OESA-2025-2814 libvirt security update

Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the libvirtd server exporting the virtualization support. Security Fixes: A flaw was discovered in libvirt in the XML file processing. More specifically, t...

OESA-2025-2812 libvirt security update

Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the libvirtd server exporting the virtualization support. Security Fixes: A flaw was discovered in libvirt in the XML file processing. More specifically, t...

PT-2025-51022

Name of the Vulnerable Software and Affected Versions macOS versions prior to Sonoma 14.8.3 macOS versions prior to Sequoia 15.7.3 Description A flaw exists in macOS that could allow a file processing operation to cause memory corruption. Recommendations Update to macOS Sonoma version 14.8.3 or...

UBUNTU-CVE-2025-64702

quic-go is an implementation of the QUIC protocol in Go. Versions 0.56.0 and below are vulnerable to excessive memory allocation through quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large header field section many unique header...

resolv: Denial of Service in resolv gem

A denial of service flaw was found in resolv ruby gem. This flaw allows an attacker to craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses this packet, the name decompression process consumes a large amount of CPU resources, as the library does...

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the evaluation of credential values in non-POSIX shell environments. An attacker can execute arbitrary commands on the operator's device by crafting malicious credential values in infrastructure Secret...

CVE-2025-58408

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger reads of stale data that can lead to kernel exceptions and write use-after-free. The Use After Free common weakness enumeration was chosen as the stale data can include handles to resources in whi...

CVE-2025-44016 File Hash Validation Bypass in NomadBranch.exe

A vulnerability in TeamViewer DEX Client former 1E client - Content Distribution Service NomadBranch.exe prior version 25.11 for Windows allows malicious actors to bypass file integrity validation via a crafted request. By providing a valid hash for a malicious file, an attacker can cause the...

USN-7924-1 libpng1.6 vulnerabilities

It was discovered that libpng incorrectly handled memory when processing certain PNG files, which could result in an out-of-bounds memory access. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash,...

EUVD-2025-202636

NULL-pointer dereference vulnerabilities in Aqara Hub M2 4.3.60027, Hub M3 4.3.60025, and Camera Hub G3 4.1.90027 in the JSON processing enable denial-of-service attacks through malformed JSON inputs...

CVE-2025-63365

SoftSea EPUB File Reader 1.0.0.0 is vulnerable to Directory Traversal. The vulnerability resides in the EPUB file processing component, specifically in the functionality responsible for extracting and handling EPUB archive contents...

EulerOS 2.0 SP13 : libtiff (EulerOS-SA-2025-2524)

According to the versions of the libtiff package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw has been found in LibTIFF 4.7.0. This affects the function TIFFmallocExt/TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file...

(0Day) PDFsam Enhanced XLS File Insufficient UI Warning Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDFsam Enhanced. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of...

FreeBSD : Gitlab -- vulnerabilities (c6c9306e-d645-11f0-8ce2-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the c6c9306e-d645-11f0-8ce2-2cf05da270f3 advisory. Gitlab reports: Cross-site scripting issue in Wiki impacts GitLab CE/EE Improper encoding in...

(0Day) pdfforge PDF Architect DOC File Insufficient UI Warning Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of pdfforge PDF Architect. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2025-2464)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : scsi: qla2xxx: Fix warning message due to adisc being flushedCVE-2022-49158 scsi: qla2xxx: Implement ref count for SRBCVE-2022-49159 tcp: add...

PT-2025-50605

Apache Struts 2 DoS Flaw CVE-2025-66675 Risks Server Crash via File Leak in Multipart Request Processing https://securityonline.info/apache-struts-2-dos-flaw-cve-2025-66775-risks-server-crash-via-file-leak-in-multipart-request-processing/...

tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service

A denial of service flaw has been discovered in Apache Tomcat. If an error occurred including exceeding limits during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete...

Security Bulletin: A vulnerability in RedHat UBI affects IBM Robotic Process Automation for Cloud Pak and may result in denial of service (CVE-2024-12243).

Summary A vulnerability in RedHat UBI affects IBM Robotic Process Automation for Cloud Pak and may result in a denial of service. RedHat UBI is used as base imaged for IBM Robotic Process Automation for Cloud Pak images. This bulletin identifies the fixes required to address this vulnerability...

EUVD-2025-202417

Apache Struts has a Denial of Service vulnerability...