matrix-sdk-base: Panic in the `RoomMember::normalized_power_level()` method

In matrix-sdk-base before 0.14.1, calling the RoomMember::normalizedpowerlevel method can cause a panic if a room member has a power level of Int::Min...

RUSTSEC-2025-0065 matrix-sdk-base: Panic in the `RoomMember::normalized_power_level()` method

In matrix-sdk-base before 0.14.1, calling the RoomMember::normalizedpowerlevel method can cause a panic if a room member has a power level of Int::Min...

Matrix Rust SDK 安全漏洞

Matrix Rust SDK is an open source Rust-based Matrix client server development toolkit from The Matrix.org Foundation. A security vulnerability exists in versions of the Matrix Rust SDK prior to 0.14.1, which stems from a potential panic that could be triggered when dealing with permission levels ...

Intel Core Ultra Processor Firmware Security Update

Intel has informed HP of potential security vulnerabilities for some Intel® Core™ Ultra processors, which might allow information disclosure. Intel is releasing microcode updates to mitigate these potential vulnerabilities. Intel has released updates to mitigate the potential vulnerabilities. HP...

CVE-2025-58359

ZF FROST is a Rust implementation of FROST Flexible Round-Optimised Schnorr Threshold signatures. In versions 2.0.0 through 2.1.0, refresh shares with smaller minsigners will reduce security of group. The inability to change minsigners i.e. the threshold with the refresh share functionality...

Bykea: Lack of minimum value bid wheel verification on customer_bid in Rental Trips

A missing validation on the customerbid field when creating rental trips allowed passengers to submit arbitrary bid amounts, including very low fares. Proper validation was added to prevent unrealistic values...

CVE-2025-58359

ZF FROST is a Rust implementation of FROST Flexible Round-Optimised Schnorr Threshold signatures. In versions 2.0.0 through 2.1.0, refresh shares with smaller minsigners will reduce security of group. The inability to change minsigners i.e. the threshold with the refresh share functionality...

CVE-2025-58359

Summary: The frost-core (ZF FROST) vulnerability CVE-2025-58359 affects frost-core versions 2.0.0–2.1.0. The issue arises because the refresh shares mechanism in frost_core::keys::refresh did not clearly communicate that changing min_signers would not reduce the threshold, and after refreshing wi...

SUSE CVE-2025-38710

In the Linux kernel, the following vulnerability has been resolved: gfs2: Validate idepth for exhash directories A fuzzer test introduced corruption that ends up with a depth of 0 in direread, causing an undefined shift by 32 at: index = hash 32 - dip-idepth; As calculated in an open-coded way in...

UBUNTU-CVE-2025-38710

In the Linux kernel, the following vulnerability has been resolved: gfs2: Validate idepth for exhash directories A fuzzer test introduced corruption that ends up with a depth of 0 in direread, causing an undefined shift by 32 at: index = hash 32 - dip-idepth; As calculated in an open-coded way in...

CVE-2025-38710

In the Linux kernel, the following vulnerability has been resolved: gfs2: Validate idepth for exhash directories A fuzzer test introduced corruption that ends up with a depth of 0 in direread, causing an undefined shift by 32 at: index = hash 32 - dip-idepth; As calculated in an open-coded way in...

PT-2025-36104

Name of the Vulnerable Software and Affected Versions: ZF FROST versions 2.0.0 through 2.1.0 Description: ZF FROST is a Rust implementation of FROST Flexible Round-Optimised Schnorr Threshold signatures. Refresh shares with smaller min signers values in versions 2.0.0 through 2.1.0 can reduce...

GHSA-WGQ8-VR6R-MQXM frost-core: refresh shares with smaller min_signers will reduce security of group

Impact It was not clear that it is not possible to change minsigners i.e. the threshold with the refresh share functionality frostcore::keys::refresh module. Using a smaller value would not decrease the threshold, and attempts to sign using a smaller threshold would fail. Additionally, after...

frost-core: refresh shares with smaller min_signers will reduce security of group

Impact It was not clear that it is not possible to change minsigners i.e. the threshold with the refresh share functionality frostcore::keys::refresh module. Using a smaller value would not decrease the threshold, and attempts to sign using a smaller threshold would fail. Additionally, after...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to buffer overflow due to the zlib package (CVE-2023-45853)

Summary Zlib is used by DataStage on Cloud Pak for Data as part of buffer compression functionality. Vulnerability Details CVEID:CVE-2023-45853 DESCRIPTION: MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename,...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to ensure a minimum skb length in the pptpxmit function, which could lead to uninitialized data...

CVE-2025-8991

A vulnerability was identified in linlinjava litemall up to 1.8.0. Affected by this vulnerability is an unknown functionality of the file /admin/config/express of the component Business Logic Handler. The manipulation of the argument litemallexpressfreightmin leads to business logic errors. The...

CVE-2025-8991

A vulnerability was identified in linlinjava litemall up to 1.8.0. Affected by this vulnerability is an unknown functionality of the file /admin/config/express of the component Business Logic Handler. The manipulation of the argument litemallexpressfreightmin leads to business logic errors. The...

CVE-2025-8991 linlinjava litemall Business Logic express logic error

A vulnerability was identified in linlinjava litemall up to 1.8.0. Affected by this vulnerability is an unknown functionality of the file /admin/config/express of the component Business Logic Handler. The manipulation of the argument litemallexpressfreightmin leads to business logic errors. The...

CVE-2025-8991

CVE-2025-8991 affects linlinjava litemall versions up to 1.8.0. The vulnerability resides in the Business Logic Handler’s /admin/config/express, where manipulating the litemall_express_freight_min parameter triggers business logic errors. The issue is exploitable remotely and publicized. PT-2025-...