openwebui-token-tracking (=0.1.7) potentially affected by CVE-2025-63681 via open-webui (=0.6.0)

open-webui PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - openwebui-token-tracking =0.1.7 Source cves: CVE-2025-63681 Source advisory: OSV:GHSA-FRV8-GFFC-37PX...

openwebui-token-tracking (=0.1.7) potentially affected by CVE-2025-63681 via open-webui (=0.6.0)

open-webui PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on open-webui and may be impacted: - openwebui-token-tracking =0.1.7 Source cves: CVE-2025-63681 Source advisory: SNYK:PYTHON-OPENWEBUI-14190592...

RLSA-2025:22405 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: nfsd: handle getclientlocked failure in nfsd4setclientidconfirm CVE-2025-38724 kernel: wifi: cfg80211: fix use-after-free in cmpbss CVE-2025-39864 kernel: e1000e: fix heap overflow in...

RockyLinux 9 : kernel (RLSA-2025:22405)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:22405 advisory. kernel: nfsd: handle getclientlocked failure in nfsd4setclientidconfirm CVE-2025-38724 kernel: wifi: cfg80211: fix use-after-free in cmpbss CVE-2025-398...

Oracle Linux 10 : expat (ELSA-2025-21030)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-21030 advisory. - Fix CVE-2025-59375 - backport allocation tracking improvements Tenable has extracted the preceding description block directly from the Oracle Linux security...

[SECURITY] Fedora 43 Update: forgejo-13.0.3-1.fc43

Forgejo pronounced /for=CB=88d=CD=A1=CA=92e.jo/ is a lightweight software f orge. Use it to host git repositories, track their issues and allow people to contribute to them!...

kernel: iommu/vt-d: Disallow dirty tracking if incoherent page walk

A flaw was found in the Intel VT-d IOMMU support in the Linux kernel. When an IOMMU is configured to perform dirty-page tracking, but the page-walk memory region is incoherent between the IOMMU and CPU, the hardware may attempt to atomically update the bits in a paging-structure entry that is not...

Physical ID-Transfer Attacks against Multi-Object Tracking Via Adversarial Trajectory

Multi-Object Tracking MOT is a critical task in computer vision, with applications ranging from surveillance systems to autonomous driving. However, threats to MOT algorithms have yet been widely studied. In particular, incorrect association between the tracked objects and their assigned IDs can...

Tryton trytond 安全漏洞

Tryton trytond is a core application server from Tryton Open Source. A security vulnerability exists in Tryton trytond versions prior to 7.6.11 that stems from the potential disclosure of sensitive tracking information...

pretix-tracking-scripts (>=1.0.0 <=1.0.1) potentially affected by CVE-2025-13742 via pretix (=2024.11.0)

pretix PYPI version =2024.11.0 is affected by a known vulnerability. The following packages have a transitive dependency on pretix and may be impacted: - pretix-tracking-scripts =1.0.0, =1.0.1 Source cves: CVE-2025-13742 Source advisory: OSV:GHSA-2MM6-624X-FQRR...

pretix-tracking-scripts (>=1.0.0 <=1.0.1) potentially affected by CVE-2025-13742 via pretix (=2024.11.0)

pretix PYPI version =2024.11.0 is affected by a known vulnerability. The following packages have a transitive dependency on pretix and may be impacted: - pretix-tracking-scripts =1.0.0, =1.0.1 Source cves: CVE-2025-13742 Source advisory: OSV:PYSEC-2025-154...

Online Shopping Portal Insecure Direct Object Reference Vulnerability

Online Shopping Portal is an online store. Online Shopping Portal suffers from an insecure direct object reference vulnerability, which stems from the order tracking functionality not properly implementing an access control mechanism that directly references data sent from the client as an object...

CVE-2025-65647

Insecure Direct Object Reference IDOR in the Track order function in PHPGURUKUL Online Shopping Portal 2.1 allows information disclosure via the oid parameter...

ICE Offers Up to $280 Million to Immigrant-Tracking ‘Bounty Hunter’ Firms

Immigration and Customs Enforcement lifted a $180 million cap on a proposed immigrant-tracking program while guaranteeing multimillion-dollar payouts for private surveillance firms...

CVE-2025-13585

A vulnerability was detected in itsourcecode COVID Tracking System 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument code results in sql injection. The attack may be performed from remote. The exploit is now public and may be used...

CVE-2025-65647

CVE-2025-65647 applies to PHPGURUKUL Online Shopping Portal 2.1, where an Insecure Direct Object Reference (IDOR) in the Track order function allows information disclosure via the oid parameter. The vulnerability stems from insufficient access control when referencing data sent from the client as...

Securing the Model Context Protocol (MCP): Risks, Controls, and Governance

The Model Context Protocol MCP replaces static, developer-controlled API integrations with more dynamic, user-driven agent systems, which also introduces new security risks. As MCP adoption grows across community servers and major platforms, organizations encounter threats that existing AI...

PHPGurukul Online Shopping Portal 安全漏洞

Online Shopping Portal is an online store. Online Shopping Portal suffers from an insecure direct object reference vulnerability, which stems from the order tracking functionality not properly implementing an access control mechanism that directly references data sent from the client as an object...

ROS-20251125-13

A vulnerability in the maskedPaths feature of the isolated container runc tool is related to the runc state that allows link tracking. Exploitation of the vulnerability could allow an attacker to Affect the confidentiality, integrity and availability of protected information...

CVE-2025-13570

A vulnerability was found in itsourcecode COVID Tracking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/?page=state. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been made publ...