[SECURITY] Fedora 42 Update: python3.10-3.10.18-1.fc42

Python 3.10 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.10 package provides the "python3.10" executable:...

PT-2025-25438 · Xwiki · Xwiki

Name of the Vulnerable Software and Affected Versions: XWiki versions prior to 16.4.7 XWiki versions prior to 16.10.3 XWiki versions prior to 17.0.0 Description: The issue allows any XWiki user with edit rights on at least one App Within Minutes application to obtain programming rights and perfor...

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

Fortinet FortiPortal 安全漏洞

Fortinet FortiPortal is an advanced, feature-rich hosted security analysis and management support tool for Fortinet's FortiGate, FortiWiFi and FortiAP product lines, available as a virtual machine for MSPs. A security vulnerability in Fortinet FortiPortal versions 7.4.0, 7.2.0 through 7.2.5, and...

perl-fcgi: FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library

A flaw was found in the FCGI library. In affected versions, specially crafted nameLen or valueLen values in data sent to the IPC socket may result in a heap-based buffer overflow, which can cause an application crash or other undefined behavior. This occurs in ReadParams in fcgiapp.c...

Exploit for CVE-2025-22870

PoC – CVE-2025-22870 – HTTP Proxy Bypass via IPv6 Zone ID in G...

CVE-2025-5658

creationtimestamp| type| source ---|---|--- 2025-06-05 13:07:19+00:00| seen| https://bsky.app/profile/FunctionalProgramming.activitypub.awakari.com.ap.brid.gy/post/3lquf5626ucp2 2025-06-05 15:01:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lqullw7j262m...

CVE-2025-5653

creationtimestamp| type| source ---|---|--- 2025-06-05 11:45:36+00:00| seen| https://bsky.app/profile/FunctionalProgramming.activitypub.awakari.com.ap.brid.gy/post/3lquak36pkv42...

RHEL 10 : delve and golang (RHSA-2025:7466)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:7466 advisory. Delve is a debugger for the Go programming language. The goal of the project is to provide a simple, full featured debugging tool for Go...

Demystifying Myth Stealer: A Rust Based InfoStealer

Demystifying Myth Stealer: A Rust Based InfoStealer By Niranjan Hegde, Vasantha Lakshmanan Ambasankar and Adarsh S · June 5, 2025 Introduction During regular proactive threat hunting, the Trellix Advanced Research Center identified a fully undetected infostealer malware sample written in Rust. Up...

Moderate: Red Hat Security Advisory: golang security update

An update for golang is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

ALSA-2025:8477 Moderate: golang security update

The golang packages provide the Go programming language compiler. Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

CVE-2025-5508

creationtimestamp| type| source ---|---|--- 2025-06-03 17:33:04+00:00| seen| https://bsky.app/profile/FunctionalProgramming.activitypub.awakari.com.ap.brid.gy/post/3lqpt3pv422j2 2025-06-03 18:46:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lqpxaw2htm2m...

CVE-2025-25020

IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an authenticated user to cause a denial of service due to improperly validating API data input...

Low: python36:3.6 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2025-977)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-977 advisory. A directory traversal vulnerability was discovered in the Go programming language's os package in versions prior to 1.24.3. The vulnerability allows improper access to the parent directory of an os.Root...

[SECURITY] Fedora 41 Update: ruff-0.11.5-2.fc41

An extremely fast Python linter and code formatter, written in Rust. Ruff aims to be orders of magnitude faster than alternative tools while integrating more functionality behind a single, common interface. Ruff can be used to replace Flake8 plus dozens of plugins, Black, isort, pydocstyle,...

SUSE CVE-2025-47933

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.13.8, 2.14.13, and 3.0.4, an attacker can perform arbitrary actions on behalf of the victim via the API. Due to the improper filtering of URL protocols in the repository page, an attacker can achieve...

Hush! Protecting Secrets during Model Training: an Indistinguishability Approach

We consider the problem of secret protection, in which a business or organization wishes to train a model on their own data, while attempting to not leak secrets potentially contained in that data via the model. The standard method for training models to avoid memorization of secret information i...

ALPINE-CVE-2025-32801

Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through...