CVE-2025-58364 cups: Remote DoS via null dereference

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, an unsafe deserialization and validation of printer attributes causes null dereference in the libcups library. This is a remote DoS vulnerability available in local...

GHSA-4269-MCFH-CP7Q Indico may disclose unauthorized user details access via legacy API

Impact A legacy API to retrieve user details could be misused to retrieve profile details of other users without having admin permissions due to a broken access check. Patches You should to update to Indico 3.3.8 as soon as possible. See the docs for instructions on how to update. Workarounds It ...

PT-2025-36515

Name of the Vulnerable Software and Affected Versions: pREST versions prior to 2.0.0-rc3 Description: pREST PostgreSQL REST is an API that delivers an application on top of a Postgres database. Multiple SQL injection flaws exist due to insufficient input validation when constructing SQL queries...

CVE-2025-30274

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later...

CVE-2025-58047 Volto affected by possible DoS by invoking specific URL by anonymous user

Volto is a React based frontend for the Plone Content Management System. In versions from 19.0.0-alpha.1 to before 19.0.0-alpha.4, 18.0.0 to before 18.24.0, 17.0.0 to before 17.22.1, and prior to 16.34.0, an anonymous user could cause the NodeJS server part of Volto to quit with an error when...

Contrast leaks workload secrets to logs on INFO level

This is the same vulnerability as https://github.com/edgelesssys/contrast/security/advisories/GHSA-h5f8-crrq-4pw8. The original vulnerability had been fixed for release v1.8.1, but the fix was not ported to the main branch and thus not present in releases v1.9.0 ff. Below is a brief repetition of...

CVE-2025-57757 Contao discloses information in the news module

Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, if a news feed contains protected news archives, their news items are not filtered and become publicly available in the RSS feed. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround...

CVE-2025-57767

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.15.2, 21.10.2, and 22.5.2, if a SIP request is received with an Authorization header that contains a realm that wasn't in a previous 401 response's WWW-Authenticate header, or an Authorization header wi...

Linux Distros Unpatched Vulnerability : CVE-2023-35946

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, i...

About the security content of macOS Sonoma 14.7.8

About the security content of macOS Sonoma 14.7.8 This document describes the security content of macOS Sonoma 14.7.8. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or release...

CLSA-2025-1755617684 libndp: Fix of CVE-2024-5564

CVE-2024-5564: validate route information option length...

Security update for docker

This update for docker fixes the following issues: Update to Docker 28.3.3-ce. CVE-2025-54388: Fixed a bug where firewalld when reloaded can make published container ports accessible from remote hosts. bsc1247367 Patch Instructions: To install this SUSE update use the SUSE recommended installatio...

SUSE SLES12 Security Update : kernel (Live Patch 58 for SLE 12 SP5) (SUSE-SU-2025:02827-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02827-1 advisory. This update for the Linux Kernel 4.12.14-122222 fixes several issues. The following security issues were fixed: - CVE-2025-38494: HID: core: d...

AZL-73557 CVE-2025-38528 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: bpf: Reject %p% format string in bprintf-like helpers static const char fmt = "%p%"; bpftraceprintkfmt, sizeoffmt; The above BPF program isn't rejected and causes a kernel warning at runtime: Please remove unsupported %\x00 in...

Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Access Control Rules Bypass Vulnerability

A vulnerability in the implementation of access control rules for loopback interfaces in Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to send traffic that should have been block...

CVE-2025-55193 Active Record logging vulnerable to ANSI escape injection

Active Record connects classes to relational database tables. Prior to versions 7.1.5.2, 7.2.2.2, and 8.0.2.1, the ID passed to find or similar methods may be logged without escaping. If this is directly to the terminal it may include unescaped ANSI sequences. This issue has been patched in...

ROOT-OS-DEBIAN-12-CVE-2025-53020 CVE-2025-53020 in rootio-apache2 - Patched by Root

Root has patched CVE-2025-53020 in the rootio-apache2 package for Root:Debian:12. Multiple fixed versions available...

Debian: Security Advisory (DSA-5973-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-8518

A vulnerability was found in givanz Vvveb 1.0.5. It has been rated as critical. Affected by this issue is the function Save of the file admin/controller/editor/code.php of the component Code Editor. The manipulation leads to code injection. The attack may be launched remotely. The exploit has bee...

SUSE CVE-2025-53901

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0.2, and 34.0.2, a bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host embedder. The specific bug is triggered by calling pathopen after calling...