MongoDB -- may be susceptible to DoS due to Accumulated Memory Allocation

[email protected] reports: MongoDB Server may be susceptible to disruption caused by high memory usage, potentially leading to server crash. This condition is linked to inefficiencies in memory management related to internal operations. In scenarios where certain internal processes persist longer...

MongoDB -- Incomplete Redaction of Sensitive Information in MongoDB Server Logs

[email protected] reports: An issue has been identified in MongoDB Server where unredacted queries may inadvertently appear in server logs when certain error conditions are encountered...

mongodb -- Certain Queries May Cause MongoDB Server to Crash

[email protected] reports: An authorized user can issue queries with duplicate id fields, that leads to unexpected behavior in MongoDB Server, which may result to crash. This issue can only be triggered by authorized users and cause Denial of Service. This issue affects MongoDB Server v8.1 version...

redis,valkey -- Out of bounds write in hyperloglog commands leads to RCE

Seunghyun Lee reports: An authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potentially leading to remote code execution...

redis,valkey -- DoS Vulnerability due to bad connection error handling

@julienperriercornet reports: An unauthenticated connection can cause repeated IP protocol errors, leading to client starvation and, ultimately, a denial of service...

ModSecurity -- empty XML tag causes segmentation fault

[email protected] reports: ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.8 to before 2.9.11, an empty XML tag can cause a segmentation fault. If SecParseXmlIntoArgs is set to On or OnlyArgs, and the reques...

FreeBSD -- Use-after-free in multi-threaded xz decoder

Problem Description: A worker thread could free its input buffer after decoding, while the main thread might still be writing to it. This leads to an use-after-free condition on heap memory. Impact: An attacker may use specifically crafted .xz file to cause multi-threaded xz decoder to crash, or...

podman -- TLS connection used to pull VM images was not validated

RedHat, Inc. reports: A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 1 security fix: 427663123 High CVE-2025-6554: Type Confusion in V8...

MongoDB -- Running certain aggregation operations with the SBE engine may lead to unexpected behavior

[email protected] reports: An authenticated user may trigger a use after free that may result in MongoDB Server crash and other unexpected behavior, even if the user does not have authorization to shut down a server. The crash is triggered on affected versions by issuing an aggregation framework...

MongoDB -- Pre-authentication Denial of Service Stack Overflow Vulnerability in JSON Parsing via Excessive Recursion in MongoDB

[email protected] reports: MongoDB Server may be susceptible to stack overflow due to JSON parsing mechanism, where specifically crafted JSON inputs may induce unwarranted levels of recursion, resulting in excessive stack space consumption. Such inputs can lead to a stack overflow that causes the...

MongoDB -- Race condition in privilege cache invalidation cycle

NVD reports: Under certain conditions, an authenticated user request may execute with stale privileges following an intentional change by an authorized administrator...

MongoDB -- Pre-Authentication Denial of Service Vulnerability in MongoDB Server's OIDC Authentication

NVD reports: The MongoDB Server is susceptible to a denial of service vulnerability due to improper handling of specific date values in JSON input when using OIDC authentication. This can be reproduced using the mongo shell to send a malicious JSON payload leading to an invariant failure and serv...

gstreamer1-plugins-bad -- stack buffer overflow in H.266 video parser

GStreamer Security Center reports: It is possible for a malicious third party to trigger a buffer overflow that can result in a crash of the application and possibly also allow code execution through stack manipulation...

kanboard -- Password Reset Poisoning via Host Header Injection

GitHub Security Advisories reports: Kanboard allows password reset emails to be sent with URLs derived from the unvalidated Host header when the applicationurl configuration is unset default behavior. This allows an attacker to craft a malicious password reset link that leaks the token to an...

Gitlab -- Vulnerabilities

Gitlab reports: Denial of Service impacts GitLab CE/EE Missing Authentication issue impacts GitLab CE/EE Improper access control issue impacts GitLab CE/EE Elevation of Privilege impacts GitLab CE/EE Improper access control issue impacts GitLab EE...

firefox -- multiple vulnerabilities

[email protected] reports: Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. When a file download is...

firefox -- multiple vulnerabilities

[email protected] reports: An attacker was able to bypass the connect-src directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. When Multi-Account Containers was enabled, DNS requests could have bypass...

Mozilla -- exploitable crash

[email protected] reports: A use-after-free in FontFaceSet resulted in a potentially exploitable crash...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 11 security fixes: 407328533 Medium CVE-2025-6555: Use after free in Animation. Reported by Lyra Rebane rebane2001 on 2025-03-30 40062462 Low CVE-2025-6556: Insufficient policy enforcement in Loader. Reported by Shaheen Fazim on 2023-01-02 406631048 L...

