WebAuthn app was updated based on public key

None...

openSUSE 16 Security Update : mozjs128 (openSUSE-SU-2025-20135-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025-20135-1 advisory. - Update to version 128.14.0 bsc1248162: - CVE-2025-9179: Sandbox escape due to invalid pointer in the Audio/Video: GMP component - CVE-2025-918...

Dell PowerScale OneFS 8.2.2 <= 9.5.0.8 / 9.6.0.0 <= 9.7.0.0 Broken Cryptographic Algorithm (DSA-2024-255)

The Dell PowerScale OneFS on the remote device is missing a security patch and is, therefore, affected by broken or risky cryptographic algorithm vulnerability: - Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.0 contain use of a broken or risky cryptographic algorithm vulnerability. An...

CVE-2025-66479 Anthropic Sandbox Runtime Incorrectly Implemented Network Sandboxing

Anthropic Sandbox Runtime is a lightweight sandboxing tool for enforcing filesystem and network restrictions on arbitrary processes at the OS level, without requiring a container. Prior to 0.0.16, due to a bug in sandboxing logic, sandbox-runtime did not properly enforce a network sandbox if the...

CVE-2025-65945 auth0/node-jws improper HMAC signature verification vulnerability

auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications are affected when they use the...

GHSA-46GC-MWH4-CC5R Docker MCP Plugin and Docker MCP Gateway have DNS Rebinding vulnerability when running in sse or streaming mode

Impact When ran in sse or streaming mode --transport, the Docker MCP Gateway is vulnerable to a DNS rebinding attack. Vulnerability allows for Browser-Based exploitation of any MCP servers that are executing within the Docker MCP Gateway. Any tools or other features exposed by MCP servers can be...

CVE-2025-65957

Core Bot Is an Open Source discord bot made for maple hospital servers. Prior to commit dffe050, the API keys SUPABASEAPIKEY, TOKEN are loaded using environment variables, but there are cases in code error handling, summaries, webhooks where configuration summaries may inadvertently leak sensitiv...

CVE-2025-13353

In gokey versions 0.2.0, a flaw in the seed decryption logic resulted in passwords incorrectly being derived solely from the initial vector and the AES-GCM authentication tag of the key seed. This issue has been fixed in gokey version 0.2.0. This is a breaking change. The fix has invalidated any...

GHSA-4FH9-H7WG-Q85M mdast-util-to-hast has unsanitized class attribute

Impact Multiple unprefixed classnames could be added in markdown source by using character references. This could make rendered user supplied markdown code elements appear like the rest of the page. The following markdown: markdown jsxss Would create If your page then applied .xss classes or...

PT-2025-48636

In GPU pdma, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS10117741; Issue ID: MSV-4538...

CVE-2025-53899

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, the back-end of Kiteworks MFT is vulnerable to an incorrectly specified destination in a communication channel which allows an attacker with administrative privileges on the system under certain circumstances t...

ROOT-OS-UBUNTU-2204-CVE-2023-25564 CVE-2023-25564 in rootio-gss-ntlmssp - Patched by Root

Root has patched CVE-2023-25564 in the rootio-gss-ntlmssp package for Root:Ubuntu:22.04. Multiple fixed versions available...

Wear OS Security Bulletin—December 2025Stay organized with collectionsSave and categorize content based on your preferences.

The Wear OS Security Bulletin contains details of security vulnerabilities affecting the Wear OS platform. The full Wear OS update comprises the security patch level of 2025-12-05 or later from the December 2025 Android Security Bulletin in addition to all issues in this bulletin. We encourage al...

CVE-2025-66289

OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the application does not invalidate existing sessions when a user is disabled or when a password change occurs, allowing active session cookies to remain valid indefinitely. As a result, a disabled user, o...

CVE-2025-58436

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a client that connects to cupsd but sends slow messages, e.g. only one byte per second, delays cupsd as a whole, such that it becomes unusable by other clients. This issue...

CVE-2025-66290

OrangeHRM CVE-2025-66290 affects versions 5.0–5.7. The recruitment attachment retrieval endpoint does not enforce authorization checks, allowing any authenticated user (even with ESS-level access) to access candidate attachments. The endpoint validates the session but does not verify recruitment ...

EUVD-2025-199894

Kiteworks is a private data network PDN. Prior to version 9.1.0, improper input validation when managing roles of a shared folder could lead to unexpectedly elevate another user's permissions on the share. This issue has been patched in version 9.1.0...

EUVD-2025-199889

Retro is an online platform providing items of vintage collections. Prior to version 2.4.7, Retro is vulnerable to a cross-site scripting XSS in the input handling component. This issue has been patched in version 2.4.7...

CVE-2025-66027

CVE-2025-66027 describes an information disclosure in Rallly prior to 4.5.6. The vulnerability allows disclosure of participant details (names and email addresses) through the endpoints /api/trpc/polls.get and polls.participants.list, even when Pro privacy features are enabled. The root cause is ...

CVE-2025-65113 ClipBucket v5 Unauthenticated Object Flagging Vulnerability

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.2 - 164, an authorization bypass vulnerability in the AJAX flagging system allows any unauthenticated user to flag any content users, videos, photos, collections on the platform. This can lead to mass flagging attacks,...