Important: Red Hat Security Advisory: pam security update

An update for pam is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Lite XL Arbitrary Code Execution via Project Module and Legacy system.exec Function

Overview Lite XL is a lightweight text editor derived from the lite project, written primarily in Lua and C. It supports Windows, Linux, and macOS, and is designed for extensibility through plugins and project‑specific modules. Description Two vulnerabilities were identified Lite XL: CVE-2025-121...

RHEL 10 : pam (RHSA-2025:20181)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:20181 advisory. Pluggable Authentication Modules PAM provide a system to set up authentication policies without the need to recompile programs to handle...

ALSA-2025:20181 Important: pam security update

Pluggable Authentication Modules PAM provide a system to set up authentication policies without the need to recompile programs to handle authentication. Security Fixes: linux-pam: Linux-pam directory Traversal CVE-2025-6020 For more details about the security issues, including the impact, a CVSS...

CVE-2025-64490

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions 7.14.7 and prior, 8.0.0-beta.1 through 8.9.0 allow a low-privileged user with a restrictive role to view and create work items through the Resource Calendar and project screens, even...

CVE-2025-64490 SuiteCRM's Inconsistent RBAC Enforcement Enables Access Control Bypass

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions 7.14.7 and prior, 8.0.0-beta.1 through 8.9.0 allow a low-privileged user with a restrictive role to view and create work items through the Resource Calendar and project screens, even...

CVE-2025-64490 SuiteCRM's Inconsistent RBAC Enforcement Enables Access Control Bypass

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions 7.14.7 and prior, 8.0.0-beta.1 through 8.9.0 allow a low-privileged user with a restrictive role to view and create work items through the Resource Calendar and project screens, even...

OpenTofu affected denials of service in "tofu init" with maliciously-crafted module package responses

Impact Unauthenticated denial of service. Summary When installing module packages from attacker-controlled sources, tofu init may use unbounded memory, cause high CPU usage, or crash when encountering maliciously-crafted TLS certificate chains or tar archives. Those who depend on modules or...

GHSA-W2JF-268Q-MRVH OpenTofu affected denials of service in "tofu init" with maliciously-crafted module package responses

Impact Unauthenticated denial of service. Summary When installing module packages from attacker-controlled sources, tofu init may use unbounded memory, cause high CPU usage, or crash when encountering maliciously-crafted TLS certificate chains or tar archives. Those who depend on modules or...

[SECURITY] Fedora 42 Update: dtkcore-5.7.7-4.fc42

Deepin tool kit core modules...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990357)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990357 advisory. In the Linux kernel, the following vulnerability has been resolved: tracing: Build event generation tests only as modules The kprobes and synth event generation test...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990049)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990049 advisory. In the Linux kernel, the following vulnerability has been resolved: tracing: Build event generation tests only as modules The kprobes and synth event generation test...

MAL-2025-49047 Malicious code in transform-es2015-modules-commonjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b2ad9d3d189297373f163d4e6bba02fc712b67f335bc6a6bab2ebfcf16cba487 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2025-36759

Malicious code in transform-es2015-modules-commonjs npm...

Malicious code in transform-es2015-modules-commonjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b2ad9d3d189297373f163d4e6bba02fc712b67f335bc6a6bab2ebfcf16cba487 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-12461

This vulnerability allows an attacker to access parts of the application that are not protected by any type of access control. The attacker could access this path ‘…/epsilonnet/License/About.aspx’ and obtain information on both the licence and the configuration of the product by knowing which...

EUVD-2025-36637

This vulnerability allows an attacker to access parts of the application that are not protected by any type of access control. The attacker could access this path ‘…/epsilonnet/License/About.aspx’ and obtain information on both the licence and the configuration of the product by knowing which...

PT-2025-44272

Name of the Vulnerable Software and Affected Versions Affected versions not specified Description This issue allows an attacker to access application areas without proper access controls. An attacker can access the path '/epsilonnet/License/About.aspx' to obtain information about the license and...

CVE-2025-10023

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon Infra Monitoring Services Meta-services modules allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.9, from 24.04.0...

Modularizing Spring Boot

Continuing our Road to GA series, this week we're exploring the modularization effort happening with Spring Boot 4. When Spring Boot 1.0 was released in 2014, it shipped with a single spring-boot-autoconfigure jar weighing in at 182 KiB. Of course, that initial version didn't support a great deal...