If you’re an indie rock fan of a certain age, the name Stereogum will probably conjure strong feelings. The site
Vulnerabilities
Fedora 42: bind9-next Critical DNSSEC Issues Fix 2025-d9f9394ecd
Update to 9.21.14 (rhbz#2394406) Security Fixes: DNSSEC validation fails if matching but invalid DNSKEY is found. (CVE-2025-8677) Address various spoofing
Fedora 42: luksmeta Update CVE-2025-11568 Severity Informational
New upstream release v10 Fix: CVE-2025-11568LinuxSecurity – Security AdvisoriesRead More
Fedora 41: LUKSData Integrity Restoration Update CVE-2025-11678
New upstream release v10 Fix: CVE-2025-11568LinuxSecurity – Security AdvisoriesRead More
Fedora 43: bind9-next Security Update CVE-2025-8677 Cache Poisoning
Update to 9.21.14 (rhbz#2394406) Security Fixes: DNSSEC validation fails if matching but invalid DNSKEY is found. (CVE-2025-8677) Address various spoofing
Fedora 43: chrome Significant Vulnerability Alert CVE-2025-13042
Update to 142.0.7444.162 * High CVE-2025-13042: Inappropriate implementation in V8LinuxSecurity – Security AdvisoriesRead More
openSUSE Tumbleweed: Chromedriver Moderate Update CVE-2025-13042
An update that solves one vulnerability can now be installed.LinuxSecurity – Security AdvisoriesRead More
openSUSE: MozillaFirefox Moderate Security Issues Advisory 2025:15735-1
An update that solves 16 vulnerabilities can now be installed.LinuxSecurity – Security AdvisoriesRead More
Debian: DSA-6058-1 lasso Critical Denial of Service CVE-2025-46404
Keane O’Kelley discovered several vulnerabilities in lasso, a library implementing Liberty Alliance and SAML protocols, which could result in denial
Mageia 9: apache-commons-lang3 Important Stack Overflow Bug MGASA-2025-0293
MGASA-2025-0293 – Updated apache-commons-lang3 & apache-commons-lang packages fix security vulnerabilityLinuxSecurity – Security AdvisoriesRead More
Mageia 9: Fix for spdlog Resource Usage MGASA-2025-0294 CVE-2025-6140
MGASA-2025-0294 – Updated spdlog packages fix security vulnerabilityLinuxSecurity – Security AdvisoriesRead More
Mageia: Apache Commons FileUpload Important DoS Advisory MGASA-2025-0296
MGASA-2025-0296 – Updated apache-commons-fileupload packages fix security vulnerabilityLinuxSecurity – Security AdvisoriesRead More
Mageia 9: Notice on Botan2 CVE-2024-50384 Denial of Service MGASA-2025-0296
MGASA-2025-0295 – Updated botan2 packages fix security vulnerabilitiyLinuxSecurity – Security AdvisoriesRead More
Mageia: yelp Important Remote Code Exec CVE-2025-3155 Advisory 2025-0297
MGASA-2025-0297 – Updated yelp & yelp-xsl packages fix security vulnerabilityLinuxSecurity – Security AdvisoriesRead More
Mageia 9: Critical Cleartext Vulnerability in Stardict CVE-2025-55014
MGASA-2025-0298 – Updated stardict packages fix security vulnerabilityLinuxSecurity – Security AdvisoriesRead More
CVE-2025-13247 | PHPGurukul Tourism Management System 1.0 /admin/user-bookings.php uid sql injection
A vulnerability labeled as critical has been found in PHPGurukul Tourism Management System 1.0. The affected element is an unknown
CVE-2025-13248 | SourceCodester Patients Waiting Area Queue Management System 1.0 api_patient_schedule.php appointmentID sql injection
A vulnerability marked as critical has been reported in SourceCodester Patients Waiting Area Queue Management System 1.0. The impacted element
CVE-2025-13249 | Jiusi OA up to 20251102 OfficeServer Interface OfficeServer?isAjaxDownloadTemplate=false FileData unrestricted upload
A vulnerability described as critical has been identified in Jiusi OA up to 20251102. This affects an unknown function of
CVE-2025-13250 | WeiYe-Jing datax-web up to 2.1.2 Job remove/update/pause/start/triggerJob access control
A vulnerability classified as critical has been found in WeiYe-Jing datax-web up to 2.1.2. This impacts the function remove/update/pause/start/triggerJob of
CVE-2025-13251 | WeiYe-Jing datax-web up to 2.1.2 sql injection
A vulnerability classified as critical was found in WeiYe-Jing datax-web up to 2.1.2. Affected is an unknown function. Executing manipulation
CVE-2025-12983 | GitLab Community Edition/Enterprise Edition up to 18.3.5/18.4.3/18.5.1 Markdown memory allocation (Patch 296257)
A vulnerability, which was classified as problematic, has been found in GitLab Community Edition and Enterprise Edition up to 18.3.5/18.4.3/18.5.1.
