curl -- Multiple vulnerabilities

The curl project reports: Multiple vulnerabilities...

security/libsodium -- crypto_core_ed25519_is_valid_point mishandles checks for whether an elliptic curve point is valid

Libsodium maintainer reports: The function cryptocoreed25519isvalidpoint, a low-level function used to check if a given elliptic curve point is valid, was supposed to reject points that aren't in the main cryptographic group, but some points were slipping through...

phpmyfaq -- multiple vulnerabilities

phpMyFAQ team reports: Stored cross-site scripting XSS and unauthenticated config backup download vulnerability...

gstreamer1-plugins-bad -- Out-of-bounds reads in MIDI parser

The GStreamer Security Center reports: Multiple out-of-bounds reads in the MIDI parser that can cause crashes for certain input files...

Forgejo -- Symbolic Link (Symlink) Following

https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/13.0.2.md reports: Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template...

net-mgmt/net-snmp -- Remote Code Execution (snmptrapd)

net-snmp development team reports: A specially crafted packet to an net-snmp snmptrapd daemon can cause a buffer overflow and the daemon to crash...

fluidsynth -- Use after free when using DLS files

The fluidsynth authors report: A race condition during unloading of a DLS file can trigger a heap-based use-after-free. A concurrently running thread may be pending to unload a DLS file, leading to use of freed memory, if the synthesizer is being concurrently destroyed, or samples of the unloaded...

smb4k -- Critical vulnerabilities in Mount Helper

vulndb reports: A vulnerability, which was classified as critical, was found in smb4k up to 4.0.4. Affected is some unknown functionality of the component Mount Helper. The manipulation with an unknown input leads to a access control vulnerability. CWE is classifying the issue as CWE-284. The...

MongoDB -- Improper Handling of Length Parameter Inconsistency

https://jira.mongodb.org/browse/SERVER-115508 reports: Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client...

Firefox -- Memory safety bugs

https://bugzilla.mozilla.org/buglist.cgi?bugid=1996570%2C1999700 reports: Memory safety bugs present in Firefox 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

Firefox -- Use-after-free

https://bugzilla.mozilla.org/showbug.cgi?id=2000597 reports: Use-after-free in the Disability Access APIs component...

FreeBSD -- Remote code execution via ND6 Router Advertisements

Problem Description: The rtsol8 and rtsold8 programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf8 unmodified. resolvconf8 is a shell script which does not validate its input. A lack of quoting meant that shell...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 2 security fixes: 448294721 High CVE-2025-14765: Use after free in WebGPU. Reported by Anonymous on 2025-09-30 466786677 High CVE-2025-14766: Out of bounds read and write in V8. Reported by Shaheen Fazim on 2025-12-08...

FreeBSD -- ipfw denial of service

Problem Description: In some cases, the tcp-setmss handler may free the packet data and throw an error without halting the rule processing engine. A subsequent rule can then allow the traffic after the packet data is gone, resulting in a NULL pointer dereference. Impact: Maliciously crafted packe...

Roundcube -- Multiple vulnerabilities

The Roundcube project reports: Cross-Site-Scripting vulnerability via SVG’s animate tag Information Disclosure vulnerability in the HTML style sanitizer...

github-release-monitor -- multiple vulnerabilities

https://nextjs.org/blog/security-update-2025-12-11 reports: Description Medium Source Code Exposure: CVE-2025-55183 A specifically crafted HTTP request can cause a Server Function to return the compiled source code of other Server Functions in your application. This could reveal business logic...

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description High SECURITY-3630 / CVE-2025-67635 Denial of service vulnerability in HTTP-based CLI Medium SECURITY-1809 / CVE-2025-67636 Missing permission check on password fields Medium SECURITY-783 / CVE-2025-67637 storage, CVE-2025-67638 masking Build authorization...

Gitlab -- vulnerabilities

Gitlab reports: Cross-site scripting issue in Wiki impacts GitLab CE/EE Improper encoding in vulnerability reports impacts GitLab CE/EE Cross-site scripting issue in Swagger UI impacts GitLab CE/EE Denial of service issue in GraphQL endpoints impacts GitLab CE/EE Authentication bypass issue for...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 3 security fixes: 466192044 High: Under coordination. 460599518 Medium CVE-2025-14372: Use after free in Password Manager. Reported by Weipeng Jiang @Krace of VRI on 2025-11-14 461532432 Medium CVE-2025-14373: Inappropriate implementation in Toolbar...

Mozilla -- Same-origin policy bypass

https://bugzilla.mozilla.org/showbug.cgi?id=2000218 reports: Same-origin policy bypass in the Request Handling component...

Mozilla -- JIT miscompilation

https://bugzilla.mozilla.org/showbug.cgi?id=1998050 reports: JIT miscompilation in the JavaScript Engine: JIT component...

Mozilla -- Privilege escalation

https://bugzilla.mozilla.org/showbug.cgi?id=1996761 reports: Privilege escalation in the Netmonitor component...

Mozilla -- Memory safety bugs

https://bugzilla.mozilla.org/buglist.cgi?bugid=1966501%2C1997639 reports: Memory safety bugs. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

Mozilla -- Privilege escalation

https://bugzilla.mozilla.org/showbug.cgi?id=1996555 reports: Privilege escalation in the DOM: Notifications component...

Mozilla -- Use-after-free

https://bugzilla.mozilla.org/showbug.cgi?id=1992760 reports: Use-after-free in the WebRTC: Signaling component...

