kernel: tls: fix handling of zero-length records on the rx_list

In the Linux kernel, the following vulnerability has been resolved: tls: fix handling of zero-length records on the rxlist Each recvmsg call must process either - only contiguous DATA records any number of them - one non-DATA record If the next record has different type than what has already been...

CVE-2025-12343

A flaw was found in FFmpeg’s TensorFlow backend within the libavfilter/dnnbackendtf.c source file. The issue occurs in the dnnexecutemodeltf function, where a task object is freed multiple times in certain error-handling paths. This redundant memory deallocation can lead to a double-free conditio...

CVE-2025-12246 chatwoot Admin IframeLoader.vue cross site scripting

A security flaw has been discovered in chatwoot up to 4.7.0. This issue affects some unknown processing of the file app/javascript/shared/components/IframeLoader.vue of the component Admin Interface. The manipulation of the argument Link results in cross site scripting. The attack can be executed...

Advisory ROSA-SA-2025-3042

Software: gnutls 3.6.16 OS: ROSA Virtualization 3.0 unaffected versions = gnutls-3.6.16-8.0.0.1.rv30.4 affected versions gnutls-3.6.16-8.0.1.1.rv30.4 CVE-ID: CVE-2024-12243 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in GnuTLS when processing ASN.1 data via libtasn1 could result in...

Fedora: Security Advisory (FEDORA-2025-568b5b6ddc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Siemens SIMATIC Devices Use After Free (CVE-2024-42302)

In the Linux kernel, the following vulnerability has been resolved: PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal Keith reports a use-after-free when a DPC event occurs concurrently to hot- removal of the same portion of the hierarchy: The dpchandler awaits readiness of the...

Medium: java-17-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 a...

Fedora 41 : perl-YAML-Syck (2025-568b5b6ddc)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-568b5b6ddc advisory. This update addresses a flaw in which processing a specially-crafted YAML document could lead to accessing information outside of the document itself and hen...

EUVD-2025-35896

Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS bc-fips on All API modules, Legion of the Bouncy Castle Inc. Bouncy Castle for Java LTS bcprov-lts8on on All API modules allows Excessive Allocation. This vulnerability is associated wi...

com.github.cafaudit:caf-audit-binding-elasticsearch (>=5.0.3-1321 <=5.0.4-1329), com.github.cafaudit:caf-audit-monkey-container (>=5.0.3-1321 <=5.0.4-1329) +80 more potentially affected by CVE-2025-12194 via org.bouncycastle:bc-fips (>=2.1.0 <=2.1.1)

org.bouncycastle:bc-fips MAVEN version =2.1.0, =5.0.3-1321, =5.0.3-1321, =5.0.3-1321, =5.0.3-1321, =3.1.2-822, =3.1.2-822, =3.1.2-822, =3.1.2-822, =4.10.0, =4.10.0, =4.10.0, =4.10.0, =4.10.0, =4.10.2 and more Source cves: CVE-2025-12194 Source advisory:...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : poppler (SUSE-SU-2025:3779-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3779-1 advisory. - CVE-2025-43718: fixed uncontrolled recursion in the regex-based metadata parser when processin...

Security update for ruby2.5

This update for ruby2.5 fixes the following issues: CVE-2025-24294: resolv: insufficient checks on the length of a decompressed domain name when processing a DNS packet can lead to a denial of service due to excessive resource consumption bsc1246430. Patch Instructions: To install this SUSE updat...

Exploit for Missing Authentication for Critical Function in Langflow

CVE-2025-3248 Langflow RCE Scanner A Python tool designed to...

CVE-2025-10705

The MxChat – AI Chatbot for WordPress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.4.6. This is due to insufficient validation of user-supplied URLs in the PDF processing functionality. This makes it possible for unauthenticated...

EulerOS 2.0 SP13 : libxml2 (EulerOS-SA-2025-2301)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML...

PT-2025-43686

Name of the Vulnerable Software and Affected Versions Bouncy Castle for Java FIPS versions 2.1.0 through 2.1.1 Bouncy Castle for Java LTS versions 2.73.0 through 2.73.7 Description An uncontrolled resource consumption issue exists in Bouncy Castle for Java FIPS and Bouncy Castle for Java LTS. The...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libsoup (SUSE-SU-2025:3753-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:3753-1 advisory. - CVE-2025-11021: Ignored invalid date when processing cookies to prevent out-of-bounds read bsc1250562...

SUSE CVE-2025-62706

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib's JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable...

CLSA-2025-1761261543 Fix CVE(s): CVE-2024-56171

SECURITY UPDATE: use-after-free vulnerability in XML schema processing - debian/patches/CVE-2024-56171.patch: Fix use-after-free after xmlSchemaItemListAdd in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables - CVE-2024-56171...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when processing JSON payloads before applying rate limits. An attacker can cause service disruption by sending specially crafted JSON payloads that bypass rate limiting. Note: This is...