PrestaShop Checkout Backoffice directory traversal allows arbitrary file disclosure

Impact Missing validation on input vulnerable to directory traversal. Patches The problem has been patched in versions: v4.4.1 for PrestaShop 1.7 build number: 7.4.4.1 v4.4.1 for PrestaShop 8 build number: 8.4.4.1 v5.0.5 for PrestaShop 1.7 build number: 7.5.0.5 v5.0.5 for PrestaShop 8 build numbe...

CVE-2025-11492

In the ConnectWise Automate Agent, communications could be configured to use HTTP instead of HTTPS. In such cases, an on-path threat actor with a man-in-the-middle network position could intercept, modify, or replay agent-server traffic. Additionally, the encryption method used to obfuscate some...

CVE-2025-62378

CommandKit is the discord.js meta-framework for building Discord bots. In versions 1.2.0-rc.1 through 1.2.0-rc.11, a logic flaw exists in the message command handler that affects how the commandName property is exposed to both middleware functions and command execution contexts when handling...

CVE-2025-62370

Alloy Core libraries at the root of the Rust Ethereum ecosystem. Prior to 0.8.26 and 1.4.1, an uncaught panic triggered by malformed input to alloydynabi::TypedData could lead to a denial-of-service DoS via eip712signinghash. Software with high availability requirements such as network services m...

CVE-2025-62370 Alloy Core has a DoS vulnerability on `alloy_dyn_abi::TypedData` hashing

Alloy Core libraries at the root of the Rust Ethereum ecosystem. Prior to 0.8.26 and 1.4.1, an uncaught panic triggered by malformed input to alloydynabi::TypedData could lead to a denial-of-service DoS via eip712signinghash. Software with high availability requirements such as network services m...

CVE-2025-39985

In the Linux kernel, the following vulnerability has been resolved: can: mcbausb: populate ndochangemtu to prevent buffer overflow Sending an PFPACKET allows to bypass the CAN framework logic and to directly reach the xmit function of a CAN driver. The only check which is performed by the PFPACKE...

EUVD-2017-18920

Valve's Source SDK source-sdk-2013's ragdoll model parsing logic contains a stack-based buffer overflow vulnerability.The tokenizer function nexttoken copies characters from an input string into a fixed-size stack buffer without performing bounds checks. When ParseKeyValue processes a collisionpa...

Amazon Linux 2 : python-pip, --advisory ALAS2-2025-3023 (ALAS-2025-3023)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3023 advisory. When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706.Note that upgrading pip to a fixed version for this...

CVE-2025-62376 pwn.college DOJO vulnerable to improper authentication in workspace endpoint allowing unauthorized Windows VM access

pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit 467db0b9ea0d9a929dc89b41f6eb59f7cfc68bef, the /workspace endpoint contains an improper authentication vulnerability that allows an attacker to access any active Windows VM without proper authorization. The...

CVE-2025-20723

The CVE-2025-20723 entry concerns the gnss driver. It describes an out-of-bounds write caused by an incorrect bounds check, potentially enabling local privilege escalation to System level without user interaction. A patch is identified (ALPS09920033) and the associated issue MSV-3797. Connected s...

kernel: sunrpc: fix handling of server side tls alerts

In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix handling of server side tls alerts Scott Mayhew discovered a security exploit in NFS over TLS in tlsalertrecv due to its assumption it can read data from the msg iterator's kvec.. kTLS implementation splits TLS non-da...

PT-2025-42172

🚨 CVE-2025-17742: Vim vulnerability in Oracle Linux 9 allows arbitrary code execution. Patch now! Read more: 👉 https://t.co/jdNZhEl52b Security https://t.co/p6FT2u2CmI...

PT-2025-42209

Name of the Vulnerable Software and Affected Versions pwn.college DOJO versions prior to commit 467db0b9ea0d9a929dc89b41f6eb59f7cfc68bef Description The /workspace endpoint in pwn.college DOJO has an improper authentication issue. An attacker can access any active Windows VM without authorization...

EUVD-2025-34112

Mastodon is a free, open-source social network server based on ActivityPub. In versions before 4.4.6, 4.3.14, and 4.2.27, disabling or suspending a user account does not disconnect the account from the streaming API. This allows disabled or suspended accounts to continue receiving real-time updat...

CVE-2025-62170 rAthena map-server use-after-free vulnerability in RODEX

rAthena is an open-source cross-platform MMORPG server. A use-after-free vulnerability exists in the RODEX functionality of rAthena's map-server in versions prior to commit af2f3ba. An unauthenticated attacker can exploit this vulnerability via a specific attacking scenario to cause a denial of...

Security update for bluez

This update for bluez fixes the following issues: CVE-2023-45866: keystroke injection and arbitrary command execution via HID device connections bsc1217877. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

Security update for haproxy

This update for haproxy fixes the following issues: CVE-2025-11230: Fixed issue in the mjson JSON decoder, that could have let to excessive resource consumption when processing numbers with large exponents bsc1250983. Patch Instructions: To install this SUSE update use the SUSE recommended...

OESA-2025-2396 ongres-scram security update

Scram is part of the family of Simple Authentication and Security Layer authentication mechanisms.It is described as part of RFC 5802 and RFC7677. This pachage is a Java implementation. Security Fixes: SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple...

OESA-2025-2372 llama.cpp security update

Security Fixes: llama.cpp is an inference of several LLM models in C/C++. Prior to version b5721, there is a signed vs. unsigned integer overflow in llama.cpp's tokenizer implementation llamavocab::tokenize src/llama-vocab.cpp:3036 resulting in unintended behavior in tokens copying size compariso...

EulerOS 2.0 SP11 : libtiff (EulerOS-SA-2025-2234)

According to the versions of the libtiff package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file...