Mozilla -- persistent UUID that identifies browser

[email protected] reports: An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firefox 140, Firefox E...

clamav -- ClamAV UDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Cisco reports: A vulnerability in Universal Disk Format UDF processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to a memory overread during UDF file scanning. An attacker could exploit thi...

clamav -- ClamAV PDF Scanning Buffer Overflow Vulnerability

Cisco reports: A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service DoS condition, or execute arbitrary code on an affected device. This vulnerability exists because memory buffers a...

quiche -- Multiple vulnerabilities

Quiche Releases reports: This update includes 2 security fixes: Medium CVE-2025-4820: Incorrect congestion window growth by optimistic ACK. Reported by Louis Navarre on 2025-06-18. High CVE-2025-4821: Incorrect congestion window growth by invalid ACK ranges. Reported by Louis Navarre on 2025-06-1...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 3 security fixes: 420697404 High CVE-2025-6191: Integer overflow in V8. Reported by Shaheen Fazim on 2025-05-27 421471016 High CVE-2025-6192: Use after free in Profiler. Reported by Chaoyuan Peng @ret2happy on 2025-05-31...

xorg server -- Multiple vulnerabilities

The X.Org project reports: CVE-2025-49176: Integer overflow in Big Requests Extension The Big Requests extension allows requests larger than the 16-bit length limit. It uses integers for the request length and checks for the size not to exceed the maxBigRequestSize limit, but does so after...

xorg server -- Multiple vulnerabilities

The X.Org project reports: CVE-2025-49175: Out-of-bounds access in X Rendering extension Animated cursors The X Rendering extension allows creating animated cursors providing a list of cursors. By default, the Xserver assumes at least one cursor is provided while a client may actually pass no...

Erlang - Absolute Path in Zip Module

https://github.com/erlang/otp/security/advisories/GHSA-9g37-pgj9-wrhc reports: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP stdlib modules allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program...

PostgreSQL JDBC library -- Improper Authentication

PostgreSQL JDBC Driver project reports: Client Allows Fallback to Insecure Authentication Despite channelBinding=require configuration. Fix channel binding required handling to reject non-SASL authentication Previously, when channel binding was set to "require", the driver would silently ignore...

Gitlab -- Vulnerabilities

Gitlab reports: HTML injection impacts GitLab CE/EE Cross-site scripting issue impacts GitLab CE/EE Missing authorization issue impacts GitLab Ultimate EE Denial of Service impacts GitLab CE/EE Denial of Service via unbounded Webhook token names impacts GitLab CE/EE Denial of Service via unbounde...

Firefox -- Multiple vulnerabilities

[email protected] reports: CVE-2025-49709: Certain canvas operations could have lead to memory corruption. CVE-2025-49710: An integer overflow was present in OrderedHashTable used by the JavaScript engine...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 2 security fixes: $8000420150619 High CVE-2025-5958: Use after free in Media. Reported by Huang Xilin of Ant Group Light-Year Security Lab on 2025-05-25 NA422313191 High CVE-2025-5959: Type Confusion in V8. Reported by Seunghyun Lee as part of...

electron{34,35,36} -- Out of bounds read and write in V8

Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2025-5419...

Chrome -- Out of bounds read

[email protected] reports: Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 3 security fixes: 420636529 High CVE-2025-5419: Out of bounds read and write in V8. Reported by Clement Lecigne and Benoît Sevens of Google Threat Analysis Group on 2025-05-27. This issue was mitigated on 2025-05-28 by a configuration change pushed ou...

ModSecurity -- possible DoS vulnerability

[email protected] reports: ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The sanitiseArg and sanitizeArg -...

Post-Auth Remote Code Execution found in Roundcube Webmail

Roundcube Webmail reports: Fix Post-Auth RCE via PHP Object Deserialization reported by firs0v...

electron{34,35} -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2025-4609. Security: backported fix for CVE-2025-4664...

navidrome -- transcoding permission bypass vulnerability

Deluan Quintão reports: A permission verification flaw in Navidrome allows any authenticated regular user to bypass authorization checks and perform administrator-only transcoding configuration operations, including creating, modifying, and deleting transcoding settings...

Navidrome -- SQL Injection via role parameter

Deluan reports: This vulnerability arises due to improper input validation on the role parameter within the API endpoint /api/artist. Attackers can exploit this flaw to inject arbitrary SQL queries, potentially gaining unauthorized access to the backend database and compromising sensitive user...

redis,valkey -- {redis,valkey}-check-aof may lead to stack overflow and potential RCE

Simcha Kosman & CyberArk Labs reports: A user can run the redis,valkeyu-check-aof cli and pass a long file path to trigger a stack buffer overflow, which may potentially lead to remote code execution...

ISC KEA -- Multiple vulnerabilities

Internet Systems Consortium, Inc. reports: Loading a malicious hook library can lead to local privilege escalation https://kb.isc.org/docs/cve-2025-32801 Insecure handling of file paths allows multiple local attacks https://kb.isc.org/docs/cve-2025-32802 Insecure file permissions can result in...

curl -- Multiple vulnerabilities

curl security team reports: CVE-2025-5025: No QUIC certificate pinning with wolfSSL CVE-2025-4947: QUIC certificate check skip with wolfSSL...

libxml2 -- multiple vulnerabilities

Alan Coopersmith reports: As discussed in https://gitlab.gnome.org/GNOME/libxml2/-/issues/913 the security policy of libxml2 has been changed to disclose vulnerabilities before fixes are available so that people other than the maintainer can contribute to fixing security issues in this library. A...

Mozilla -- XS-leak attack

[email protected] reports: Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks...

Mozilla -- memory corruption

[email protected] reports: Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code...

Firefox -- content injection attack

[email protected] reports: Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks...

Mozilla -- local code execution

[email protected] reports: Due to insufficient escaping of the newline character in the Copy as cURL feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 11 security fixes: 411573532 High CVE-2025-5063: Use after free in Compositing. Reported by Anonymous on 2025-04-18 417169470 High CVE-2025-5280: Out of bounds write in V8. Reported by pwn2car on 2025-05-12 40058068 Medium CVE-2025-5064: Inappropriate...

Mozilla -- Memory safety bugs

[email protected] reports: Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...