CVE-2025-68313

In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Add RDSEED fix for Zen5 There's an issue with RDSEED's 16-bit and 32-bit register output variants on Zen5 which return a random value of 0 "at a rate inconsistent with randomness while incorrectly signaling success...

UBUNTU-CVE-2025-68175

In the Linux kernel, the following vulnerability has been resolved: media: nxp: imx8-isi: Fix streaming cleanup on release The current implementation unconditionally calls mxcisivideocleanupstreaming in mxcisivideorelease. This can lead to situations where any release call like from a simple...

CVE-2025-68236

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: ufs-qcom: Fix UFS OCP issue during UFS power down PC=3 According to UFS specifications, the power-off sequence for a UFS device includes: - Sending an SSU command with PowerCondition=3 and await a response. - Asserting...

CVE-2025-68177

CVE-2025-68177: In Linux kernel, cpufreq/longhaul: longhaul_exit improperly dereferenced a NULL policy pointer. The fix adds an unlikely() guard and early return when policy is NULL, with upstream patchset released in kernel 6.6.120. Mageia OSVs indicate updated kernel packages (6.6.120) addressi...

CVE-2025-40358 riscv: stacktrace: Disable KASAN checks for non-current tasks

In the Linux kernel, the following vulnerability has been resolved: riscv: stacktrace: Disable KASAN checks for non-current tasks Unwinding the stack of a task other than current, KASAN would report "BUG: KASAN: out-of-bounds in walkstackframe+0x41c/0x460" There is a same issue on x86 and has bee...

EUVD-2025-203485

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 8.6.1 and 9.1.0-alpha.3, a Reflected Cross-Site Scripting XSS vulnerability exists in Parse Server's password reset and email verification HTML pages. The patch, available ...

ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay

Impact A cryptographic semantic binding flaw in ALTCHA libraries allows challenge payload splicing, which may enable replay attacks. The HMAC signature does not unambiguously bind challenge parameters to the nonce, allowing an attacker to reinterpret a valid proof-of-work submission with a modifi...

CVE-2025-64725

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to accept an invitation opened by a different user. Version 5.15. contains a patch. As a workaround, avoid leaving one's Weblate sessions with an invitation opened unattended...

Security update for xkbcomp

This update for xkbcomp fixes the following issues: CVE-2018-15863: NULL pointer dereference triggered by a a crafted keymap file with a no-op modmask expression can lead to a crash bsc1105832. CVE-2018-15861: NULL pointer dereference triggered by a crafted keymap file that induces an xkbinternat...

firefox security update

140.4.0-4.0.1 - Update to 140.4.0 ESR Orabug: 38595697CVE-2025-11708CVE-2025-11709 CVE-2025-11710CVE-2025-11711CVE-2025-11712CVE-2025-11714 CVE-2025-11715...

CVE-2025-14660 DecoCMS Mesh Workspace Domain api.ts createTool access control

A flaw has been found in DecoCMS Mesh up to 1.0.0-alpha.31. Affected by this vulnerability is the function createTool of the file packages/sdk/src/mcp/teams/api.ts of the component Workspace Domain Handler. This manipulation of the argument domain causes improper access controls. The attack can b...

CVE-2025-43482

The issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to cause a denial-of-service...

[Updated] Another Chrome zero-day under attack: update now

Google issued an extra patch for a security vulnerability in Chrome that is being actively exploited, and it's urging users to update. The patch fixes three flaws in Chrome, and for one of them Google says an exploit already exists in the wild. Chrome is by far the world’s most popular browser,...

EulerOS 2.0 SP11 : cmake (EulerOS-SA-2025-2457)

According to the versions of the cmake packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was determined in cmake 4.1.20250725-gb5cce23. This affects the function cmForEachFunctionBlocker::ReplayItems of the file...

CVE-2025-62181 Pega Platform versions 7.1.0 through Infinity 25.1.0 are affected by a User Enumeration where during user authentication process, a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not.

Pega Platform versions 7.1.0 through Infinity 25.1.0 are affected by a User Enumeration. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not. This only applies to deprecated...

Security update for fontforge

This update for fontforge fixes the following issues: CVE-2025-50949: Fixed a memory leak in the DlgCreate8 function. bsc1252652 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...

XWiki vulnerable to remote code execution through insufficient protection against {{/html}} injection

Impact Any user who can edit their own user profile or any other document can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. The reason is that rendering output is included as...

GHSA-9XC6-C2RM-F27P XWiki vulnerable to remote code execution through insufficient protection against {{/html}} injection

Impact Any user who can edit their own user profile or any other document can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. The reason is that rendering output is included as...

ROOT-OS-DEBIAN-11-CVE-2025-13601 CVE-2025-13601 in rootio-glib2.0 - Patched by Root

Root has patched CVE-2025-13601 in the rootio-glib2.0 package for Root:Debian:11. Multiple fixed versions available...

CVE-2025-9571

CVE-2025-9571 is a remote code execution vulnerability in Google Cloud Data Fusion. An attacker with permission to upload artifacts to a Data Fusion instance can execute arbitrary code in the core AppFabric component, potentially gaining control of the Data Fusion instance and leading to unauthor...