Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992811)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992811 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check numvalidsets before accessing readerwmsets WHY & HOW numvalidsets needs to...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992959)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992959 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/sti: Fix return type of stidvo,hda,hdmiconnectormodevalid With clang's kernel control flow...

security/libsodium -- crypto_core_ed25519_is_valid_point mishandles checks for whether an elliptic curve point is valid

Libsodium maintainer reports: The function cryptocoreed25519isvalidpoint, a low-level function used to check if a given elliptic curve point is valid, was supposed to reject points that aren't in the main cryptographic group, but some points were slipping through...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992470)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992470 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/sti: Fix return type of stidvo,hda,hdmiconnectormodevalid With clang's kernel control flow...

Correctness of Extended RSA Public Key Cryptosystem

This paper proposes an alternative approach to formally establishing the correctness of the RSA public key cryptosystem. The methodology presented herein deviates slightly from conventional proofs found in existing literature. Specifically, this study explores the conditions under which the choic...

Authentication Bypass

Node-SAML is vulnerable to an Authentication Bypass. The vulnerability is due to loading assertions from the unsigned original SAML response instead of the signature-verified data, allowing attackers to modify authentication details within a valid assertion, such as altering the username, and...

CVE-2025-68257

In the Linux kernel, the following vulnerability has been resolved: comedi: check device's attached status in compat ioctls Syzbot identified an issue 1 that crashes kernel, seemingly due to unexistent callback dev-getvalidroutes. By all means, this should not occur as said callback must always b...

UBUNTU-CVE-2025-68257

In the Linux kernel, the following vulnerability has been resolved: comedi: check device's attached status in compat ioctls Syzbot identified an issue 1 that crashes kernel, seemingly due to unexistent callback dev-getvalidroutes. By all means, this should not occur as said callback must always b...

CVE-2025-68257 comedi: check device's attached status in compat ioctls

In the Linux kernel, the following vulnerability has been resolved: comedi: check device's attached status in compat ioctls Syzbot identified an issue 1 that crashes kernel, seemingly due to unexistent callback dev-getvalidroutes. By all means, this should not occur as said callback must always b...

Linux Distros Unpatched Vulnerability : CVE-2025-68257

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - comedi: check device's attached status in compat ioctls Syzbot identified an issue 1 that crashes kernel, seemingly due to unexistent callback dev-getvalidroute...

Linux Distros Unpatched Vulnerability : CVE-2025-65430

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as isactive=False after having handed tokens for that user while the account was...

Authentication Bypass

moodle/moodle is vulnerable to an authentication bypass. The vulnerability is due to improper enforcement of multi-factor authentication logic under certain conditions, which allows an attacker with valid credentials to bypass MFA and gain unauthorized access to user accounts...

Improper Session Invalidation

org.keycloak, keycloak-services is vulnerable to Improper session invalidation.The vulnerability is due to offline sessions remaining valid even after the offlineaccess scope is removed from the client, which allows an attacker with an existing offline refresh token to continue requesting new...

PT-2025-50839

The WatchTowerHQ plugin for WordPress is vulnerable to arbitrary file read via the 'wht download big object origin' parameter in all versions up to, and including, 3.15.0. This is due to insufficient path validation in the handle big object download request function. This makes it possible for...

UBUNTU-CVE-2025-40334

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate userq buffer virtual address and size It needs to validate the userq object virtual address to determine whether it is residented in a valid vm mapping...

CVE-2025-40806

A vulnerability has been identified in Gridscale X Prepay All versions V4.2.1. The affected application is vulnerable to user enumeration due to distinguishable responses. This could allow an unauthenticated remote attacker to determine if a user is valid or not, enabling a brute force attack wit...

PT-2025-49835

A vulnerability has been identified in Gridscale X Prepay All versions V4.2.1. The affected application is vulnerable to capture-replay of authentication tokens. This could allow an authenticated but already locked-out user to establish still valid user sessions...

PT-2025-50241

Name of the Vulnerable Software and Affected Versions IntelliChoice eFORCE Software Suite version 2.5.9 Description The software contains a flaw that allows attackers to identify valid usernames. This is achieved by exploiting the ctl00$MainContent$UserName POST parameter. By sending requests wit...

exfat: fix improper check of dentry.stream.valid_size

...

SUSE CVE-2025-40287

In the Linux kernel, the following vulnerability has been resolved: exfat: fix improper check of dentry.stream.validsize We found an infinite loop bug in the exFAT file system that can lead to a Denial-of-Service DoS condition. When a dentry in an exFAT filesystem is malformed, the following syst...