CVE-2025-53605

CVE-2025-53605 affects the Rust protobuf crate prior to 3.7.2. The issue is uncontrolled recursion in protobuf::coded_input_stream::CodedInputStream::skip_group when parsing unknown fields from untrusted input, with impact described as availability-related in the CVSS metrics. Connected advisorie...

CVE-2024-58254

CVE-2024-58254 is rejected/not used; reference CVE-2024-11738 instead.

SUSE CVE-2025-3611

Mattermost versions 10.7.x = 10.7.0, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fails to properly enforce access control restrictions for System Manager roles, allowing authenticated users with System Manager privileges to view team details they should not have access to via direct API requests to team...

CVE-2025-49070 WordPress Elessi < 6.4.1 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in NasaTheme Elessi elessi-theme allows PHP Local File Inclusion.This issue affects Elessi: from n/a through 6.4.1...

We Urgently Need Privilege Management in MCP: a Measurement of API Usage in MCP Ecosystems

The Model Context Protocol MCP has emerged as a widely adopted mechanism for connecting large language models to external tools and resources. While MCP promises seamless extensibility and rich integrations, it also introduces a substantially expanded attack surface: any plugin can inherit broad...

ROS-20250703-06

A vulnerability in the mpmathify function of the mpmath library of the Python programming language interpreter is related to the unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service ReDos. remotely to cause a deni...

ROS-20250703-02

A vulnerability in the Go programming language is related to improper syntax correctness checking of input. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service...

CGI: Denial of Service in CGI::Cookie.parse

A flaw was found in Ruby's CGI gem. Processing specially crafted large cookies with the CGI::Cookie.parse method can cause excessive resource consumption due to a missing limit on the length of the raw cookie value, resulting in a denial of service...

Important: python3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

ROS-20250630-12

A vulnerability in the Golang programming language is related to an insecure reference following issue OCREATE and OEXCL when processing symbolic links. Exploitation of the vulnerability could allow an attacker to escalate privileges on the system. The vulnerability in the Golang programming...

One Identity OneLogin AD Connector 安全漏洞

One Identity OneLogin AD Connector is a connector software from One Identity USA. A security vulnerability exists in One Identity OneLogin AD Connector versions prior to 6.1.5 that originates in the /api/adc/v4/configuration endpoint resulting in information disclosure...

Improper Authorization

Overview org.graylog2:graylog2-server is a log management platform. Affected versions of this package are vulnerable to Improper Authorization via an incorrect permission check in the token creation process. An attacker can gain elevated privileges by crafting requests to the REST API and creatin...

[SECURITY] Fedora 41 Update: python3.13-3.13.5-1.fc41

Python 3.13 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries...

[SECURITY] Fedora 41 Update: python3-docs-3.13.5-1.fc41

The python3-docs package contains documentation on the Python 3 programming language and interpreter...

[SECURITY] Fedora 42 Update: python3.13-3.13.5-1.fc42

Python 3.13 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries...

CVE-2025-32298 WordPress CTUsers plugin <= 1.0.0 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Case-Themes CTUsers ctuser allows PHP Local File Inclusion.This issue affects CTUsers: from n/a through = 1.0.0...

CVE-2025-52729

CVE-2025-52729 is a Local File Inclusion vulnerability in the Diza WordPress theme (thembay) via improper control of filenames for PHP include/require. Affected versions are Diza

UBUNTU-CVE-2025-1754

An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed unauthenticated attackers to upload arbitrary files to public projects by sending crafted API requests, potentially leading to resource...

Cisco ISE and ISE-PIC Injection Vulnerabilities

Cisco ISE and Cisco ISE-PIC are both products of the U.S. Cisco Cisco.Cisco ISE is the identity services engine introduced by Cisco, mainly used for network access control and security management.Cisco ISE-PIC is the passive identity connector of the Cisco Identity Services Engine, which is mainl...

What LLMs Know About Their Users

Simon Willison talks about ChatGPT's new memory dossier feature. In his explanation, he illustrates how much the LLM--and the company--knows about its users. It's a big quote, but I want you to read it all. Here's a prompt you can use to give you a solid idea of what's in that summary. I first sa...