RHSA-2025:2524 Red Hat Security Advisory: kernel-rt security update

Bulletin has no description...

DEBIAN-CVE-2025-2176

A vulnerability classified as critical has been found in libzvbi up to 0.2.43. This affects the function vbicapturesimloadcaption of the file src/io-sim.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and...

PT-2025-10811 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows 10 Version 1809 Windows versions prior to the patch released on 2025-03-11 Description: A security-feature bypass vulnerability in Windows Mark of the Web MOTW allows an unauthorized attacker to bypass a security feature locally. This...

PT-2025-10798 · Microsoft · Windows Remote Desktop Services +1

Name of the Vulnerable Software and Affected Versions: Windows Remote Desktop Services versions prior to the fixed version Description: The issue is related to the storage of sensitive data in improperly locked memory in Windows Remote Desktop Services, allowing an unauthorized attacker to execut...

CVE-2025-27610

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, Rack::Static can serve files under the specified root: even if urls: are provided, which may expose other files under the specified root: unexpectedly. The vulnerability occurs becaus...

CVE-2025-27610 Local File Inclusion in Rack::Static

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, Rack::Static can serve files under the specified root: even if urls: are provided, which may expose other files under the specified root: unexpectedly. The vulnerability occurs becaus...

CVE-2025-27610 Local File Inclusion in Rack::Static

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, Rack::Static can serve files under the specified root: even if urls: are provided, which may expose other files under the specified root: unexpectedly. The vulnerability occurs becaus...

CVE-2025-27610

Rack::Static in Rack (Ruby) is vulnerable to Local File Inclusion due to improper sanitization of user-supplied paths, allowing access to files under the configured root. The affected versions are prior to 2.2.13, 3.0.14, and 3.1.12, which contain the patch. The vulnerability enables traversal vi...

CVE-2025-27610

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, Rack::Static can serve files under the specified root: even if urls: are provided, which may expose other files under the specified root: unexpectedly. The vulnerability occurs becaus...

Minor update (7) for Vivaldi Desktop Browser 7.1

Download Vivaldi The following improvements were made since the sixth 7.1 minor update: Chromium Backported Upstream 134+ security patch for "Out of bounds write in GPU" CVE-2025-24201 Main photo byAndrew Ly...

PocketMine-MP allows malicious client data to waste server resources due to lack of limits for explode()

Impact Due to lack of limits by default in the explode function, malicious clients were able to abuse some packets to waste server CPU and memory. This is similar to a previous security issue published in https://github.com/pmmp/PocketMine-MP/security/advisories/GHSA-gj94-v4p9-w672, but with a...

CVE-2025-22603

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Versions prior to autogpt-platform-beta-v0.4.2 contains a server-side request forgery SSRF vulnerability inside component or block Send Web Request. The...

CVE-2025-25306 Misskey's Incomplete Patch of CVE-2024-52591 Leads to Forgery of Federated Notes

Misskey is an open source, federated social media platform. The patch for CVE-2024-52591 did not sufficiently validate the relation between the id and url fields of ActivityPub objects. An attacker can forge an object where they claim authority in the url field even if the specific ActivityPub...

CVE-2024-52812 LF Edge eKuiper has Stored XSS in Rules Functionality

LF Edge eKuiper is an internet-of-things data analytics and stream processing engine. Prior to version 2.0.8, auser with rights to modify the service e.g. kuiperUser role can inject a cross-site scripting payload into the rule id parameter. Then, after any user with access to this service e.g...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-53206)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-53206 advisory. - In the Linux kernel, the following vulnerability has been resolved: tcp: Fix use-after-free of nreq in...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-53150)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-53150 advisory. - In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads...

CVE-2024-58055

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ftcm: Don't free command immediately Don't prematurely free the command. Wait for the status completion of the sense status. It can be freed then. Otherwise we will double-free the command...

xsk: fix OOB map writes when deleting elements

...

scsi: megaraid_sas: Fix for a potential deadlock

...

jfs: fix array-index-out-of-bounds in jfs_readdir

...