CVE-2025-53100

RestDB's Codehooks.io MCP Server is an MCP server on the Codehooks.io platform. Prior to version 0.2.2, the MCP server is written in a way that is vulnerable to command injection attacks as part of some of its MCP Server tools definition and implementation. This could result in a user initiated...

CVE-2025-48939

CVE-2025-48939 concerns tarteaucitron.js where, before version 1.22.0, code accessed document.currentScript without validating it was a real [removed] element. An attacker injecting HTML could cause DOM clobbering, potentially changing the script path (e.g., CDN domain). The issue stems from some...

CVE-2025-48939 tarteaucitron.js vulnerable to DOM Clobbering via document.currentScript

tarteaucitron.js is a compliant and accessible cookie banner. Prior to version 1.22.0, a vulnerability was identified in tarteaucitron.js where document.currentScript was accessed without verifying that it referenced an actual element. If an attacker injected an HTML element, it could clobber the...

n8n Vulnerable to Denial of Service via Malformed Binary Data Requests

Summary Denial of Service vulnerability in /rest/binary-data endpoint when processing empty filesystem URIs filesystem:// or filesystem-v2://. Impact This is a Denial of Service DoS vulnerability that allows authenticated attackers to cause service unavailability through malformed filesystem URI...

Security update for icu

This update for icu fixes the following issues: CVE-2025-5222: Fixed stack buffer overflow in the SRBRoot:addTag function bsc1243721 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run th...

CVE-2025-38155 wifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init()

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7915: Fix null-ptr-deref in mt7915mmiowedinit devmioremap returns NULL on error. Currently, mt7915mmiowedinit does not check for this case, which results in a NULL pointer dereference. Prevent null pointer dereferen...

CVE-2025-38129

CVE-2025-38129 details a Linux kernel use-after-free in page_pool_recycle_in_ring, linked to page_pool's per-CPU recycle mechanism. The root cause is that a page may be freed while the page pool’s ring is still being recycled, resulting in a potential use-after-free when the producer_lock is not ...

CVE-2025-38105

CVE-2025-38105 concerns the Linux kernel ALSA USB audio path. The issue arises when the USB-audio MIDI driver’s timer is initialized but the driver is freed without an explicit disconnect, potentially leaving an active timer and triggering a kernel warning under debug builds. The documented fix i...

CVE-2024-49364

tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a private key can be extracted on signing a malicious JSON-stringifiable object, when global Buffer is the buffer package. This affects only environments where require'buffer' is the NPM buffer package. The...

CVE-2025-53095

Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Cross-Site Request Forgery CSRF attacks. This vulnerability allows an attacker to craft a malicious web page that, when visited by an authenticated user, can...

PT-2025-27833 · Mediawiki · Shortdescription +1

Name of the Vulnerable Software and Affected Versions: MediaWiki extension Short Description versions 4.0.0 Description: The issue arises from the lack of proper sanitization of short descriptions before they are inserted as HTML, allowing any user to insert arbitrary HTML into the DOM by editing...

PT-2025-27802 · Tenda · Tenda Ac6

Name of the Vulnerable Software and Affected Versions: Tenda AC6 version 15.03.05.16 multi Description: The issue is related to a Buffer Overflow in the formSetFirewallCfg function via the firewallEn parameter. Recommendations: For Tenda AC6 version 15.03.05.16 multi, as a temporary workaround,...

PT-2025-27831 · Mediawiki +1 · Mediawiki Citizen Skin +1

Name of the Vulnerable Software and Affected Versions: Citizen MediaWiki skin versions 1.9.4 through 3.4.0 Description: The Citizen MediaWiki skin has an issue where short descriptions set via the ShortDescription extension are inserted as raw HTML, allowing any user to insert arbitrary HTML into...

PT-2025-27703

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.15.0-rc7 Description: A vulnerability in the Linux kernel's Bluetooth management has been resolved by protecting the mgmt pending list with its own lock, preventing crashes due to concurrent access. The issue...

CVE-2025-53359

ethereum is a common ethereum structs for Rust. Prior to ethereum crate v0.18.0, signature malleability according to EIP-2 was only checked for "legacy" transactions, but not for EIP-2930, EIP-1559 and EIP-7702 transactions. This is a specification deviation. The signature malleability itself is...

CVE-2025-53359 ethereum does not check transaction malleability for EIP-2930, EIP-1559 and EIP-7702 transactions

ethereum is a common ethereum structs for Rust. Prior to ethereum crate v0.18.0, signature malleability according to EIP-2 was only checked for "legacy" transactions, but not for EIP-2930, EIP-1559 and EIP-7702 transactions. This is a specification deviation. The signature malleability itself is...

CVE-2025-53359

CVE-2025-53359 affects the Rust ethereum crate prior to v0.18.0, where signature malleability checks were only performed for legacy transactions and not for EIP-2930, EIP-1559, and EIP-7702. This is a specification deviation; the malleability issue is described as not a direct security risk in si...

SUSE-SU-2025:02205-1 Security update for python-requests

This update for python-requests fixes the following issues: - CVE-2024-47081: fixes netrc credential leak bsc1244039...

CVE-2025-52891 ModSecurity empty XML tag causes segmentation fault

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.8 to before 2.9.11, an empty XML tag can cause a segmentation fault. If SecParseXmlIntoArgs is set to On or OnlyArgs, and the request type is application/xml, and at least...

CVE-2025-52891 ModSecurity empty XML tag causes segmentation fault

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.8 to before 2.9.11, an empty XML tag can cause a segmentation fault. If SecParseXmlIntoArgs is set to On or OnlyArgs, and the request type is application/xml, and at least...