electron32 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2025-0445. Security: backported fix for CVE-2025-0998...

unit -- potential security issue

The NGINX Unit team reports: Unit 1.34.2 fixes two issues in the Java language module websocket code. It addresses a potential security issue where we could get a negative payload length that could cause the Java language module processes to enter an infinite loop and consume excess CPU. This was...

vim -- Improper Input Validation in Vim

[email protected] reports: Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of compressed or uncompressed tar files. Starting with 9.1.0858, the tar.vim plugin uses the ":read" ex command line to append below the cursor position, however the is not...

vim -- Potential code execution

vim reports: Summary Potential code execution with tar.vim and special crafted tar files Description Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of compressed or uncompressed tar files. Since commit 129a844 Nov 11, 2024 runtimetar: Update tar.vim to support...

Spotipy -- Spotipy's cache file, containing spotify auth token, is created with overly broad permissions

[email protected] reports: Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw-----...

electron{32,33} -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2025-0611. Security: backported fix for CVE-2025-0612. Security: backported fix for CVE-2025-0999...

php -- Multiple vulnerabilities

php.net reports: CVE-2025-1735: pgsql extension does not check for errors during escaping CVE-2025-6491: NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix CVE-2025-1220: Null byte termination in hostnames...

Gitlab -- Vulnerabilities

Gitlab reports: XSS in k8s proxy endpoint XSS Maven Dependency Proxy HTML injection leads to XSS on self hosted instances Improper Authorisation Check Allows Guest User to Read Security Policy Planner role can read code review analytics in private projects...

xorg server -- Multiple vulnerabilities

The X.Org project reports: CVE-2025-26594: Use-after-free of the root cursor The root cursor is referenced in the xserver as a global variable. If a client manages to free the root cursor, the internal reference points to freed memory and causes a use-after-free. CVE-2025-26595: Buffer overflow i...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 1 security fix...

glpi-project -- GLPI multiple vulnerabilities

[email protected] reports: CVE-2024-11955: A vulnerability was found in GLPI up to 10.0.17. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument redirect leads to open redirect. The...

Navidrome -- Authentication bypass in Subsonic API

Deluan reports: In certain Subsonic API endpoints, authentication can be bypassed by using a non-existent username combined with an empty salted password hash. This allows read-only access to the server’s resources, though attempts at write operations fail with a “permission denied” error...

FreeBSD -- Multiple vulnerabilities in OpenSSH

Problem Description: OpenSSH client host verification error CVE-2025-26465 ssh1 contains a logic error that allows an on-path attacker to impersonate any server during certain conditions when the VerifyHostKeyDNS option is enabled. OpenSSH server denial of service CVE-2025-26466 The OpenSSH clien...

exim -- SQL injection

[email protected] reports: Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection...

cisco -- OpenH264 Decoding Functions Heap Overflow Vulnerability

Cisco reports: A vulnerability in the decoding functions of OpenH264 codec library could allow a remote, unauthenticated attacker to trigger a heap overflow. This vulnerability is due to a race condition between a Sequence Parameter Set SPS memory allocation and a subsequent non Instantaneous...

qt6-webengine -- Multiple vulnerabilities

Qt qtwebengine-chromium repo reports: Backports for 11 security bugs in Chromium: CVE-2024-11477: 7-Zip Zstd decompression integer underflow CVE-2025-0762: Use after free in DevTools CVE-2025-0996: Inappropriate implementation in Browser UI CVE-2025-0998: Out of bounds memory access in V8...

libxml2 -- Use After Free

[email protected] reports: libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a craft...

libxml2 -- Stack-based Buffer Overflow

[email protected] reports: libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047...

exiv2 -- Use after free in TiffSubIfd

Kevin Backhouse reports: A heap buffer overflow was found in Exiv2 versions v0.28.0 to v0.28.4. Versions prior to v0.28.0, such as v0.27.7, are not affected. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The heap overflo...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 3 security fixes: 394350433 High CVE-2025-0999: Heap buffer overflow in V8. Reported by Seunghyun Lee @0x10n on 2025-02-04 383465163 High CVE-2025-1426: Heap buffer overflow in GPU. Reported by un3xploitable and GF on 2024-12-11 390590778 Medium...

caldera -- Remote Code Execution

MITRE Caldera contributor report: In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution RCE vulnerability was found in the dynamic agent implant compilation functionality of the server. This allows remote attackers to execute arbitrary code on the server that Caldera is...

qt5-webengine -- Use after free in Compositing

Qt qtwebengine-chromium repo reports: Backports for 1 security bug in Chromium: CVE-2024-12694: Use after free in Compositing...

PostgreSQL -- PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation

The PostgreSQL Project reports: Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection...

Gitlab -- Vulnerabilities

Gitlab reports: A CSP-bypass XSS in merge-request page Denial of Service due to Unbounded Symbol Creation Exfiltrate content from private issues using Prompt Injection A custom permission may allow overriding Repository settings Internal HTTP header leak via route confusion in workhorse SSRF via...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 4 security fixes: 391907159 High CVE-2025-0995: Use after free in V8. Reported by Popax21 on 2025-01-24 391788835 High CVE-2025-0996: Inappropriate implementation in Browser UI. Reported by yuki yamaoto on 2025-01-23 391666328 High CVE-2025-0997: Use...

OpenSSL -- Man-in-the-Middle vulnerability

The OpenSSL project reports: RFC7250 handshakes with unauthenticated servers don't abort as expected High. Clients using RFC7250 Raw Public Keys RPKs to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSLVERIFYPEE...

vscode -- multiple vulnerabilities

VSCode developers report: The update addresses these issues, including a fix for a security vulnerability. Scope nodemodule binary resolution in js-debug Elevation of Privilege Vulnerability with VS Code server for web UI...

Intel CPUs -- multiple vulnerabilities

Intel reports: A potential security vulnerability in some Intel Processors may allow denial of service. Intel released microcode updates to mitigate this potential vulnerability. A potential security vulnerability in some Intel Software Guard Extensions Intel SGX Platforms may allow denial of...

Emacs -- Arbitrary code execution vulnerability

Problem Description A shell injection vulnerability exists in GNU Emacs due to improper handling of custom man URI schemes. Impact Initially considered low severity, as it required user interaction with local files, it was later discovered that an attacker could exploit this vulnerability by...

nginx-devel -- SSL session reuse vulnerability

The nginx development team reports: This update fixes the SSL session reuse vulnerability...

mozilla -- multiple vulnerabilities

[email protected] reports: A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have...

mozilla -- multiple vulnerabilities

[email protected] reports: Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. The fullscreen notification is prematurely...

Thundirbird -- unprivileged JavaScript code execution

[email protected] reports: The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the Other field of the Instant Messaging section. If another user...

MariaDB -- DoS vulnerability in InnoDB

MariaDB reports: Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL...

mozilla -- multiple vulnerabilities

[email protected] reports: An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. A race during concurrent...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 12 security fixes: 390889644 High CVE-2025-0444: Use after free in Skia. Reported by Francisco Alonso @revskills on 2025-01-19 392521083 High CVE-2025-0445: Use after free in V8. Reported by 303f06e3 on 2025-01-27 40061026 Medium CVE-2025-0451:...

cacti -- Multiple vulnerabilities

Cacti repo reports: security GHSA-c5j8-jxj3-hh36: Authenticated RCE via multi-line SNMP responses security GHSA-f9c7-7rc3-574c: SQL Injection vulnerability when using tree rules through Automation API security GHSA-fh3x-69rr-qqpp: SQL Injection vulnerability when request automation devices securi...

FreeBSD -- Uninitialized kernel memory disclosure via ktrace(2)

Problem Description: In some cases, the ktrace facility will log the contents of kernel structures to userspace. In one such case, ktrace dumps a variable-sized sockaddr to userspace. There, the full sockaddr is copied, even when it is shorter than the full size. This can result in up to 14...

FreeBSD -- OpenSSH Keystroke Obfuscation Bypass

Problem Description: A logic error in the ssh1 ObscureKeystrokeTiming feature on by default rendered this feature ineffective. Impact: A passive observer could detect which network packets contain real keystrokes, and infer the specific characters being transmitted from packet timing...

postorius -- XSS

NIST reports: Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as exploited in the wild in May 2026...

FreeBSD -- Buffer overflow in some filesystems via NFS

Problem Description: In order to export a file system via NFS, the file system must define a file system identifier FID for all exported files. Each FreeBSD file system implements operations to translate between FIDs and vnodes, the kernel's in-memory representation of files. These operations are...

FreeBSD -- Unprivileged access to system files

Problem Description: When etcupdate encounters conflicts while merging files, it saves a version containing conflict markers in /var/db/etcupdate/conflicts. This version does not preserve the mode of the input file, and is world-readable. This applies to files that would normally have restricted...

Vaultwarden -- Multiple vulnerabilities

The Vaultwarden project reports: RCE in the admin panel. Getting access to the Admin Panel via CSRF. Escalation of privilege via variable confusion in OrgHeaders trait...

electron32 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-12693. Security: backported fix for CVE-2024-12694. Security: backported fix for CVE-2024-12695. Security: backported fix for CVE-2025-0434. Security: backported fix for CVE-2025-043...

clamav -- Possbile denial-of-service vulnerability

The ClamAV project reports: A possible buffer overflow read bug is found in the OLE2 file parser that could cause a denial-of-service DoS condition...

Gitlab -- Vulnerabilities

Gitlab reports: Stored XSS via Asciidoctor render Developer could exfiltrate protected CI/CD variables via CI lint Cyclic reference of epics leads resource exhaustion...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 3 security fixes: 386143468 High CVE-2025-0611: Object corruption in V8. Reported by 303f06e3 on 2024-12-26 385155406 High CVE-2025-0612: Out of bounds memory access in V8. Reported by Alan Goodman on 2024-12-20...

electron33 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2025-0434. Security: backported fix for CVE-2025-0436. Security: backported fix for CVE-2025-0437...

py-mysql-connector-python -- Vulnerability in the MySQL Connectors product of Oracle MySQL

Oracle reports: Vulnerability in the MySQL Connectors product of Oracle MySQL component: Connector/Python. Supported versions that are affected are 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 2 security fixes: 384844003 Medium CVE-2025-0762: Use after free in DevTools. Reported by Sakana.S on 2024-12-18...