EUVD-2024-20712

Malicious code in bioql PyPI...

EUVD-2022-4120

Malicious code in bioql PyPI...

EUVD-2024-2821

Malicious code in bioql PyPI...

EUVD-2024-44589

Malicious code in bioql PyPI...

EUVD-2025-26134

Malicious code in bioql PyPI...

EUVD-2023-2921

Malicious code in bioql PyPI...

EUVD-2025-31103

Malicious code in bioql PyPI...

GHSA-M8RJ-PPPH-MJ33 @plone/volto vulnerable to potential DoS by invoking specific URL by anonymous user

Impact When visiting a specific URL, an anonymous user could cause the NodeJS server part of Volto to quit with an error. Patches The problem has been patched and the patch has been backported to Volto major versions down until 16. It is advised to upgrade to the latest patch release of your...

PT-2025-40309

Name of the Vulnerable Software and Affected Versions Volto versions 16.34.0 through 16.34.1 Volto versions 17.0.0 through 17.22.1 Volto versions 18.0.0 through 18.27.1 Volto versions 19.0.0-alpha.1 through 19.0.0-alpha.5 Description An anonymous user can cause the NodeJS server part of Volto to...

CVE-2025-11083

A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elfswapshdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public an...

PT-2025-39347

🚨 New OracleLinux 8 Kernel Advisory: ELS-2025-16372 Patches CVE-2025-16372, a race condition flaw posing a DoS risk. Read more: 👉 https://t.co/kv9wdXoGbb Security https://t.co/CIpL06smgF...

CVE-2025-59822

Http4s is a Scala interface for HTTP services. In versions from 1.0.0-M1 to before 1.0.0-M45 and before 0.23.31, http4s is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer section. This vulnerability could enable attackers to bypass front-end servers security controls...

CVE-2025-54081 SunshineService Has Unquoted Service Path That Allows Local SYSTEM Code Execution

Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.923.33222, the Windows service SunshineService is installed with an unquoted executable path. If Sunshine is installed in a directory whose name includes a space, the Service Control Manager SCM interprets the path...

CVE-2025-59532

CVE-2025-59532 affects OpenAI Codex CLI (v0.2.0–0.38.0). A sandbox configuration bug caused the model-generated cwd to be treated as the sandbox’s writable root, enabling arbitrary file writes and command execution outside the user’s session workspace. The issue did not impact the network-disable...

Cross-site scripting vulnerability in Lectora course navigation

Overview Lectora Desktop versions 21.0–21.3 and Lectora Online versions 7.1.6 and older contained a cross-site scripting XSS vulnerability in courses published with Seamless Play Publish SPP enabled and Web Accessibility disabled. The vulnerability was initially patched in Lectora Desktop version...

Codex has sandbox bypass due to bug in path configuration logic

Due to a bug in the sandbox configuration logic, Codex CLI could treat a model-generated cwd as the sandbox’s writable root, including paths outside of the folder where the user started their session. This logic bypassed the intended workspace boundary and enables arbitrary file writes and comman...

Medium: mod_auth_openidc

Issue Overview: modauthopenidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Prior to 2.4.16.11, a bug in a modauthopenidc results in disclosure of protected content to unauthenticated...

OESA-2025-2254 cmake security update

CMake is used to control the software compilation process using simple platform and compiler independent configuration files. CMake generates native makefiles and workspaces that can be used in the compiler environment of your choice. CMake is quite sophisticated: it is possible to support comple...

BIT-KYVERNO-2025-29778 Kyverno ignores subjectRegExp and IssuerRegExp

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were signed by...

CVE-2025-58435

Open OnDemand is an open-source HPC portal. Prior to versions 3.1.15 and 4.0.7, noVNC interactive applications did not correctly rotate the password when TurboVNC was higher than version 3.1.2. The likelihood of exploitation is low as a user would need to share their link to an active desktop...