nodejs:22 security update

An update is available for module.nodejs-nodemon, nodejs, nodejs-nodemon, nodejs-packaging, module.nodejs, module.nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Important: nodejs:22 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: sqlite: Integer Truncation in SQLite CVE-2025-6965 For more details about the security issues, including the impact, a CVSS score, acknowledgments...

The vulnerability of the TIA Administrator software development environment, related to access control deficiencies, allows attackers to escalate their privileges and execute arbitrary code.

The vulnerability of the TIA Administrator software development environment is related to lack of access control. Exploiting this vulnerability can allow attackers to enhance their privileges and execute arbitrary code...

The vulnerability of the SDK – Software Development Kit for product lifecycle management software for Oracle Agile PLM Framework, allowing a perpetrator to access confidential information

The vulnerability of the SDK-Software Development Kit, a software tool for managing product lifecycles in Oracle Agile PLM Framework enterprises, is related to improper authentication. Exploiting this vulnerability can allow an attacker, operating remotely, to access confidential information...

Important: java-17-openjdk security update

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: JDK: Better Glyph drawing CVE-2025-30749 JDK: Enhance TLS protocol support CVE-2025-30754 JDK: Improve HTTP client header handling CVE-2025-50059 JDK:...

CVE-2025-38187 drm/nouveau: fix a use-after-free in r535_gsp_rpc_push()

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix a use-after-free in r535gsprpcpush The RPC container is released after being passed to r535gsprpcsend. When sending the initial fragment of a large RPC and passing the caller's RPC container, the container will b...

Model Context Protocol Python SDK 安全漏洞

Model Context Protocol Python SDK is a Model Context Protocol open source development tool for Model Context Protocol servers and clients. A security vulnerability exists in the Model Context Protocol Python SDK prior to version 1.9.4, which stems from an unhandled exception when handling malform...

SAMEP: a Secure Protocol for Persistent Context Sharing across AI Agents

Current AI agent architectures suffer from ephemeral memory limitations, preventing effective collaboration and knowledge sharing across sessions and agent boundaries. We introduce SAMEP Secure Agent Memory Exchange Protocol, a novel framework that enables persistent, secure, and semantically...

CVE-2025-48991

Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a vulnerability present in Tuleap Community Edition prior to version 16.8.99.1748845907 and Tuleap Enterprise Edition prior to versions 16.8-3 and 16.7-5 to trick victims into...

CVE-2025-50179 Tuleap missing CSRF protection on tracker reports manipulation

Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a cross-site request forgery vulnerability in Tuleap Community Edition prior to version 16.8.99.1749830289 and Tuleap Enterprise Edition prior to version 16.9-1 to trick victims...

CVE-2025-50179 Tuleap missing CSRF protection on tracker reports manipulation

Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a cross-site request forgery vulnerability in Tuleap Community Edition prior to version 16.8.99.1749830289 and Tuleap Enterprise Edition prior to version 16.9-1 to trick victims...

CVE-2025-48991 Tuleap missing CSRF protection on tracker canned responses administration

Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a vulnerability present in Tuleap Community Edition prior to version 16.8.99.1748845907 and Tuleap Enterprise Edition prior to versions 16.8-3 and 16.7-5 to trick victims into...

CVE-2025-48991 Tuleap missing CSRF protection on tracker canned responses administration

Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a vulnerability present in Tuleap Community Edition prior to version 16.8.99.1748845907 and Tuleap Enterprise Edition prior to versions 16.8-3 and 16.7-5 to trick victims into...

What LLMs Know About Their Users

Simon Willison talks about ChatGPT's new memory dossier feature. In his explanation, he illustrates how much the LLM--and the company--knows about its users. It's a big quote, but I want you to read it all. Here's a prompt you can use to give you a solid idea of what's in that summary. I first sa...

New Guidance Released for Reducing Memory-Related Vulnerabilities

Today, CISA, in partnership with the National Security Agency NSA, released a joint guide on reducing memory-related vulnerabilities in modern software development. Memory safety vulnerabilities pose serious risks to national security and critical infrastructure. Adopting memory safe languages MS...

The New Frontline: Why DevOps Became a Cyber Target

Running short on time but still want to stay in the know? Well, we’ve got you covered! We’ve condensed all the key takeaways into a handy audio summary. Our AI-driven podcasts are fit for on the go. Click right here to hear it all on CAASM & CDMB Inefficiencies! Your developers didn't become...

Malicious code in kucoin-universal-sdk-example (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-5074 Malicious code in build-react-wrapper (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2025-2474 Vulnerability in PCX Image Codec Impacts QNX Software Development Platform

Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec...

CVE-2025-2474

CVE-2025-2474 describes an out-of-bounds write in the PCX image codec used by QNX SDP 7.0, 7.1, and 8.0. The vulnerability could allow an unauthenticated attacker to cause a denial-of-service or execute code in the context of the process using the image codec. Connected sources corroborate the af...