Mozilla -- Memory safety bugs

https://bugzilla.mozilla.org/buglist.cgi?bugid=1963153%2C1985058%2C1995637%2C1997118 reports: Memory safety bugs. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

Mozilla -- JIT miscompilation in the JavaScript Engine: JIT component

https://bugzilla.mozilla.org/showbug.cgi?id=1997503 reports: JIT miscompilation in the JavaScript Engine: JIT component...

MongoDB Server -- Improper Locking

https://jira.mongodb.org/browse/SERVER-106075 reports: A post-authenticationflaw in the network two-phase commit protocol used for cross-shard transactions in MongoDB Server may lead to logical data inconsistencies under specific conditions which are not predictable and exist for a very short...

Mozilla -- Use-after-free

https://bugzilla.mozilla.org/showbug.cgi?id=1840666 reports: Use-after-free in the Audio/Video: GMP component...

Mozilla -- Spoofing issue

https://bugzilla.mozilla.org/showbug.cgi?id=1970743 reports: Spoofing issue in the Downloads Panel component...

Mozilla -- Sandbox escape

https://bugzilla.mozilla.org/showbug.cgi?id=1996473 reports: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component...

Mozilla -- Privilege escalation

https://bugzilla.mozilla.org/showbug.cgi?id=1997018 reports: Privilege escalation in the Netmonitor component...

c-ares -- Use After Free

https://github.com/c-ares/c-ares/security/advisories/GHSA-jq53-42q6-pqr5 reports: c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using readanswer and processanswer, which can cause a Denial of Service. This issue is fixed i...

traefik -- Inverted TLS Verification Logic in Kubernetes NGINX Provider

The traefik project reports: There is a potential vulnerability in Traefik NGINX provider managing the nginx.ingress.kubernetes.io/proxy-ssl-verify annotation. The provider inverts the semantics of the nginx.ingress.kubernetes.io/proxy-ssl-verify annotation. Setting the annotation to "on" intendi...

traefik -- Bypassing security controls via special characters

The traefik project reports: There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path; if the request path contains an encoded restricted...

powerdns-recursor -- Denial of Service

PowerDNS Team reports: 2025-07: Internal logic flaw in cache management can lead to a denial of service in Recursor 2025-08: Insufficient validation of incoming notifies over TCP can lead to a denial of service in Recursor 2026-01: Crafted zones can lead to increased resource usage in Recursor...

xrdp -- remote code execution

Denis Skvortsov, Security Researcher at Kaspersky reports: xrdp before v0.10.5 contains an unauthenticated stack-based buffer overflow vulnerability. The issue stems from improper bounds checking when processing user domain information during the connection sequence. If exploited, the vulnerabili...

Apache httpd -- Multiple vulnerabilities

The Apache httpd project reports: See changelog or 2.4 vulnerabilities for details...

step-certificates -- Authorization Bypass in ACME and SCEP Provisioners

smallstep reports: An attacker can bypass authorization checks and force a Step CA ACME or SCEP provisioner to create certificates without completing certain protocol authorization checks...

png -- Out-of-bounds read

https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f reports: Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the pngsRGBbase512 array when processing valid palette PNG images with partial transparency an...

xkbcomp -- Several vulnerabilities

X.Org reports: Multiple issues have been found in xkbcomp that have been previously been published as CVEs in libxbkcommon. libxkbcommon is to some degree a fork of xkbcomp and some of the code base is identical. These CVEs were published earlier as: CVE-2018-15853: Endless recursion in...

go -- excessive resource consumption

The Go project reports: Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided ...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 13 security fixes: 456547591 High CVE-2025-13630: Type Confusion in V8. Reported by Shreyas Penkar @streypaws on 2025-10-31 448113221 High CVE-2025-13631: Inappropriate implementation in Google Updater. Reported by Jota Domingos on 2025-09-29 43905824...

Gitlab -- vulnerabilities

Gitlab reports: Race condition issue in CI/CD cache impacts GitLab CE/EE Denial of Service issue in JSON input validation middleware impacts GitLab CE/EE Authentication bypass issue in account registration impacts GitLab CE/EE Denial of Service issue in HTTP response processing impacts GitLab CE/...

spotipy -- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

https://github.com/spotipy-dev/spotipy/security/advisories/GHSA-r77h-rpp9-w2xm reports: Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting XSS vulnerability in the OAuth callback server that allows for JavaScript injection through the...

MongoDB Server -- Improper Certificate Validation

https://jira.mongodb.org/browse/SERVER-105783 reports: Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usage EKU requirements. A certificate that specifies extendedKeyUsage but is missing...

MongoDB -- Missing Authorization

https://jira.mongodb.org/browse/SERVER-103582 reports: A user with access to the cluster with a limited set of privilege actions may be able to terminate queries that are being executed by other users. This may cause a denial of service by preventing a fraction of queries from successfully...

MongoDB -- Improper Validation of Specified Quantity in Input

https://jira.mongodb.org/browse/SERVER-108565 reports: Inconsistent object size validation in time series processing logic may result in later processing of oversized BSON documents leading to an assert failing and process termination...

MongoDB -- Reachable Assertion

https://jira.mongodb.org/browse/SERVER-101180 reports: MongoDB Server may experience an invariant failure during batched delete operations when handling documents. The issue arises when the server mistakenly assumes the presence of multiple documents in a batch based solely on document size...

png -- Multiple vulnerabilities

https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g reports: LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow...