libxslt -- multiple vulnerabilities

Alan Coopersmith reports: On 6/16/25 15:12, Alan Coopersmith wrote: BTW, users of libxml2 may also be using its sibling project, libxslt, which currently has no active maintainer, but has three unfixed security issues reported against it according to...

Gitlab -- Vulnerabilities

Gitlab reports: Denial of service via CI pipelines Unintentionally authorizing sensitive actions on users behalf IP Restriction Bypass through GraphQL Subscription Unauthorized users can list the number of confidential issues Debugging Information Disclosed...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 2 security fixes: 405140652 High CVE-2025-3066: Use after free in Site Isolation. Reported by Sven Dysthe @svn-dys on 2025-03-21...

libxml2 -- Out-of-bounds memory access

[email protected] reports: In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API Python bindings because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters...

sqlite -- integer overflow

[email protected] reports: In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concatws SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string e.g., 2MB or more, an integer overflow occurs in...

powerdns-recursor -- denial of service

PowerDNS Team reports: PowerDNS Security Advisory 2025-01: A crafted zone can lead to an illegal memory access in the Recursor...

Grafana -- DingDing contact points exposed in Grafana Alerting

Grafana Labs reports: An incident occurred where the DingDing alerting integration URL was inadvertently exposed to viewers due to a setting oversight, which we learned about through a bug bounty report. The CVSS 3.0 score for this vulnerability is 4.3 Medium...

Grafana -- Bypass Viewer and Editor permissions

Grafana Labs reports: During the development of a new feature in Grafana 11.6.x, a security vulnerability was introduced that allows for Viewers and Editors to bypass dashboard-specific permissions. As a result, users with the Viewer role could view all the dashboards within their org and users...

Yelp -- arbitrary file read

[email protected] reports: A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment...

Yelp -- arbitrary file read

[email protected] reports: A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment...

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description Medium SECURITY-3512 / CVE-2025-31720 Missing permission check allows retrieving agent configurations Description Medium SECURITY-3513 / CVE-2025-31721 Missing permission check allows retrieving secrets from agent configurations...

Mozilla -- memory corruption

[email protected] reports: Memory safety bugs present in Firefox 136 and Thunderbird 136. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

Mozilla -- stack memory read

[email protected] reports: An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function...

Mozilla -- use-after-free error

[email protected] reports: JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free...

MongoDB -- Unauthorized access to underlying data

[email protected] reports: A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlying data. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.20, Mongo...

Mozilla -- Memory corruption

[email protected] reports: Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

sudo -- privilege escalation vulnerability through host and chroot options

Todd C. Miller reports, crediting Rich Mirch from Stratascale Cyber Research Unit CRU: Sudo 1.9.17p1: Fixed CVE-2025-32462. Sudo's -h --host option could be specified when running a command or editing a file. This could enable a local privilege escalation attack if the sudoers file allows the use...

Mozilla -- privilege escalation attack

[email protected] reports: Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks...

Mozilla -- URL spoofing attack

[email protected] reports: A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 13 security fixes: 376491759 Medium CVE-2025-3067: Inappropriate implementation in Custom Tabs. Reported by Philipp Beer TU Wien on 2024-10-31 401823929 Medium CVE-2025-3068: Inappropriate implementation in Intents. Reported by Simon Rawet on 2025-03-...

MongoDB -- crash due to improper validation of explain command

[email protected] reports: When run on commands with certain arguments set, explain may fail to validate these arguments before using them. This can lead to crashes in router servers. This affects MongoDB Server v5.0 prior to 5.0.31, MongoDB Server v6.0 prior to 6.0.20, MongoDB Server v7.0 prior to...

MongoDB -- Malformed wire protocol messages may cause mongos to crash

[email protected] reports: Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31, MongoDB v6.0 versions prior to6.0.20 and MongoDB v7...

electron{33,34} -- Incorrect handle provided in unspecified circumstances in Mojo

Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2025-2783...

openvpn -- server-side denial-of-service vulnerability with tls-crypt-v2

Gert Doering reports: OpenVPN servers between 2.6.1 and 2.6.13 using --tls-crypt-v2 can be made to abort with an ASSERT message by sending a particular combination of authenticated and malformed packets. To trigger the bug, a valid tls-crypt-v2 client key is needed, or network observation of a...

py-matrix-synapse -- federation denial of service via malformed events

element-hq/synapse developers report: A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild...

Gitlab -- Vulnerabilities

Gitlab reports: Cross-site Scripting XSS through merge-request error messages Cross-site Scripting XSS through improper rendering of certain file types Admin Privileges Persists After Role is Revoked External user can access internal projects Prompt injection in Amazon Q integration may allow...

