4 matches found
OPENSUSE-SU-2026:20251-1 Security update for cockpit-repos
This update for cockpit-repos fixes the following issues: Update to version 4.7. Security issues fixed: - CVE-2025-13465: prototype pollution in the .unset and .omit functions can lead to deletion of methods from global bsc1257325. - CVE-2025-64718: js-yaml prototype pollution in merge bsc1255425...
Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs.
Summary IBM Maximo Application Suite uses "tomcat-embed-core-10.1.46.jar, js-yaml-4.1.0.tgz, keras-2.14.0-py3-none-any.whl, logback-core-1.5.18.jar, werkzeug-3.0.6-py3-none-any.whl" which are vulnerable to "CVE-2025-61795, CVE-2025-64718, CVE-2025-12058, CVE-2025-11226, CVE-2025-66221". This...
CVE-2025-64718 vulnerabilities
Vulnerabilities for packages: vitess, librechat, sqlpad, langfuse, drupal, prism, pulumi, gitlab-rails-ce, kibana, kubeflow-pipelines, saf, semaphore, thingsboard, redisinsight, lerna, opensearch-dashboards-fips, jitsucom-jitsu, code-server, arangodb, argo-workflows, gitlab-rails-ce-fips, eslint,...
CVE-2025-64718
js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution proto. All users who parse untrusted yaml documents may be impacted. The problem is patched in...