CVE-2025-5352

CVE-2025-5352 describes a critical stored XSS in Lunary Analytics; the NEXT_PUBLIC_CUSTOM_SCRIPT environment variable is injected into the DOM via dangerouslySetInnerHTML without sanitization in Lunary versions

CVE-2025-5352 Environment Variable XSS in Analytics Component in lunary-ai/lunary

A critical stored Cross-Site Scripting XSS vulnerability exists in the Analytics component of lunary-ai/lunary versions up to 1.9.23, where the NEXTPUBLICCUSTOMSCRIPT environment variable is directly injected into the DOM using dangerouslySetInnerHTML without any sanitization or validation. This...

CVE-2025-5352 Environment Variable XSS in Analytics Component in lunary-ai/lunary

A critical stored Cross-Site Scripting XSS vulnerability exists in the Analytics component of lunary-ai/lunary versions up to 1.9.23, where the NEXTPUBLICCUSTOMSCRIPT environment variable is directly injected into the DOM using dangerouslySetInnerHTML without any sanitization or validation. This...

PT-2025-34524 · Lunary Ai · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary versions up to 1.9.23 Description: A critical stored Cross-Site Scripting XSS vulnerability exists in the Analytics component. The NEXT PUBLIC CUSTOM SCRIPT environment variable is directly injected into the DOM using...

CVE-2025-9162 Org.keycloak/keycloak-model-storage-service: variable injection into environment variables

A flaw was found in org.keycloak/keycloak-model-storage-service. The KeycloakRealmImport custom resource substitutes placeholders within imported realm documents, potentially referencing environment variables. This substitution process allows for injection attacks when crafted realm documents are...

PT-2025-34237

Name of the Vulnerable Software and Affected Versions: org.keycloak/keycloak-model-storage-service affected versions not specified Description: A flaw exists in the KeycloakRealmImport custom resource, which substitutes placeholders within imported realm documents, referencing environment...

TencentOS Server 4: mtr (TSSA-2025:0537)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0537 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

CVE-2025-55214

Copier library and CLI app for rendering project templates. From 7.1.0 to before 9.9.1, Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it...

Security update for go1.25

go1.25 released 2025-08-12 is a major release of Go. go1.25.x minor releases will be provided through August 2026. https://github.com/golang/go/wiki/Go-Release-Cycle go1.25 arrives six months after Go 1.24. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As...

CVE-2025-9176

A security flaw has been discovered in neurobin shc up to 4.0.3. Impacted is the function make of the file src/shc.c of the component Environment Variable Handler. The manipulation results in os command injection. The attack is only possible with local access. The exploit has been released to the...

CVE-2025-9176

A security flaw has been discovered in neurobin shc up to 4.0.3. Impacted is the function make of the file src/shc.c of the component Environment Variable Handler. The manipulation results in os command injection. The attack is only possible with local access. The exploit has been released to the...

Autodesk Multiple Vulnerabilities (AutoCAD) (adsk-sa-2025-0017)

The 2025 version of Autodesk AutoCAD installed on the remote Windows host is a version prior to 2026.1. It is, therefore, affected by multiple vulnerabilities: - A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicio...

CVE-2025-9176 neurobin shc Environment Variable shc.c make os command injection

A security flaw has been discovered in neurobin shc up to 4.0.3. Impacted is the function make of the file src/shc.c of the component Environment Variable Handler. The manipulation results in os command injection. The attack is only possible with local access. The exploit has been released to the...

CVE-2025-9176 neurobin shc Environment Variable shc.c make os command injection

A security flaw has been discovered in neurobin shc up to 4.0.3. Impacted is the function make of the file src/shc.c of the component Environment Variable Handler. The manipulation results in os command injection. The attack is only possible with local access. The exploit has been released to the...

CVE-2025-9176

CVE-2025-9176 affects neurobin shc up to version 4.0.3. The vulnerability is in the Environment Variable Handler, specifically the make function in src/shc.c, enabling local OS command injection. Exploitation requires local access, and public exploits/ PoC are mentioned in multiple sources. Remed...

AZL-66464 CVE-2025-38585 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: staging: media: atomisp: Fix stack buffer overflow in gmingetvarint When gmingetconfigvar calls efi.getvariable and the EFI variable is larger than the expected buffer size, two behaviors combine to create a stack buffer overflow...

CVE-2025-38585

In the Linux kernel, the following vulnerability has been resolved: staging: media: atomisp: Fix stack buffer overflow in gmingetvarint When gmingetconfigvar calls efi.getvariable and the EFI variable is larger than the expected buffer size, two behaviors combine to create a stack buffer overflow...

DEBIAN-CVE-2025-38585

In the Linux kernel, the following vulnerability has been resolved: staging: media: atomisp: Fix stack buffer overflow in gmingetvarint When gmingetconfigvar calls efi.getvariable and the EFI variable is larger than the expected buffer size, two behaviors combine to create a stack buffer overflow...

UBUNTU-CVE-2025-38585

In the Linux kernel, the following vulnerability has been resolved: staging: media: atomisp: Fix stack buffer overflow in gmingetvarint When gmingetconfigvar calls efi.getvariable and the EFI variable is larger than the expected buffer size, two behaviors combine to create a stack buffer overflow...

CVE-2025-38585 staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int()

In the Linux kernel, the following vulnerability has been resolved: staging: media: atomisp: Fix stack buffer overflow in gmingetvarint When gmingetconfigvar calls efi.getvariable and the EFI variable is larger than the expected buffer size, two behaviors combine to create a stack buffer overflow...