Grafana -- Authorization bypass in data source proxy API

Grafana Labs reports: This vulnerability, which was discovered while reviewing a pull request from an external contributor, effects Grafana’s data source proxy API and allows authorization checks to be bypassed by adding an extra slash character / in the URL path. Among Grafana-maintained data...

electron{33,34} -- Type Confusion in V8

Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2025-1920...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 2 security fixes: 401029609 Critical CVE-2025-2476: Use after free in Lens. Reported by SungKwon Lee of Enki Whitehat on 2025-03-05...

expat: improper restriction of xml entity expansion depth

[email protected] reports: A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack...

Grafana -- DOM XSS vulnerability

Grafana Labs reports: An external security researcher responsibly reported a security vulnerability in Grafana’s built-in XY chart plugin that is vulnerable to a DOM XSS vulnerability. The CVSS score for this vulnerability is 6.8 MEDIUM...

libxslt -- multiple vulnerabilities

CVE-2024-55549 Fix UAF related to excluded namespaces xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes. CVE-2025-24855 Fix use-after-free of XPath context node numbers.c in libxslt before 1.1.43 has a use-after-free because , in...

shibboleth-sp -- Parameter manipulation allows the forging of signed SAML messages

The Shibboleth Project reports: An updated version of the OpenSAML C++ library is available which corrects a parameter manipulation vulnerability when using SAML bindings that rely on non-XML signatures. The Shibboleth Service Provider is impacted by this issue, and it manifests as a critical...

php -- Multiple vulnerabilities

php.net reports: CVE-2024-11235: Core: Fixed GHSA-rwp7-7vc6-8477 Reference counting in phprequestshutdown causes Use-After-Free. CVE-2025-1219: LibXML: Fixed GHSA-p3x9-6h7p-cgfc libxml streams use wrong content-type header when requesting a redirected resource. CVE-2025-1736: Streams: Fixed...

Gitlab -- Vulnerabilities

Gitlab reports: CVE-2025-25291 and CVE-2025-25292 third party gem ruby-saml CVE-2025-27407 third party gem graphql Denial of Service Due to Inefficient Processing of Untrusted Input Credentials disclosed when repository mirroring fails Denial of Service Vulnerability in GitLab Approval Rules due ...

gitea -- Multiple vulnerabilities

[email protected] reports: Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied. go-redis ...

vim -- potential data loss with zip.vim and specially crafted zip files

Vim reports: See https://github.com/vim/vim/security/advisories/GHSA-693p-m996-3rmf...

suricata -- Multiple vulnerabilities

Suricate team reports: Multiple vulnerabilities CVE-2025-29915: Severity HIGH. The AFPACKET defrag option is enabled by default and allows AFPACKET to re-assemble fragmented packets before reaching Suricata. However the default packet size in Suricata is based on the network interface MTU which...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 5 security fixes: 398065918 High CVE-2025-1920: Type Confusion in V8. Reported by Excello s.r.o. on 2025-02-21 400052777 High CVE-2025-2135: Type Confusion in V8. Reported by Zhenghang Xiao @Kipreyyy on 2025-03-02 401059730 High CVE-TBD: Out of bounds...

electron33 -- multiple vulnerabilities

Electron develpers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2025-0445. Security: backported fix for CVE-2025-0995. Security: backported fix for CVE-2025-0998...

Jinja2 -- Sandbox breakout through attr filter selecting format method

[email protected] reports: Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the...

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description Medium SECURITY-3495 / CVE-2025-27622 Encrypted values of secrets stored in agent configuration revealed to users with Agent/Extended Read permission Description Medium SECURITY-3496 / CVE-2025-27623 Encrypted values of secrets stored in view configuration...

mozilla -- use-after-free in WebTransport connection

[email protected] reports: It was possible to cause a use-after-free in the content process side of a WebTransport connection, leading to a potentially exploitable crash...

mozilla -- memory corruption

[email protected] reports: Memory safety bugs present in Firefox 135 and Thunderbird 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 14 security fixes: 397731718 High CVE-2025-1914: Out of bounds read in V8. Reported by Zhenghang Xiao @Kipreyyy and Nan Wang @eternalsakura13 on 2025-02-20 391114799 Medium CVE-2025-1915: Improper Limitation of a Pathname to a Restricted Directory in...

mozilla -- multiple vulnerabilities

[email protected] reports: An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of-bounds access. Only affected version 122 and later. This vulnerability affects Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8. Under certain...

mozilla -- memory corruption

[email protected] reports: CVE-2025-1938: Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrar...

mozilla -- 64 bit JIT WASM read on left over memory

[email protected] reports: On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type...

mozilla -- Memory safety bugs

[email protected] reports: Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run...

libreoffice -- Macro URL arbitrary script execution

[email protected] reports: LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser...