[SECURITY] Fedora 43 Update: ruff-0.11.5-7.fc43

An extremely fast Python linter and code formatter, written in Rust. Ruff aims to be orders of magnitude faster than alternative tools while integrating more functionality behind a single, common interface. Ruff can be used to replace Flake8 plus dozens of plugins, Black, isort, pydocstyle,...

[SECURITY] Fedora 43 Update: uv-0.8.11-2.fc43

An extremely fast Python package installer and resolver, written in Rust. Designed as a drop-in replacement for common pip and pip-tools workflows. Highlights: =E2=80=A2 =E2=9A=96=EF=B8=8F Drop-in replacement for common pip, pip-tools, and virtualenv commands. =E2=80=A2 =E2=9A=A1=EF=B8=8F 10-100x...

[SECURITY] Fedora 42 Update: uv-0.8.11-2.fc42

An extremely fast Python package installer and resolver, written in Rust. Designed as a drop-in replacement for common pip and pip-tools workflows. Highlights: =E2=80=A2 =E2=9A=96=EF=B8=8F Drop-in replacement for common pip, pip-tools, and virtualenv commands. =E2=80=A2 =E2=9A=A1=EF=B8=8F 10-100x...

DEBIAN-CVE-2025-39751

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/ca0132: Fix buffer overflow in addtuningcontrol The 'sprintf' call in 'addtuningcontrol' may exceed the 44-byte buffer if either string argument is too long. This triggers a compiler warning. Replaced 'sprintf' with...

SUSE-SU-2025:03169-1 Security update for regionServiceClientConfigAzure

This update for regionServiceClientConfigAzure contains the following fixes: - Update to version 3.0.0. bsc1246995 + SLE 16 python-requests requires SSL v3 certificates. Update 2 region server certs to support SLE 16 when it gets released. - Update dependency name for metadata package, name chang...

CVE-2025-57392

BenimPOS Masaustu 3.0.x is affected by insecure file permissions. The application installation directory grants Everyone and BUILTIN\Users groups FILEALLACCESS, allowing local users to replace or modify .exe and .dll files. This may lead to privilege escalation or arbitrary code execution upon...

CVE-2025-57392

BenimPOS Masaustu 3.0.x is affected by insecure file permissions. The installation directory grants Everyone and BUILTIN\Users FILE_ALL_ACCESS, enabling local users to replace or modify .exe/.dll files. This can lead to privilege escalation or arbitrary code execution on launch by another user or...

Security update for regionServiceClientConfigAzure

This update for regionServiceClientConfigAzure contains the following fixes: Update to version 3.0.0.bsc1246995 SLE 16 python-requests requires SSL v3 certificates. Update 2 region server certs to support SLE 16 when it gets released. Update dependency name for metadata package, name change in SL...

New Docker Malware Strain Spotted Blocking Rivals on Exposed APIs

Akamai finds new Docker malware blocking rivals on exposed APIs, replacing cryptominers with tools that hint at early botnet development...

Description of the security update for Office 2016: September 09, 2025 (KB5002762)

Description of the security update for Office 2016: September 09, 2025 KB5002762 Summary This security update resolves a Microsoft Excel information disclosure vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2025-54901.​​​​​​​​​​ Note: ...

.NET 8.0 Update - September 9, 2025 (KB5066233)

.NET 8.0 Update - September 9, 2025 KB5066233 .NET 8.0 has been refreshed with the latest update as of September 9, 2025. This update contains non-security fixes. See the release notes for details about updated packages..NET 8.0 servicing updates are upgrades. The latest servicing update for 8.0...

@akoskm/create-mcp-server-stdio is vulnerable to MCP Server Command Injection through `exec` API

Command Injection in MCP Server The MCP Server at https://github.com/akoskm/create-mcp-server-stdio is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. Vulnerable tool The MCP Server exposes the to...

CVE-2025-39733 team: replace team lock with rtnl lock

In the Linux kernel, the following vulnerability has been resolved: team: replace team lock with rtnl lock syszbot reports various ordering issues for lower instance locks and team lock. Switch to using rtnl lock for protecting team device, similar to bonding. Based on the patch by Tetsuo Handa...

defusedxml

This is a Python library called defusedxml, which is designed to prevent XML bomb denial of service DoS vulnerabilities. The library provides a facade for the xml.etree.ElementTree module, which is a built-in Python module for parsing and creating XML documents. The library is maintained by...

CVE-2025-56139

LinkedIn Mobile Application for Android version 4.1.1087.2 fails to update link preview metadata image, title, description when a user replaces the original URL in a post or comment before publishing. As a result, the stale preview remains visible while the clickable link points to a different UR...

CVE-2025-9696

The SunPower PVS6's BluetoothLE interface is vulnerable due to its use of hardcoded encryption parameters and publicly accessible protocol details. An attacker within Bluetooth range could exploit this vulnerability to gain full access to the device's servicing interface. This access allows the...

CVE-2025-56139

LinkedIn Mobile Application for Android version 4.1.1087.2 fails to update link preview metadata image, title, description when a user replaces the original URL in a post or comment before publishing. As a result, the stale preview remains visible while the clickable link points to a different UR...

CVE-2025-56139

Summary: CVE-2025-56139 concerns LinkedIn Mobile Application for Android, version 4.1.1087.2. The vulnerability arises because the app does not update link preview metadata (image, title, description) when a user replaces the original URL in a post or comment prior to publishing. As a result, a s...

Linux Distros Unpatched Vulnerability : CVE-2023-22911

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML...

CVE-2025-9696

The SunPower PVS6's BluetoothLE interface is vulnerable due to its use of hardcoded encryption parameters and publicly accessible protocol details. An attacker within Bluetooth range could exploit this vulnerability to gain full access to the device's servicing interface. This access allows the...