CVE-2025-22870

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

UBUNTU-CVE-2025-22870

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

gitea -- Multiple vulnerabilities

[email protected] reports: Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied. go-redis ...

PT-2025-22230

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A potential lockup issue in the Linux kernel has been identified and resolved. The problem occurs in the st lsm6dsx read tagged fifo function when pattern len is equal to zero and the...

GHSA-GVGG-2R3R-53X7 Improper Authorization in Keycloak Organization Mapper Allows Unauthorized Organization Claims

This vulnerability is caused by the improper mapping of users to organizations based solely on email/username patterns. The issue is limited to the token claim level, meaning the user is not truly added to the organization but may appear as such in applications relying on these claims. The risk...

Improper Authorization in Keycloak Organization Mapper Allows Unauthorized Organization Claims

This vulnerability is caused by the improper mapping of users to organizations based solely on email/username patterns. The issue is limited to the token claim level, meaning the user is not truly added to the organization but may appear as such in applications relying on these claims. The risk...

CLSA-2025-1741215702 libxml2: Fix of CVE-2025-27113

CVE-2025-27113: fix NULL pointer dereference in xmlPatMatch in pattern.c...

Security update for haproxy

This update for haproxy fixes the following issues: Update to version 2.8.11+git0.01c1056a4: VUL-0: CVE-2024-53008: haproxy: HTTP/3 request smuggling via malformed HTTP headers forwarded to a HTTP/1.1 non-compliant back-end server bsc1233973 BUG/MINOR: cfgparse-listen: fix option httpslog overrid...

Malicious code in pattern-picker (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-1912 Malicious code in pattern-picker (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in page-pattern-modal (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-1911 Malicious code in page-pattern-modal (npm)

--- -= Per source details. Do not edit below this line.=-...

Security update for libxml2

This update for libxml2 fixes the following issues: CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c bsc1237363. CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c bsc1237370. CVE-2025-27113: NULL pointer...

Security update for libxml2

This update for libxml2 fixes the following issues: CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c bsc1237363. CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c bsc1237370. CVE-2025-27113: NULL pointer...

OESA-2025-1225 libxml2 security update

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

CVE-2024-57991 wifi: rtw89: chan: fix soft lockup in rtw89_entity_recalc_mgnt_roles()

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: chan: fix soft lockup in rtw89entityrecalcmgntroles During rtw89entityrecalcmgntroles, there is a normalizing process which will re-order the list if an entry with target pattern is found. And once one is found, shou...

GHSA-RQ4W-CJRR-H8W8 Duplicate Advisory: Keycloak allows Incorrect Assignment of an Organization to a User

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gvgg-2r3r-53x7. This link is maintained to preserve external references. Original Description A flaw was found in the Keycloak organization feature, which allows the incorrect assignment of an organization to a...

Keycloak 访问控制错误漏洞

Keycloak is an open source identity and access management solution from Keycloak Open Source. Keycloak suffers from an access control error vulnerability that stems from a user-organization domain pattern mismatch in the organization function. An attacker exploiting this vulnerability could be...

CVE-2025-25205 Remote Authentication-Bypass can lead to server crash or limited information disclosure due to faulty pattern matching

Audiobookshelf is a self-hosted audiobook and podcast server. Starting in version 2.17.0 and prior to version 2.19.1, a flaw in the authentication bypass logic allows unauthenticated requests to match certain unanchored regex patterns in the URL. Attackers can craft URLs containing substrings lik...

EulerOS 2.0 SP12 : busybox (EulerOS-SA-2025-1185)

According to the versions of the busybox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate...