CVE-2025-59775

CVE-2025-59775 : SSRF in Apache HTTP Server on Windows when AllowEncodedSlashes On and MergeSlashes Off can leak NTLM hashes to a malicious server. Affected: Apache HTTP Server (Windows). Root cause: SSRF via UNC/NTLM-related handling as described in multiple security bulletins. Remediation: upgr...

CVE-2025-59775 Apache HTTP Server: NTLM Leakage on Windows through UNC SSRF

Server-Side Request Forgery SSRF vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes...

CVE-2025-59775 Apache HTTP Server: NTLM Leakage on Windows through UNC SSRF

Server-Side Request Forgery SSRF vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes...

go-toolset:rhel8 security update

delve 1.25.2-1.0.1 - Disable DWARF compression which has issues Alex Burmashev 1.25.2-1 - Update to Delve 1.25.2 Sync from CentOS Stream 9 - Related: RHEL-121223 golang 1.25.3-1 - Update to Go 1.25.3 sync from CentOS Stream 9 - Build go-toolset as a subpackage - Preserve GOAMD64=v1 for RHEL 8 -...

kernel: drm/amd/display: clear optc underflow before turn off odm clock

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: clear optc underflow before turn off odm clock Why After ODM clock off, optc underflow bit will be kept there always and clear not work. We need to clear that before clock off. How Clear that if have when clock o...

BIT-NGINX-GATEWAY-2024-34161 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit MTU of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory...

BIT-NGINX-GATEWAY-2024-24990 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

Brave Android 1.85.112 Security Fixes

Enabled WASM Interpreter when JIT is disabled. Upgraded Chromium to 143.0.7499.52 — refer to Google Chrome advisories for inherited CVEs...

CVE-2025-66416 DNS Rebinding Protection Disabled by Default in Model Context Protocol Python SDK for Servers Running on Localhost

The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol MCP. Prior to version 1.23.0, tThe Model Context Protocol MCP Python SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost...

CLSA-2025-1764679337 iperf3: Fix of 2 CVEs

CVE-2025-54349: fix off-by-one error and heap-based buffer overflow in iperfauth.c - CVE-2025-54350: prevent crash due to assertion failures on malformed authentication attempt in iperfauth.c...

Brave Desktop 1.85.111 Security Fixes

Improved IKEv2 VPN configuration parameters on Windows. - Enabled WASM Interpreter when JIT is disabled. Upgraded Chromium to 143.0.7499.40 — refer to Google Chrome advisories for inherited CVEs...

OpenWRT <= 24.10.4 DoS Vulnerability

OpenWRT is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openwrt:openwrt";...

CLSA-2025-1764281284 squid: Fix of CVE-2025-62168

CVE-2025-62168: fix failure to redact HTTP authentication credentials in error handling to prevent information disclosure - emailerrdata directive now defaults to 'off' for security previously 'on'...

CLSA-2025-1764152160 squid: Fix of CVE-2025-62168

CVE-2025-62168: fix failure to redact HTTP authentication credentials in error handling to prevent information disclosure - emailerrdata directive now defaults to 'off' for security previously 'on'...

CLSA-2025-1764151964 squid: Fix of CVE-2025-62168

CVE-2025-62168: fix failure to redact HTTP authentication credentials in error handling to prevent information disclosure - emailerrdata directive now defaults to 'off' for security previously 'on'...

JLSEC-2025-247 A vulnerability has been identified in the libarchive library

A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to...

delve and golang security update

delve 1.25.2-1.0.1 - Disable DWARF compression which has issues Alex Burmashev 1.25.2-1 - Update to Delve 1.25.2 - Resolves: RHEL-111801 golang 1.25.3-1 - Update to Go 1.25.3 - Resolves: RHEL-121220 1.25.1-1 - Update to Go 1.25.1 - Resolves: RHEL-116850 1.25.0-2 - Revert DWARF5 defaults - Add elf...

CLSA-2025-1764028726 iperf3: Fix of 2 CVEs

CVE-2025-54349: fix off-by-one error and heap-based buffer overflow in iperfauth.c - CVE-2025-54350: prevent crash due to assertion failures on malformed authentication attempt in iperfauth.c...

EUVD-2025-198432

The WP Delete Post Copies plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

TencentOS Server 4: libarchive (TSSA-2025:0465)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0465 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...