a Model Context Protocol implementation for TypeScript Affected versions of this package are vulnerable to Insecure Default Initialization of Resource via the StreamableHTTPServerTransport or SSEServerTransport process when enableDnsRebindingProtection is not...

CLSA-2025-1764677738 lasso: Fix of CVE-2025-47151

CVE-2025-47151: fix type confusion vulnerability in the lassonodeimplinitfromxml functionality...

CVE-2025-65502

Null pointer dereference in addcacerts in Cesanta Mongoose before 7.2 allows remote attackers to cause a denial of service via TLS initialization where SSLCTXgetcertstore returns NULL...

SUSE-SU-2025:4301-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 RT kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-38008: mm/pagealloc: fix race condition in unaccepted memory handling bsc1244939. - CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister...

ROS-20251128-07

Vulnerability of the vhostnewmsg function in the drivers/vhost/vhost.c module of the vhost driver of the Linux kernel is related to incorrect initialization of memory for messages transferred between guests. Linux kernel is related to incorrect memory initialization for messages transferred betwe...

SUSE-SU-2025:4272-1 Security update for gnutls

This update for gnutls fixes the following issues: - CVE-2025-9820: Fixed buffer overflow in gnutlspkcs11tokeninit. bsc1254132...

Security update for gnutls

This update for gnutls fixes the following issues: CVE-2025-9820: Fixed buffer overflow in gnutlspkcs11tokeninit. bsc1254132 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the comman...

Exploit for Code Injection in Pgadmin Pgadmin_4

CVE-2025-2945 – pgAdmin4 Authenticated RCE PoC This reposit...

SUSE-SU-2025:21052-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-38008: mm/pagealloc: fix race condition in unaccepted memory handling bsc1244939. - CVE-2025-38539: trace/fgraph: Fix the warning caused by...

SUSE-SU-2025:21064-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-38008: mm/pagealloc: fix race condition in unaccepted memory handling bsc1244939. - CVE-2025-38539: trace/fgraph: Fix the warning caused by...

kernel: net: sched: sfb: fix null pointer access issue when sfb_init() fails

A null pointer dereference exists in the linux kernel, such that when sfbinit fails qdisc is NULL, and it will cause gpf issue, leading to damage to the availability of the system...

CVE-2025-65503

Use after free in endpoint destructors in Redboltz asyncmqtt 10.2.5 allows local users to cause a denial of service via triggering SSL initialization failure that results in incorrect destruction order between iocontext and endpoint objects...

CVE-2025-63433

Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key and IV to decrypt update metadata. The key is stored as a static value within the application's code. An attacker with the ability to intercept network traffic can use this hardcoded key to decrypt,...

EUVD-2025-198709

Null pointer dereference in addcacerts in Cesanta Mongoose before 7.2 allows remote attackers to cause a denial of service via TLS initialization where SSLCTXgetcertstore returns NULL...

EUVD-2025-198707

Use after free in endpoint destructors in Redboltz asyncmqtt 10.2.5 allows local users to cause a denial of service via triggering SSL initialization failure that results in incorrect destruction order between iocontext and endpoint objects...

CVE-2025-65503

Use after free in endpoint destructors in Redboltz asyncmqtt 10.2.5 allows local users to cause a denial of service via triggering SSL initialization failure that results in incorrect destruction order between iocontext and endpoint objects...

CVE-2025-65503

Use after free in endpoint destructors in Redboltz asyncmqtt 10.2.5 allows local users to cause a denial of service via triggering SSL initialization failure that results in incorrect destruction order between iocontext and endpoint objects...

CVE-2025-65502

Null pointer dereference in addcacerts in Cesanta Mongoose before 7.2 allows remote attackers to cause a denial of service via TLS initialization where SSLCTXgetcertstore returns NULL...

DEBIAN-CVE-2025-65502

Null pointer dereference in addcacerts in Cesanta Mongoose before 7.2 allows remote attackers to cause a denial of service via TLS initialization where SSLCTXgetcertstore returns NULL...

PT-2025-47947

Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key and IV to decrypt update metadata. The key is stored as a static value within the application's code. An attacker with the ability to intercept network traffic can use this hardcoded key to decrypt,...