[SECURITY] Fedora 44 Update: bind-dyndb-ldap-11.11-15.fc44

This package provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP server...

GHSA-V25J-WQCW-FVHJ wger has an Uncontrolled Resource Consumption issue

Summary Any authenticated user can create a routine spanning an arbitrarily long date range e.g. 100 years and then trigger the datesequence computation via any of the routine detail endpoints. The server iterates once per day in an unbounded while loop with no maximum duration validation, causin...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: ipvs: fix WARNING in ipvsappnetcleanup During the initialization of ipvsappnetinit, if file ipvsapp fails to be created, the initialization is successful by default. Therefore, the ipvsapp file doesn't be found during the remove ...

CVE-2026-23962

Mastodon is a free, open-source social network server based on ActivityPub. Mastodon versions before v4.3.18, v4.4.12, and v4.5.5 do not have a limit on the maximum number of poll options for remote posts, allowing attackers to create polls with a very large amount of options, greatly increasing...

CVE-2025-66838

In Aris v10.0.23.0.3587512 and before, the file upload functionality does not enforce any rate limiting or throttling, allowing users to upload files at an unrestricted rate. An attacker can exploit this behavior to rapidly upload a large volume of files, potentially leading to resource exhaustio...

CVE-2025-66838

The CVE describes an issue in ARIS prior to version 10.0.23.0.3587512 where the file upload function does not enforce rate limiting/throttling. This allows an attacker to upload a large volume of files at an unrestricted rate, potentially causing resource exhaustion such as disk space depletion, ...

PT-2025-47426

The Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin for WordPress is vulnerable to Authorization in versions up to, and including, 5.9.10. This is due to the plugin not properly verifying that a user is authorized to perform an action in the trigger mailing queue...

EUVD-2002-0206

Malware in sbrugna...

EUVD-2025-25868

Malicious code in bioql PyPI...

EUVD-2025-11140

Malicious code in bioql PyPI...

EUVD-2025-4633

Malicious code in bioql PyPI...

EUVD-2023-56754

Malicious code in bioql PyPI...

OESA-2025-2327 openssl security update

The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, fully featured, and Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols as well as a full-strength general purpose cryptography library. The project i...

Guidelines for Mass Instant Recovery to Azure

Article Applicability This article contains information related to Veeam Backup & Replication build 13.0.1.180 and later, as performance for IR to Azure was significantly improved starting with this build. Challenge When attempting to perform mass recovery using Instant Recovery to Azure, the...

CVE-2023-52075

ReVanced API proxies requests needed to feed the ReVanced Manager and website with data. Up to and including commit 71f81f7f20cd26fd707335bca9838fa3e7df20d2, ReVanced API lacks error caching causing rate limit to be triggered thus increasing server load. This causes a denial of service for all...

CVE-2023-22740

Discourse is an open source platform for community discussion. Versions prior to 3.1.0.beta1 beta tests-passed are vulnerable to Allocation of Resources Without Limits. Users can create chat drafts of an unlimited length, which can cause a denial of service by generating an excessive load on the...

[SECURITY] Fedora 41 Update: zsync-0.6.2-3.fc41

zsync is a file transfer program. It allows you to download a file from a remote server, where you have a copy of an older version of the file on your computer already. zsync downloads only the new parts of the file. It uses the same algorithm as rsync. However, where rsync is designed for...

CVE-2025-32388

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.20.6 , unsanitized search param names cause XSS vulnerability. You are affected if you iterate over all entries of event.url.searchParams inside a server load function. Attackers can explo...

CVE-2025-32388 SvelteKit allows XSS via tracked search_params

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.20.6 , unsanitized search param names cause XSS vulnerability. You are affected if you iterate over all entries of event.url.searchParams inside a server load function. Attackers can explo...

CVE-2025-32388

CVE-2025-32388 affects SvelteKit prior to v2.20.6 where unsanitized iteration over event.url.searchParams in a server load function enables XSS. The issue is fixed in 2.20.6; upgrade to 2.20.6 or later.