PT-2025-26589 · Unknown · Notepadnext

Name of the Vulnerable Software and Affected Versions: NotepadNext versions through v0.11 Description: The issue is an Out-of-bounds Write vulnerability in dail8859 NotepadNext, affecting the src/lua/src modules, specifically program files ldebug.C and lvm.C. Recommendations: For NotepadNext...

Secure User-Friendly Blockchain Modular Wallet Design Using Android and OP-TEE

Emerging crypto economies still hemorrhage digital assets because legacy wallets leak private keys at almost every layer of the software stack, from user-space libraries to kernel memory dumps. This paper solves that twin crisis of security and interoperability by re-imagining key management as a...

CVE-2025-6240

Improper Input Validation vulnerability in Profisee on Windows filesystem modules allows Path Traversal after authentication to the Profisee system.This issue affects Profisee: from 2020R1 before 2024R2...

SUSE-SU-2025:02001-1 Security update for pam

This update for pam fixes the following issues: - CVE-2025-6018: pamenv: Change the default to not read the user .pamenvironment file bsc1243226. - pamnamespace: convert functions that may operate on a user-controlled path to operate on file descriptors instead of absolute path bsc1244509...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: bpf: The registration of structops that uses the module ptr was rejected, and the module btfid is missing. There is a UAF report in bpfstructops when CONFIGMODULES=n. Specifically, the report relates to tcpcongestionops, which ha...

CVE-2025-4748

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP stdlib modules allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2,...

CVE-2025-4748 Absolute path traversal in zip:unzip/1,2

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP stdlib modules allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2,...

[SECURITY] Fedora 42 Update: dtk6core-6.0.27-5.fc42

Deepin tool kit core modules...

Digital Privacy Everywhere

The increasing proliferation of digital and mobile devices equipped with cameras, microphones, GPS, and other privacy invasive components has raised significant concerns for businesses operating in sensitive or policy restricted environments. Current solutions rely on passive enforcement, such as...

TPM 2.0 Reference Code Vulnerability – Discrete TPMs - Lenovo Support US

No description provided...

GHSA-MCWH-C9PG-XW43 Apache Kafka Deserialization of Untrusted Data vulnerability

In CVE-2023-25194, we announced the RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration in Kafka Connect API. But not only Kafka Connect API is vulnerable to this attack, the Apache Kafka brokers also have this vulnerability. To exploit this vulnerability, the attacker needs ...

CVE-2025-27819 Apache Kafka: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration

In CVE-2023-25194, we announced the RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration in Kafka Connect API. But not only Kafka Connect API is vulnerable to this attack, the Apache Kafka brokers also have this vulnerability. To exploit this vulnerability, the attacker needs ...

CVE-2025-5945

CVE-2025-5945 is rejected/not used; this CVE ID does not represent an active vulnerability entry.

SUSE CVE-2025-27819

In CVE-2023-25194, we announced the RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration in Kafka Connect API. But not only Kafka Connect API is vulnerable to this attack, the Apache Kafka brokers also have this vulnerability. To exploit this vulnerability, the attacker needs ...

org.apache.inlong:manager-client (>=1.3.0 <=2.0.0), org.apache.inlong:manager-client-examples (>=1.3.0 <=2.0.0) +2 more potentially affected by CVE-2025-27531 via org.apache.inlong:manager-pojo (>=1.13.0 <=2.0.0)

org.apache.inlong:manager-pojo MAVEN version =1.13.0, =1.3.0, =1.3.0, =1.3.0, =1.13.0, =2.0.0 Source cves: CVE-2025-27531 Source advisory: SNYK:JAVA-ORGAPACHEINLONG-10350439...

OESA-2025-1600 pam security update

PAM Pluggable Authentication Modules is a system of libraries that handle the authentication tasks of applications services on the system. Security Fixes: A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by...

OESA-2025-1599 pam security update

PAM Pluggable Authentication Modules is a system of libraries that handle the authentication tasks of applications services on the system. Security Fixes: A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by...

GHSA-4V9V-HFQ4-RM2V webpack-dev-server users' source code may be stolen when they access a malicious web site

Summary Source code may be stolen when you access a malicious web site. Details Because the request for classic script by a script tag is not subject to same origin policy, an attacker can inject in their site and run the script. Note that the attacker has to know the port and the output entrypoi...

Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to a man-in-the-middle vulnerability in RFC7250 Raw Public Keys [CVE-2024-12797]

Summary IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to a man-in-the-middle vulnerability in RFC7250 Raw Public Keys RPKs, due to server authentication failure which is susceptible to man-in-the-middle attack CVE-2024-12797. RFC7250 Raw Public Keys are used in our Speech service...

com.github.jinahya:jsonrpc-bind-tests (=0.7.1), org.amebastack.container:ameba-container-grizzly (>=0.1.6c <=0.1.6e) +185 more potentially affected by CVE-2020-5245 +3 more via org.hibernate.validator:hibernate-validator (>=7.0.0.Alpha1 <=7.0.0.Alpha6)

org.hibernate.validator:hibernate-validator MAVEN version =7.0.0.Alpha1, =0.1.6c, =0.1.2, =0.1.2, =0.1.2, =0.1.6c, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0-RC1 and more Source cves: CVE-2020-5245, CVE-2025-35036, CVE-2025-4427, CVE-2025-4428 Source advisory: OSV:GHSA-7V6M-28JR-RG84...