CVE-2025-54381

CVE-2025-54381 affects BentoML and its file-upload processing in versions 1.4.0–1.4.19. The vulnerability arises in the multipart form data and JSON request handlers, which download user-provided URLs without validating whether they point to internal networks, cloud metadata endpoints, or other r...

RLSA-2025:8696 Important: perl-FCGI:0.78 security update

The perl-FCGI package provides a Perl module for writing FastCGI applications. FastCGI is a more efficient alternative to traditional CGI, as it keeps application processes persistent across multiple requests. This module allows Perl web applications to handle requests faster and with lower...

Lynis Auditing Tool 3.1.5

Lynis is an auditing tool for Unix specialists. It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated...

WordPress Elementor plugin <= 3.30.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Path Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Text Path Widget vulnerability discovered by Asaf Mozes in WordPress Plugin Elementor Website Builder versions = 3.30.2...

CVE-2025-8194

There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives...

CVE-2025-38497 usb: gadget: configfs: Fix OOB read on empty string write

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Fix OOB read on empty string write When writing an empty string to either 'qwsign' or 'landingPage' sysfs attributes, the store functions attempt to access pagel - 1 before validating that the length 'l' is...

CVE-2025-38477 net/sched: sch_qfq: Fix race condition on qfq_aggregate

In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix race condition on qfqaggregate A race condition can occur when 'agg' is modified in qfqchangeagg called during qfqenqueue while other threads access it concurrently. For example, qfqdumpclass may trigger a...

CVE-2025-8177

A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It...

Security update for opera (important)

openSUSE Security Update: Security update for opera Announcement ID: openSUSE-SU-2025:0271-1 Rating: important References: Cross-References: CVE-2025-6558 Affected Products: openSUSE Leap 15.6:NonFree An update that fixes one vulnerability is now available. Description: This update for opera fixe...

CVE-2025-38452 net: ethernet: rtsn: Fix a null pointer dereference in rtsn_probe()

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: rtsn: Fix a null pointer dereference in rtsnprobe Add check for the return value of rcargen4ptpalloc to prevent potential null pointer dereference...

Sophos and SonicWall Patch Critical RCE Flaws Affecting Firewalls and SMA 100 Devices

Sophos and SonicWall have alerted users of critical security flaws in Sophos Firewall and Secure Mobile Access SMA 100 Series appliances that could be exploited to achieve remote code execution. The two vulnerabilities impacting Sophos Firewall are listed below - CVE-2025-6704 CVSS score: 9.8 - A...

CVE-2025-47281 Kyverno's Improper JMESPath Variable Evaluation Leads to Denial of Service

Kyverno is a policy engine designed for cloud native platform engineering teams. In versions 1.14.1 and below, a Denial of Service DoS vulnerability exists due to improper handling of JMESPath variable substitutions. Attackers with permissions to create or update Kyverno policies can craft...

WordPress Youtube Vimeo Video Player and Slider WP Plugin <= 3.8 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Youtube Vimeo Video Player and Slider WP Plugin versions = 3.8...

CVE-2025-54138

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. LibreNMS versions 25.6.0 and below contain an architectural vulnerability in the ajaxform.php endpoint that permits Remote File Inclusion base...

CVE-2025-53538 Suricata's mishandling of data on HTTP2 stream 0 can lead to resource starvation

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In versions 7.0.10 and below and 8.0.0-beta1 through 8.0.0-rc1, mishandling of data on HTTP2 stream 0 can lead to uncontrolled memory usage, leading to loss of...

PT-2025-30377 · Unknown +1 · Sanluan Publiccms +1

Name of the Vulnerable Software and Affected Versions: Sanluan PublicCMS versions up to 5.202506.a Description: A problematic vulnerability has been identified in Sanluan PublicCMS. The issue involves unknown processing of the file...

Security Bulletin: Vulnerabilities in Fastify affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Fastify has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-32442 DESCRIPTION: Fastify ...

CVE-2025-7865

A vulnerability was found in thinkgem JeeSite up to 5.12.0. It has been declared as problematic. This vulnerability affects the function xssFilter of the file src/main/java/com/jeesite/common/codec/EncodeUtils.java of the component XSS Filter. The manipulation of the argument text leads to cross...

PT-2025-30165

Name of the Vulnerable Software and Affected Versions thinkgem JeeSite versions up to 5.12.0 Description An open redirect issue exists in the redirectUrl function located in the file src/main/java/com/jeesite/common/web/http/ServletUtils.java. The manipulation of the url argument can lead to an...

WordPress SHOUT - HTML5 Radio Player With Ads - ShoutCast and IceCast Support <= 3.5.4 - Cross Site Scripting (XSS) Vulnerability

WordPress SHOUT - HTML5 Radio Player With Ads - ShoutCast and IceCast Support = 3.5.4 - Cross Site Scripting XSS Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin SHOUT - HTML5 Radio Player With Ads - ShoutCast and IceCast Support versions = 3.5.4...