Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: tomcat (UTSA-2025-991023)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991023 advisory. Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded...

PT-2025-40308

Name of the Vulnerable Software and Affected Versions risc0-zkvm-platform versions 2.0.2 and below risc0-aggregation versions below 0.9 risc0-zkos-v1compat versions below 2.1.0 risc0-zkvm versions 3.0.0-rc.1 through 3.0.1 Description The software contains a flaw related to memory safety in the sy...

Apache CXF: Untrusted JMS configuration can lead to RCE

If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility. Users are recommended to upgrade to versions 3.6.8...

Open Redirect

Overview github.com/grafana/grafana/pkg/middleware is a The open-source platform for monitoring and observability. Affected versions of this package are vulnerable to Open Redirect via the organization switching process. An attacker can redirect users to arbitrary external sites by crafting a...

CVE-2025-48888

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.41.3 and prior to versions 2.1.13, 2.2.13, and 2.3.2, deno run --allow-read --deny-read main.ts results in allowed, even though 'deny' should be stronger. The result is the same with all global unary permissions give...

CVE-2024-25119

TYPO3 is an open source PHP based web content management system released under the GNU GPL. The plaintext value of $GLOBALS'SYS''encryptionKey' was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic hashes...

GitLab 17.1 < 17.10.7 / 17.11 < 17.11.3 / 18.0 < 18.0.1 (CVE-2025-0679)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions from 17.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Under certain conditions un-authorised users can view full...

PT-2025-52559

Name of the Vulnerable Software and Affected Versions MediaWiki versions prior to 1:1.39.17-1deb12u1 MediaWiki versions prior to 1:1.43.6+dfsg-1deb13u1 Description Several security weaknesses exist in MediaWiki, a collaborative website engine. These issues could lead to cross-site scripting,...

CVE-2024-52517

CVE-2024-52517 affects Nextcloud Server (and Enterprise Server) where, after storing global credentials for external storage, the API returns them and injects them into the frontend, enabling plaintext read by someone with an active user session. This information disclosure risk is limited to use...

SUSE CVE-2024-37884

Nextcloud Server is a self hosted personal cloud system. A malicious user was able to send delete requests for old versions of files they only got shared with read permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3 and that the Nextcloud Enterprise...

PT-2024-40245 · Ez Systems · Ez Platform

Name of the Vulnerable Software and Affected Versions: eZ Platform versions 2.x Description: The issue affects the password reset functionality in the eZ Platform Admin UI, making it vulnerable to brute force attacks. Depending on the configuration, an attacker may exploit this to gain control ov...

PT-2023-13432 · Isc · Bind 9

Name of the Vulnerable Software and Affected Versions: BIND 9 versions 9.11.4-S1 through 9.11.37-S1 BIND 9 versions 9.16.8-S1 through 9.16.36-S1 Description: The issue arises when processing repeated responses to the same query, where both responses contain ECS pseudo-options, but the first...

FAQ: Citrix Secure Hub for Mobile Devices and MicroVPN Technology

Citrix Endpoint Management, using technology formerly called XenMobile This article contains frequently asked questions about MicroVPN with XenMobile App or Enterprise editions and NetScaler Gateway deployments. Q: What are the recommended versions of components for MicroVPN? Q: What is MicroVPN?...

PT-2018-3143 · Python +6 · Python +6

Name of the Vulnerable Software and Affected Versions: Python versions prior to 2.7.15 Python versions prior to 3.4.9 Python versions prior to 3.5.6rc1 Python versions prior to 3.6.5rc1 Python versions prior to 3.7.0 Description: The issue is related to catastrophic backtracking in the difflib.IS...