SUSE CVE-2025-6490

A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833 and classified as problematic. This issue affects the function hashmapsetwithhash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approach...

CVE-2025-52488

Summary (CVE-2025-52488) Affected: DNN Platform (formerly DotNetNuke), versions 6.0.0 up to before 10.0.1.Root cause: A specially crafted interaction vulnerability allows NTLM hashes to be disclosed to a third‑party SMB server via Unicode path normalization.Impact: Unauthenticated attackers could...

CVE-2025-52464

Meshtastic is an open source mesh networking solution. In versions from 2.5.0 to before 2.6.11, the flashing procedure of several hardware vendors was resulting in duplicated public/private keys. Additionally, the Meshtastic was failing to properly initialize the internal randomness pool on some...

CVE-2022-50035

CVE-2022-50035 affects the Linux kernel DRM AMDGPU path. The issue is a use-after-free in amdgpu_bo_list mutex handling caused by double-unlocking of bo_list_mutex when amdgpu_cs_vm_handling returns non-zero, which can lead to a refcount underflow (as shown in the trace). The vulnerability is dem...

RHEL 7 / 8 / 9 : Red Hat JBoss Enterprise Application Platform 7.4.22 (RHSA-2025:9115)

The remote Redhat Enterprise Linux 7 / 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:9115 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchrono...

GHSA-59W6-R9HM-439H XWiki does not require right warnings for XClass definitions

Impact When an attacker without script or programming right creates an XClass definition in XWiki requires edit right, and that same document is later edited by a user with script, admin, or programming right, malicious code could be executed with the rights of the editing user without prior...

Security update for helm

This update for helm fixes the following issues: help was updated to version 3.17.3: Helm v3.17.3 is a security patch release. Users are strongly recommended to update to this release. Changelog Unarchiving fix e4da497 Matt Farina Patch Instructions: To install this SUSE update use the SUSE...

Medium: screen

Issue Overview: TTY Hijacking while Attaching to a Multiuser Session in the screen package Has potential to break some reattach use cases, but the specific use case was broken already before. screen in Debian not installed setuid or setgid DEBIANBUG: 1105191 Info:...

CWA-2025-006: wasmd's improper error handling may lead to IBC channel opening despite error

CWA-2025-006: Improper error handling may lead to IBC channel opening despite error Severity High Considerable + Likely^1 Affected versions: - wasmd 0.60.0 - wasmd = 0.51.0 0.55.1 Patched versions: - wasmd 0.60.1, 0.55.1, 0.54.1, 0.53.3 Description of the bug A contract erroring during IBC channe...

GHSA-79XG-Q4QM-7V9W CWA-2025-006: wasmd's improper error handling may lead to IBC channel opening despite error

CWA-2025-006: Improper error handling may lead to IBC channel opening despite error Severity High Considerable + Likely^1 Affected versions: - wasmd 0.60.0 - wasmd = 0.51.0 0.55.1 Patched versions: - wasmd 0.60.1, 0.55.1, 0.54.1, 0.53.3 Description of the bug A contract erroring during IBC channe...

Important: kernel-livepatch-6.12.20-23.97

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ext4: fix OOB read when checking dotdot dir CVE-2025-37785 Affected Packages: kernel-livepatch-6.12.20-23.97 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

CVE-2025-29785

quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different...

DEBIAN-CVE-2025-37998

In the Linux kernel, the following vulnerability has been resolved: openvswitch: Fix unsafe attribute parsing in outputuserspace This patch replaces the manual Netlink attribute iteration in outputuserspace with nlaforeachnested, which ensures that only well-formed attributes are processed...

SUSE-SU-2025:01551-1 Security update for go1.24

This update for go1.24 fixes the following issues: Update to go1.24.3 bsc1236217: Security fixes: - CVE-2025-22873: Fixed os.Root permits access to parent directory bsc1242715 Changelog: go73556 go73555 security: fix CVE-2025-22873 os: Root permits access to parent directory go73082 os: Root.Open...

Security update for postgresql13

This update for postgresql13 fixes the following issues: Upgrade to 13.21: CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation bsc1242931 Changelog: https://www.postgresql.org/docs/release/13.21/ Patch Instructions: T...

CVE-2025-24363

The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.8.9, in CI contexts, the IG Publisher CLI uses git commands to determine the URL of the originating repo. If the repo was cloned, or otherwise set to use a repo that uses a username and...

CVE-2024-25582

Module savepoints could be abused to inject references to malicious code delivered through the same domain. Attackers could perform malicious API requests or extract information from the users account. Exploiting this vulnerability requires temporary access to an account or successful social...

CVE-2024-38369

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The content of a document included using include reference="targetdocument"/ is executed with the right of the includer and not with the right of its author. This means that any user able to...

CVE-2024-23189

Embedded content references at tasks could be used to temporarily execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to the users account, access to another account within the same context or an successful social engineering...

CVE-2024-42474

Streamlit is a data oriented application development framework for python. Snowflake Streamlit open source addressed a security vulnerability via the static file sharing feature. Users of hosted Streamlit apps on Windows were vulnerable to a path traversal vulnerability when the static file shari...