httpd:2.4 security update

An update is available for module.modhttp2, module.modmd, modmd, httpd, modhttp2, module.httpd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd package...

os/exec: Unexpected paths returned from LookPath in os/exec

A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath "", ".", and "..", can result in the binaries listed in the PATH being unexpectedly returned...

httpd: Apache HTTP Server: CGI environment variable override

A configuration override flaw has been discovered in the apache HTTP server. Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server...

Open Design Alliance Drawings SDK 安全漏洞

Open Design Alliance Drawings SDK is a software development kit for drawing design applications from Open Design Alliance, USA. The SDK provides access to .dwg and .dgn data through a convenient, object-oriented API, a C++ API, support for repairing files, and support for .NET, JAVA, and Python...

PT-2025-52653

Name of the Vulnerable Software and Affected Versions Open Design Alliance Drawings SDK versions prior to 2026.12 Description A Use of Uninitialized Variable issue exists in the software. A static object COdaMfcAppApp theApp may access OdString::kEmpty before its initialization. This is due to...

Important: httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Apache HTTP Server: CGI environment variable override CVE-2025-65082 httpd: Apache HTTP Server: moduserdir+suexec bypass via AllowOverride FileInfo CVE-2025-66200 httpd:...

RHEL 8 : httpd:2.4 (RHSA-2025:23732)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:23732 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Apache HTTP...

PT-2025-52703

Name of the Vulnerable Software and Affected Versions SOUND4 LinkAndShare Transmitter version 1.1.2 Description SOUND4 LinkAndShare Transmitter version 1.1.2 contains a format string vulnerability. This allows attackers to trigger memory stack overflows through maliciously crafted environment...

Optimizing Epsilon Security Parameters in QKD

We investigate the optimization of epsilon-security parameters in quantum key distribution QKD, aiming to improve the achievable secure key rate under a fixed overall composable security level. For this purpose, we employ a continuous genetic algorithm CGA to optimize the epsilon-security...

(0Day) NSF Unidata NetCDF-C Variable Name Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing o...

Mozilla Thunderbird < 31.3

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 31.3. It is, therefore, affected by a vulnerability as referenced in the mfsa2014-90 advisory. - jemalloc poisoning plus Apple uninitialized variable usage triggers keylogging in /tmp/ on OSX 10.10CVE-2014-1595...

(0Day) NSF Unidata NetCDF-C NC Variable Integer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing o...

PT-2025-52391

Name of the Vulnerable Software and Affected Versions NSF Unidata NetCDF-C affected versions not specified Description A flaw exists in the parsing of variable names, stemming from insufficient validation of user-supplied data length before copying it into a fixed-length stack-based buffer. This...

EulerOS Virtualization 2.13.0 : libssh (EulerOS-SA-2025-2584)

According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to...

CVE-2025-65233

Reflected cross-site scripting XSS in SLiMS slims9bulian before 9.6.0 via improper handling of $SERVER'PHPSELF' in index.php/sysconfig.inc.php, which allows remote attackers to execute arbitrary JavaScript in a victim's browser by supplying a crafted URL path...

CVE-2025-65233

Reflected cross-site scripting XSS in SLiMS slims9bulian before 9.6.0 via improper handling of $SERVER'PHPSELF' in index.php/sysconfig.inc.php, which allows remote attackers to execute arbitrary JavaScript in a victim's browser by supplying a crafted URL path...

CVE-2025-43529

A flaw was found in webkitgtk where when processing a maliciously crafted web content a use-after-free type of weaknesses may be triggered leading to a remote code execution in the client machine. Mitigation To mitigate this issue, avoid processing untrusted web content. Additionally, disabling t...

Random Coding for Long-Range Continuous-Variable QKD

Quantum Key Distribution QKD schemes are key exchange protocols based on the physical properties of quantum channels. They avoid the computational-hardness assumptions that underlie the security of classical key exchange. Continuous-Variable QKD CVQKD, in contrast to qubit-based discrete-variable...

CVE-2025-65233

Reflected cross-site scripting XSS in SLiMS slims9bulian before 9.6.0 via improper handling of $SERVER'PHPSELF' in index.php/sysconfig.inc.php, which allows remote attackers to execute arbitrary JavaScript in a victim's browser by supplying a crafted URL path...

CVE-2025-65233

Reflected cross-site scripting XSS in SLiMS slims9bulian before 9.6.0 via improper handling of $SERVER'PHPSELF' in index.php/sysconfig.inc.php, which allows remote attackers to execute arbitrary JavaScript in a victim's browser by supplying a crafted URL path...