CVE-2025-11865 | GitLab Enterprise Edition up to 18.3.5/18.4.3/18.5.1 authorization (Patch 561399)
A vulnerability, which was classified as problematic, was found in GitLab Enterprise Edition up to 18.3.5/18.4.3/18.5.1. This impacts an unknown
CVE-2025-7000 | GitLab Community Edition/Enterprise Edition up to 18.3.5/18.4.3/18.5.1 Merge Request insertion of sensitive information into sent data (Patch 553129)
A vulnerability has been found in GitLab Community Edition and Enterprise Edition up to 18.3.5/18.4.3/18.5.1 and classified as problematic. Affected
CVE-2025-2615 | GitLab Community Edition/Enterprise Edition up to 18.3.5/18.4.3/18.5.1 Websocket Connection insertion of sensitive information into sent data (Patch 526360)
A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 18.3.5/18.4.3/18.5.1 and classified as problematic. Affected by
CVE-2025-6171 | GitLab Community Edition/Enterprise Edition up to 18.3.5/18.4.3/18.5.1 Packages API Endpoint authorization (Patch 549730)
A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 18.3.5/18.4.3/18.5.1. It has been classified as problematic.
CVE-2025-6945 | GitLab Enterprise Edition up to 18.3.5/18.4.3/18.5.1 Merge Request command injection (Patch 552611)
A vulnerability was found in GitLab Enterprise Edition up to 18.3.5/18.4.3/18.5.1. It has been declared as critical. This affects an
CVE-2025-7736 | GitLab Community Edition/Enterprise Edition up to 18.3.5/18.4.3/18.5.1 OAuth authorization (Patch 556098)
A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 18.3.5/18.4.3/18.5.1. It has been rated as problematic.
CVE-2025-11990 | GitLab Enterprise Edition up to 18.4.3/18.5.1 url encoding (Patch 577850)
A vulnerability categorized as problematic has been discovered in GitLab Enterprise Edition up to 18.4.3/18.5.1. This issue affects some unknown
CVE-2025-13246 | shsuishang ShopSuite ModulithShop up to 45a99398cec3b7ad7ff9383694f0b53339f2d35a JwtAuthenticationFilter.java JwtAuthenticationFilter path traversal
A vulnerability identified as critical has been detected in shsuishang ShopSuite ModulithShop up to 45a99398cec3b7ad7ff9383694f0b53339f2d35a. Impacted is the function JwtAuthenticationFilter
Fedora 41: Rust Reqsign File Read Tokio Important Issue 2025-00e5b3d89c
uv / python-uv-build 0.9.7 https://github.com/astral-sh/uv/releases/tag/0.9.7 0.9.6 This release contains an upgrade to Astral’s fork of async_zip, which addressesLinuxSecurity – Security
Fedora 41: rust-reqsign Critical AWS DoS Threat Advisory 2025-00e5b3d89c
uv / python-uv-build 0.9.7 https://github.com/astral-sh/uv/releases/tag/0.9.7 0.9.6 This release contains an upgrade to Astral’s fork of async_zip, which addressesLinuxSecurity – Security
Debian 12: python-http-client-receive-data Low 2025-01a4c2b1e
uv / python-uv-build 0.9.7 https://github.com/astral-sh/uv/releases/tag/0.9.7 0.9.6 This release contains an upgrade to Astral’s fork of async_zip, which addressesLinuxSecurity – Security
Fedora 41: Critical Advisory for containerd Update v1.7.29 Threats
Update to v1.7.29LinuxSecurity – Security AdvisoriesRead More
Fedora 41: uv Python Package Update 2025-00e5b3d89c Critical DoS Advisory
uv / python-uv-build 0.9.7 https://github.com/astral-sh/uv/releases/tag/0.9.7 0.9.6 This release contains an upgrade to Astral’s fork of async_zip, which addressesLinuxSecurity – Security
Fedora 41: Security Update for OpenTofu 1.10.7 Addresses Vulnerabilities
Update to 1.10.7LinuxSecurity – Security AdvisoriesRead More
CVE-2025-13232 | projectsend up to r1720 File Editor/Custom Download Aliases cross site scripting (ID 1450)
A vulnerability, which was classified as problematic, has been found in projectsend up to r1720. Impacted is an unknown function
CVE-2025-13233 | itsourcecode Inventory Management System 1.0 /index.php?q=single-item ID sql injection
A vulnerability, which was classified as critical, was found in itsourcecode Inventory Management System 1.0. The affected element is an
CVE-2025-13234 | itsourcecode Inventory Management System 1.0 /index.php?q=product PROID sql injection
A vulnerability has been found in itsourcecode Inventory Management System 1.0 and classified as critical. The impacted element is an
CVE-2025-13235 | itsourcecode Inventory Management System 1.0 /admin/login.php user_email sql injection
A vulnerability was found in itsourcecode Inventory Management System 1.0 and classified as critical. This affects an unknown function of
CVE-2025-13236 | itsourcecode Inventory Management System 1.0 index.php?view=edit ID sql injection
A vulnerability was found in itsourcecode Inventory Management System 1.0. It has been classified as critical. This impacts an unknown
CVE-2025-13237 | itsourcecode Inventory Management System 1.0 /LogSignModal.PHP U_USERNAME sql injection
A vulnerability was found in itsourcecode Inventory Management System 1.0. It has been declared as critical. Affected is an unknown
CVE-2025-13238 | Bdtask Flight Booking Software 4 Edit Profile Page /agent/profile/edit unrestricted upload
A vulnerability was found in Bdtask Flight Booking Software 4. It has been rated as critical. Affected by this vulnerability
CVE-2025-13239 | Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution /submit_checkout behavioral workflow
A vulnerability categorized as critical has been discovered in Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution 5. Affected by
CVE-2025-13240 | code-projects Student Information System 2.0 /searchquery.php sql injection
A vulnerability identified as critical has been detected in code-projects Student Information System 2.0. This affects an unknown part of
CVE-2025-13241 | code-projects Student Information System 2.0 /index.php Username sql injection
A vulnerability labeled as critical has been found in code-projects Student Information System 2.0. This vulnerability affects unknown code of
CVE-2025-13242 | code-projects Student Information System 2.0 /register.php sql injection
A vulnerability marked as critical has been reported in code-projects Student Information System 2.0. This issue affects some unknown processing
CVE-2025-13243 | code-projects Student Information System 2.0 /editprofile.php sql injection
A vulnerability described as critical has been identified in code-projects Student Information System 2.0. Impacted is an unknown function of
CVE-2025-13244 | code-projects Student Information System 2.0 /register.php cross site scripting
A vulnerability classified as problematic has been found in code-projects Student Information System 2.0. The affected element is an unknown
CVE-2025-13245 | code-projects Student Information System 2.0 /editprofile.php cross site scripting
A vulnerability classified as problematic was found in code-projects Student Information System 2.0. The impacted element is an unknown function
CVE-2021-4470 | TG8 Firewall runphpcmd.php syscmd os command injection
A vulnerability identified as critical has been detected in TG8 Firewall. The impacted element is an unknown function of the
CVE-2021-4466 | IPCop up to 2.1.9 Web-based Administration Interface EMAIL_PW os command injection (Exploit 50183 / EDB-50183)
A vulnerability labeled as critical has been found in IPCop up to 2.1.9. This affects an unknown function of the
CVE-2021-4467 | Positive MaxPatrol 8/XSpider up to 09.2020 Service Port 2002 resource consumption
A vulnerability marked as problematic has been reported in Positive MaxPatrol 8 and XSpider up to 09.2020. This impacts an
CVE-2025-64309 | Brightpick AI Mission Control WebSocket unprotected transport of credentials
A vulnerability described as problematic has been identified in Brightpick AI Mission Control. Affected is an unknown function of the
CVE-2025-55034 | General Industrial Controls Lynx+ Gateway R08/V03/V05/V18 weak password (icsa-25-317-08)
A vulnerability classified as critical has been found in General Industrial Controls Lynx+ Gateway R08/V03/V05/V18. Affected by this vulnerability is
CVE-2025-9317 | AVEVA Edge up to 2023 R2 risky encryption (VEVA-2025-006)
A vulnerability classified as problematic was found in AVEVA Edge up to 2023 R2. Affected by this issue is some
CVE-2021-4469 | Denver SHO-110 HTTP Service Port 8001 /snapshot missing authentication (Exploit 50162 / EDB-50162)
A vulnerability, which was classified as critical, has been found in Denver SHO-110. This affects an unknown part of the
CVE-2018-25125 | Netis DL4322D up to RTK 2.1.1 FTP Service buffer overflow (Exploit 45424 / EDB-45424)
A vulnerability, which was classified as critical, was found in Netis DL4322D up to RTK 2.1.1. This vulnerability affects unknown
CVE-2021-4465 | ReQuest Serious Play F3 Media Server 7.0.3.4968 HTTP resource consumption (ZSL-2020-5601 / EDB-48951)
A vulnerability has been found in ReQuest Serious Play F3 Media Server 7.0.3.4968 and classified as problematic. This issue affects
CVE-2021-4468 | Planex CS-QP50F-ING2 Configuration Backup missing authentication
A vulnerability was found in Planex CS-QP50F-ING2 and classified as critical. Impacted is an unknown function of the component Configuration
CVE-2021-4471 | TG8 Firewall /data/ file information disclosure
A vulnerability was found in TG8 Firewall. It has been classified as problematic. The affected element is an unknown function
CVE-2022-4985 | Vodacom Vodafone H500s up to 3.5.10 HTTP Endpoint /data/activation.json wifi_password exposure of sensitive system information to an unauthorized control sphere (Exploit 50636 / EDB-50636)
A vulnerability was found in Vodacom Vodafone H500s up to 3.5.10. It has been declared as problematic. The impacted element
CVE-2025-64307 | Brightpick AI Mission Control missing authentication
A vulnerability was found in Brightpick AI Mission Control. It has been rated as critical. This affects an unknown function.
CVE-2025-59780 | General Industrial Controls Lynx+ Gateway R08/V03/V05/V18 missing authentication (icsa-25-317-08)
A vulnerability categorized as critical has been discovered in General Industrial Controls Lynx+ Gateway R08/V03/V05/V18. This impacts an unknown function.
CVE-2025-62765 | General Industrial Controls Lynx+ Gateway R08/V03/V05/V18 cleartext transmission (icsa-25-317-08)
A vulnerability identified as problematic has been detected in General Industrial Controls Lynx+ Gateway R08/V03/V05/V18. Affected is an unknown function.
CVE-2023-7328 | DB Elettronica Telecomunicazioni SpA Screen SFT DAB 600-C up to 1.9.3 User Management API client IP/timeout missing authentication (Exploit 172332 / EDB-51460)
A vulnerability labeled as critical has been found in DB Elettronica Telecomunicazioni SpA Screen SFT DAB 600-C up to 1.9.3.
CVE-2016-15056 | Ubee EVW3226 up to 1.0.20 Configuration Backup file information disclosure (Exploit 40156 / EDB-40156)
A vulnerability marked as problematic has been reported in Ubee EVW3226 up to 1.0.20. Affected by this issue is some
CVE-2025-58083 | General Industrial Controls Lynx+ Gateway R08/V03/V05/V18 Embedded Web Server missing authentication (icsa-25-317-08)
A vulnerability described as critical has been identified in General Industrial Controls Lynx+ Gateway R08/V03/V05/V18. This affects an unknown part
CVE-2025-8386 | AVEVA Application Server IDE cross site scripting (AVEVA-2025-005)
A vulnerability classified as problematic has been found in AVEVA Application Server. This vulnerability affects unknown code of the component
CVE-2025-64308 | Brightpick AI Mission Control JavaScript Bundle unprotected transport of credentials
A vulnerability classified as problematic was found in Brightpick AI Mission Control. This issue affects some unknown processing of the
SUSE: Bind Important Spoofing Cache Poisoning Vuln 2025:4108-1
* bsc#1252379 * bsc#1252380 Cross-References: * CVE-2025-40778LinuxSecurity – Security AdvisoriesRead More
SUSE: BIND Important Spoofing Cache Poisoning Vulnerability 2025:4107-1
* bsc#1252379 * bsc#1252380 Cross-References: * CVE-2025-40778LinuxSecurity – Security AdvisoriesRead More
openSUSE: bind Important Spoofing Cache Poisoning Issues 2025:4107-1
An update that solves two vulnerabilities can now be installed.LinuxSecurity – Security AdvisoriesRead More
Debian 11: gst-plugins-base1.0 Critical DoS Fix DLA-4371-1 CVE-2025-47806
Multiple vulnerabilities were fixed in the subparse plugin of gst-plugins-base1.0. GStreamer is a popular multimedia framework. CVE-2025-47806: Fix DoS via
Mageia: webkit2 Important Code Exec Process Crash Fix MGASA-2025-0291
MGASA-2025-0291 – Updated webkit2 packages fix security vulnerabilitiesLinuxSecurity – Security AdvisoriesRead More
Mageia 9: Fixed Wine Update Bug with Identifier MGAA-2025-0095
MGAA-2025-0095 – Updated wine packages fix bugsLinuxSecurity – Security AdvisoriesRead More
CVE-2025-64084 | Cloudlog up to 2.7.5 Awards.php vucc_details_ajax Gridsquare sql injection
A vulnerability, which was classified as critical, has been found in Cloudlog up to 2.7.5. Affected is the function vucc_details_ajax
CVE-2025-63891 | SourceCodester Simple Online Book Store System HTTP GET Request /obs/database/obs_db.sql information disclosure
A vulnerability, which was classified as problematic, was found in SourceCodester Simple Online Book Store System. Affected by this vulnerability
CVE-2025-63744 | Radare2 up to 6.0.5 File bin_dyldcache.c load null pointer dereference
A vulnerability has been found in Radare2 up to 6.0.5 and classified as problematic. Affected by this issue is the
CVE-2025-63745 | Radare2 up to 6.0.5 Binary bin_ne.c info null pointer dereference
A vulnerability was found in Radare2 up to 6.0.5 and classified as problematic. This affects the function Info of the
CVE-2025-63291 | Alteryx Server 2022.1.1.42654/2024.1 API improper authorization
A vulnerability was found in Alteryx Server 2022.1.1.42654/2024.1. It has been classified as critical. This vulnerability affects unknown code of
CVE-2025-13033 | nodemailer Email Parsing Library interpretation conflict (GHSA-mm7p-fcc7-pg87)
A vulnerability was found in nodemailer. It has been declared as problematic. This issue affects some unknown processing of the
CVE-2025-63701 | Advantech TP-3250 Printer Driver up to 0.3.9200.20789 DrvUI_x64_ADVANTECH.dll DocumentPropertiesW dmDriverExtra buffer overflow
A vulnerability was found in Advantech TP-3250 Printer Driver up to 0.3.9200.20789. It has been rated as critical. Impacted is
CVE-2025-13221 | Intelbras UnniTI 24.07.11 usuarios.xml Usuario/Senha credentials storage
A vulnerability categorized as problematic has been discovered in Intelbras UnniTI 24.07.11. The affected element is an unknown function of
CVE-2025-63724 | SVX Portal 2.7A HTTP POST Request admin/update_setings.php sql injection
A vulnerability has been found in SVX Portal 2.7A and classified as critical. The affected element is an unknown function
CVE-2025-63680 | Nero BackItUp path traversal
A vulnerability was found in Nero BackItUp and classified as critical. The impacted element is an unknown function. Such manipulation
CVE-2025-13204 | silentmatt expr-eval up to 2.0.2 prototype pollution
A vulnerability was found in silentmatt expr-eval up to 2.0.2. It has been classified as critical. This affects an unknown
CVE-2025-54561 | Desktop Alert PingAlert up to 6.1.0.11/6.1.1.2 Application Server access control
A vulnerability was found in Desktop Alert PingAlert up to 6.1.0.11/6.1.1.2. It has been declared as critical. This impacts an
CVE-2025-4617 | Palo Alto Prisma Browser up to 142.15.6.60 on Windows Policy Enforcement improper protection of alternate path
A vulnerability was found in Palo Alto Prisma Browser up to 142.15.6.60 on Windows. It has been rated as problematic.
CVE-2025-4618 | Palo Alto Prisma Browser up to 142.15.6.60 sensitive information in memory
A vulnerability categorized as problematic has been discovered in Palo Alto Prisma Browser up to 142.15.6.60. Affected by this vulnerability
CVE-2025-4616 | Palo Alto Prisma Browser up to 142.15.6.60 integrity check
A vulnerability identified as problematic has been detected in Palo Alto Prisma Browser up to 142.15.6.60. Affected by this issue
CVE-2025-63725 | SVX Portal 2.7A Recivers.php ID cross site scripting
A vulnerability labeled as problematic has been found in SVX Portal 2.7A. This affects an unknown part of the file
CVE-2025-54343 | Desktop Alert PingAlert up to 6.1.1.2 access control
A vulnerability marked as critical has been reported in Desktop Alert PingAlert up to 6.1.1.2. This vulnerability affects unknown code.
CVE-2025-54339 | Desktop Alert PingAlert up to 6.1.1.2 access control
A vulnerability described as critical has been identified in Desktop Alert PingAlert up to 6.1.1.2. This issue affects some unknown
CVE-2025-54559 | Desktop Alert PingAlert up to 6.1.1.2 path traversal
A vulnerability classified as critical has been found in Desktop Alert PingAlert up to 6.1.1.2. Impacted is an unknown function.
CVE-2025-54562 | Desktop Alert PingAlert up to 6.1.1.2 Application Server information exposure
A vulnerability classified as problematic was found in Desktop Alert PingAlert up to 6.1.1.2. The affected element is an unknown
CVE-2025-54340 | Desktop Alert PingAlert up to 6.1.1.2 risky encryption
A vulnerability, which was classified as problematic, has been found in Desktop Alert PingAlert up to 6.1.1.2. The impacted element
CVE-2025-54346 | Desktop Alert PingAlert up to 6.1.1.2 cross site scripting
A vulnerability, which was classified as problematic, was found in Desktop Alert PingAlert up to 6.1.1.2. This affects an unknown
CVE-2025-54345 | Desktop Alert PingAlert up to 6.1.1.2 information disclosure
A vulnerability has been found in Desktop Alert PingAlert up to 6.1.1.2 and classified as problematic. This impacts an unknown
CVE-2025-54342 | Desktop Alert PingAlert up to 6.1.1.2 information disclosure
A vulnerability was found in Desktop Alert PingAlert up to 6.1.1.2 and classified as problematic. Affected is an unknown function.
CVE-2025-54348 | Desktop Alert PingAlert up to 6.1.1.2 cross site scripting
A vulnerability was found in Desktop Alert PingAlert up to 6.1.1.2. It has been classified as problematic. Affected by this
CVE-2025-54560 | Desktop Alert PingAlert up to 6.1.1.2 server-side request forgery
A vulnerability was found in Desktop Alert PingAlert up to 6.1.1.2. It has been declared as critical. Affected by this