GHSA-P483-WPFP-42CJ code-server's session cookie can be extracted by having user visit specially crafted proxy URL

Summary A maliciously crafted URL using the proxy subpath can result in the attacker gaining access to the session token. Details Failure to properly validate the port for a proxy request can result in proxying to an arbitrary domain. The malicious URL https:///proxy/[email protected]/path would be...

CVE-2025-46824

The Discourse Code Review Plugin allows users to review GitHub commits on Discourse. Prior to commit eed3a80, an attacker can execute arbitrary JavaScript on users' browsers by posting links to malicious GitHub commits. This problem is patched in commit eed3a80 of the discourse-code-review plugin...

CVE-2025-37883

CVE-2025-37883 affects the Linux kernel in s390/sclp code. The fix adds a check for the return value of get_zeroed_page() in sclp_console_init() to prevent null pointer dereference, and introduces a free helper to address a memory leak from the loop allocation. Impact described in the sources inc...

CVE-2025-37881

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: aspeed: Add NULL pointer check in astvhubinitdev The variable d-name, returned by devmkasprintf, could be NULL. A pointer check is added to prevent potential NULL pointer dereference. This is similar to the fix in...

CVE-2025-37875 igc: fix PTM cycle trigger logic

In the Linux kernel, the following vulnerability has been resolved: igc: fix PTM cycle trigger logic Writing to clear the PTM status 'valid' bit while the PTM cycle is triggered results in unreliable PTM operation. To fix this, clear the PTM 'trigger' and status after each PTM transaction. The...

SUSE-SU-2025:1521-1 Security update for tomcat

This update for tomcat fixes the following issues: Update to Tomcat 9.0.104 - CVE-2025-31650: invalid priority field values should be ignored bsc1242008 - CVE-2025-31651: Better handling of URLs with literal ';' and '?' bsc1242009 Full changelog:...

SUSE CVE-2025-37823

In the Linux kernel, the following vulnerability has been resolved: netsched: hfsc: Fix a potential UAF in hfscdequeue too Similarly to the previous patch, we need to safe guard hfscdequeue too. But for this one, we don't have a reliable reproducer...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2025:0148-1 Rating: important References: 1242717 Cross-References: CVE-2025-4372 Affected Products: openSUSE Backports SLE-15-SP6 An update that fixes one vulnerability is now available. Description: This update...

PT-2025-20588

Name of the Vulnerable Software and Affected Versions Gym Management System version 1.0 Description A critical issue was found in the Gym Management System, affecting the "/ajax.php?action=delete user" endpoint. The manipulation of the ID argument leads to SQL injection. This issue can be exploit...

PT-2025-24278 · Kunbus · Revolution Pi Webstatus +1

Name of the Vulnerable Software and Affected Versions: RevPi Webstatus versions prior to v2.4.6 Description: An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion, leading to full compromise of the device. The root...

libexpat library is vulnerable to DoS attacks through stack overflow

Overview A stack overflow vulnerability has been discovered within the libexpat open source library. When parsing XML documents with deeply nested entity references, libexpat can recurse indefinitely. This can result in exhaustion of stack space and a crash. An attacker can weaponize this to eith...

WordPress WPBookit plugin <= 1.0.2 - Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Account Takeover vulnerability

Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Account Takeover vulnerability discovered by kr0d in WordPress Plugin WPBookit versions = 1.0.2...

CVE-2025-46833

Programs/P73SimplePythonEncryption.py illustrates a simple Python encryption example using the RSA Algorithm. In versions prior to commit 6ce60b1, an attacker may be able to decrypt the data using brute force attacks and because of this the whole application can be impacted. This issue has been...

CVE-2025-46336

Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie already a major issue, the session may be restored if the attacker can trigger a lo...

CVE-2025-46712

Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 for OTP-27, OTP-26.2.5.12 for OTP-26, and OTP-25.3.2.21 for OTP-25, Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages to be exchanged. This...

CVE-2025-46833 Programs/P73_SimplePythonEncryption.py has weak cryptographic key

Programs/P73SimplePythonEncryption.py illustrates a simple Python encryption example using the RSA Algorithm. In versions prior to commit 6ce60b1, an attacker may be able to decrypt the data using brute force attacks and because of this the whole application can be impacted. This issue has been...

CVE-2025-46833

CVE-2025-46833 affects Programs/P73_SimplePythonEncryption.py, where RSA-based encryption prior to commit 6ce60b1 can be brute-forced, potentially compromising data. The vulnerability is mitigated in the patched commit 6ce60b1. Workarounds include increasing key sizes: RSA/DSA to at least 2048 bi...

CVE-2025-46712 Erlang/OTP SSH Has Strict KEX Violations

Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 for OTP-27, OTP-26.2.5.12 for OTP-26, and OTP-25.3.2.21 for OTP-25, Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages to be exchanged. This...

CVE-2025-46336

CVE-2025-46336 affects Rack::Session within the Rack::Session::Pool middleware. In versions 2.0.0 up to but not including 2.1.1, if an attacker has a valid session cookie and can trigger a long-running request adjacent to a user logout, the session may be restored, allowing illicit access after l...

CVE-2025-46336 Rack session gets restored after deletion

Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie already a major issue, the session may be restored if the attacker can trigger a lo...