CVE-2025-15099

A vulnerability was identified in simstudioai sim up to 0.5.27. This vulnerability affects unknown code of the file apps/sim/lib/auth/internal.ts of the component CRON Secret Handler. The manipulation of the argument INTERNALAPISECRET leads to improper authentication. It is possible to initiate t...

CVE-2022-50727

In the Linux kernel, the following vulnerability has been resolved: scsi: efct: Fix possible memleak in efctdeviceinit In efctdeviceinit, when efctscsiregfctransport fails, efctscsitgtdriverexit is not called to release memory for efctscsitgtdriverinit and causes memleak: unreferenced object...

CLSA-2025-1766567499 Fix CVE(s): CVE-2020-1472

SECURITY UPDATE: elevation of privilege vulnerability - debian/patches/CVE-2020-1472.patch: fix vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol MS-NRPC - CVE-2020-1472...

CVE-2025-68696

httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd...

Security Bulletin: TSSC/IMC is vulnerable to an Out-of-bounds Read

Summary TSSC/IMC is vulnerable to an Out-of-bounds Read. A patch was released to update the libssh package. Vulnerability Details CVEID:CVE-2025-5318 DESCRIPTION: A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftphandle function...

Security Bulletin: TSSC/IMC is affected to an Acceptance of Extraneous Untrusted Data With Trusted Data

Summary TSSC/IMC is affected to an Acceptance of Extraneous Untrusted Data With Trusted Data. A patch was released to update the bind package. Vulnerability Details CVEID:CVE-2025-40778 DESCRIPTION: Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an...

GHSA-C4P6-QG4M-9JMR KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential

Impact An Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault authentication. The vulnerability stems from an incorrect or insufficient path validation when loading the Service Account...

CVE-2025-15013

This CVE pertains to floooh sokol (sokol_gfx.h) and a stack-based buffer overflow in the _sg_validate_pipeline_desc function. Affected versions are those prior to the commit 5d11344150973f15e16d3ec4ee7550a73fb995e0, with exploitation requiring local access. An publicly available exploit exists, a...

Moderate: Red Hat Security Advisory: grafana security update

An update for grafana is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

CVE-2025-14953

A flaw has been found in Open5GS up to 2.7.5. This impacts the function ogspfcphandlecreatepdr in the library lib/pfcp/handler.c of the component FAR-ID Handler. Executing a manipulation can lead to null pointer dereference. The attack may be performed from remote. The attack requires a high leve...

CVE-2025-68613

n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution RCE vulnerability in their workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated...

CVE-2025-68481

CVE-2025-68481 affects FastAPI Users. Before 15.0.2, OAuth state tokens are generated with an empty state_data, making the JWT contain only a fixed audience and expiry. The callback checks the state JWT but does not tie it to the user session, lacks a correlation cookie or server-side cache, and ...

CVE-2025-14954

Open5GS up to 2.7.6 is affected by an assertion-triggering flaw in the QER/FAR/URR/PDR context (lib/pfcp/context.c): ogs_pfcp_pdr_find_or_add/ogs_pfcp_far_find_or_add/ogs_pfcp_urr_find_or_add/ogs_pfcp_qer_find_or_add. The issue allows remote initiation and is triggered by manipulating these PFCP ...

CVE-2025-14953 Open5GS FAR-ID handler.c ogs_pfcp_handle_create_pdr null pointer dereference

A flaw has been found in Open5GS up to 2.7.5. This impacts the function ogspfcphandlecreatepdr in the library lib/pfcp/handler.c of the component FAR-ID Handler. Executing a manipulation can lead to null pointer dereference. The attack may be performed from remote. The attack requires a high leve...

CVE-2025-14953 Open5GS FAR-ID handler.c ogs_pfcp_handle_create_pdr null pointer dereference

A flaw has been found in Open5GS up to 2.7.5. This impacts the function ogspfcphandlecreatepdr in the library lib/pfcp/handler.c of the component FAR-ID Handler. Executing a manipulation can lead to null pointer dereference. The attack may be performed from remote. The attack requires a high leve...

[SECURITY] Fedora 43 Update: mingw-libpng-1.6.53-1.fc43

MinGW Windows Libpng library...

PT-2025-52398

Name of the Vulnerable Software and Affected Versions JeecgBoot versions up to 3.9.0 Description A security flaw exists in JeecgBoot that allows for improper authentication. The issue is related to the manipulation of the ID argument within an unknown function in the file...

PT-2025-52499

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.8.1 through 2.52.0, an attacker with an account on a CVAT instance is able to retrieve the contents of any file system directory accessible to the CVAT server. The exposed information is names of...

GHSA-X8CP-JF6F-R4XH AWS SDK for PHP's S3 Encryption Client has a Key Commitment Issue

Summary S3 Encryption Client for PHP is an open-source client-side encryption library used to facilitate writing and reading encrypted records to S3. When the encrypted data key EDK is stored in an "Instruction File" instead of S3's metadata record, the EDK is exposed to an "Invisible Salamanders...

binutils: GNU Binutils Linker heap-based overflow

A head based buffer overflow flaw has been discovered in GNU bin utilities. The affected element is the function elfswapshdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally...