Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992665)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992665 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fix flushtlbrange when used for zapping normal PMDs On the following path, flushtlbrange...

CVE-2025-66834

A CSV Formula Injection vulnerability in TrueConf Server v5.5.2.10813 allows a normal user to inject malicious spreadsheet formulas into exported chat logs via crafted Display Name...

EUVD-2025-205450

An issue in Yealink T21PE2 Phone 52.84.0.15 allows a remote normal privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component...

CVE-2025-68191 udp_tunnel: use netdev_warn() instead of netdev_WARN()

In the Linux kernel, the following vulnerability has been resolved: udptunnel: use netdevwarn instead of netdevWARN netdevWARN uses WARN/WARNON to print a backtrace along with file and line information. In this case, udptunnelnicregister returning an error is just a failed operation, not a kernel...

CVE-2025-68191

In the Linux kernel, CVE-2025-68191 is addressed by replacing netdev_WARN() with netdev_warn() in udp_tunnel_nic_register(). The old netdev_WARN() prints a backtrace via WARN/WARN_ON, which is inappropriate for an error that is simply a normal memory-allocation failure (kzalloc() or udp_tunnel_ni...

NanoMQ 安全漏洞

NanoMQ is a lightweight and fast MQTT Broker for IoT edge platforms open sourced by EMQ USA. A security vulnerability exists in NanoMQ versions prior to 0.24.4 that stems from a buffer overflow in PUBLISH packets triggering shared and normal subscriptions...

OESA-2025-2795 grub2 security update

GNU GRUB is a Multiboot boot loader. It was derived from GRUB, the GRand Unified Bootloader, which was originally designed and implemented by Erich Stefan Boleyn. Security Fixes: A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free...

CVE-2025-63681

open-webui v0.6.33 is vulnerable to Incorrect Access Control. The API /api/tasks/stop/ directly accesses and cancels tasks without verifying user ownership, enabling attackers a normal user to stop arbitrary LLM response tasks...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : grub2 (SUSE-SU-2025:4196-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4196-1 advisory. - CVE-2025-54770: Fixed missing unregister call for netsetvlan command may lead to use-after-fre...

EUVD-2025-199117

Malicious code in normal-store npm...

Malicious code in normal-store (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3f3cc821206cbfa969e8f4e3472a09caf43736b8e70d4ec80ed20931b64406b8 The package normal-store was found to contain malicious code. Source: ghsa-malware 1e1d6a2537e74912ec3831bf85e49e8ba908fc28838ec60c07f7218717ba36ae A...

MAL-2025-191135 Malicious code in normal-store (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3f3cc821206cbfa969e8f4e3472a09caf43736b8e70d4ec80ed20931b64406b8 The package normal-store was found to contain malicious code. Source: ghsa-malware 1e1d6a2537e74912ec3831bf85e49e8ba908fc28838ec60c07f7218717ba36ae A...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Security update for grub2

This update for grub2 fixes the following issues: CVE-2025-54771: Fixed rubfileclose does not properly controls the fs refcount bsc1252931 CVE-2025-61661: Fixed out-of-bounds write in grubusbgetstring function bsc1252932 CVE-2025-61662: Fixed missing unregister call for gettext command may lead t...

Security update for grub2

This update for grub2 fixes the following issues: CVE-2025-54770: Fixed missing unregister call for netsetvlan command may lead to use-after-free bsc1252930 CVE-2025-54771: Fixed rubfileclose does not properly controls the fs refcount bsc1252931 CVE-2025-61661: Fixed out-of-bounds write in...

Grub2: missing unregister call for normal_exit command may lead to use-after-free

...

Grub2: missing unregister call for normal commands may lead to use-after-free

...

SUSE-SU-2025:4143-1 Security update for grub2

This update for grub2 fixes the following issues: - CVE-2025-54771: Fixed rubfileclose does not properly controls the fs refcount bsc1252931 - CVE-2025-61661: Fixed out-of-bounds write in grubusbgetstring function bsc1252932 - CVE-2025-61662: Fixed missing unregister call for gettext command may...

SUSE CVE-2025-61664

A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because the normalexit command is not properly unregistered when its related module is unloaded. An attacker can exploit this condition by invoking the command after...

CVE-2025-61664

A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because the normalexit command is not properly unregistered when its related module is unloaded. An attacker can exploit this condition by invoking the command after...