Overview
- Microsoft
- Azure Container Apps
18 Dec 2025
Published
19 Dec 2025
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.10%
KEV
Description
Improper control of generation of code ('code injection') in Azure Container Apps allows an unauthorized attacker to execute code over a network.
Statistics
- 1 Post
Last activity: 18 hours ago
Fediverse
🚨 CRITICAL: CVE-2025-65037 in Azure Container Apps enables unauthenticated remote code injection (CVSS 10). No patch yet — restrict access, monitor for attacks, update IR plans. Full advisory: https://radar.offseq.com/threat/cve-2025-65037-cwe-94-improper-control-of-generati-ddd87b56 #OffSeq #Azure #CloudSec #Vulnerability
Overview
- Go standard library
- archive/tar
- archive/tar
29 Oct 2025
Published
04 Nov 2025
Updated
CVSS
Pending
EPSS
0.01%
KEV
Description
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.
Statistics
- 1 Post
Last activity: 9 hours ago
Bluesky
#Fedora 43 Security Advisory: checkpointctl v1.4.1 patches a high-severity DoS flaw (CVE-2025-58183). The tool's sparse map parser could be forced into unbounded memory allocation. Read more: 👉 tinyurl.com/2fdv5m94 #Security
Overview
Description
A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).
Statistics
- 1 Post
Last activity: 15 hours ago
Bluesky
SonicWall Fixes Actively Exploited CVE-2025-40602 in SMA 100 Appliances https://thehackernews.com/2025/12/sonicwall-fixes-actively-exploited-cve.html
Overview
Description
This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.
Statistics
- 2 Posts
- 1 Interaction
Last activity: 15 hours ago
Bluesky
🛡️ Security updates:
- php-8.0.30-15 (in the php:remi-8.0 module)
- php80-php-8.0.30-15 (in the php80 Software Collection)
With security fixes backported from 8.1.34 (CVE-2025-14177, CVE-2025-14178)
Overview
Description
This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.
Statistics
- 2 Posts
- 1 Interaction
Last activity: 15 hours ago
Bluesky
🛡️ Security updates:
- php-8.0.30-15 (in the php:remi-8.0 module)
- php80-php-8.0.30-15 (in the php80 Software Collection)
With security fixes backported from 8.1.34 (CVE-2025-14177, CVE-2025-14178)
Overview
- pnggroup
- libpng
24 Nov 2025
Published
25 Nov 2025
Updated
CVSS v3.1
MEDIUM (6.1)
EPSS
0.02%
KEV
Description
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51.
Statistics
- 1 Post
Last activity: 9 hours ago
Bluesky
🚨 Attention #Fedora Users & Developers! 🚨
A critical security update has been released for Fedora 43. The mingw-libpng package contained high-risk vulnerabilities (CVE-2025-66293, CVE-2025-64505) that could lead to system compromise. Read more: 👉 tinyurl.com/3w9f9rfr #Security
Overview
Description
This CVE is a duplicate of CVE-2025-55182.
Statistics
- 1 Post
Last activity: 5 hours ago
Bluesky
The latest update for #getastra includes "Critical React2Shell RCE Hits React and Next.js (CVE-2025-55182 / CVE-2025-66478)" and "Top 11 SOC 2 Vulnerability Assessment Tools #SaaS (2025)".
#cybersecurity #webprotection #pentesting https://opsmtrs.com/3KjMi92
Overview
Description
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.
Statistics
- 1 Post
Last activity: 9 hours ago
Bluesky
🚨 Attention #Fedora Users & Developers! 🚨
A critical security update has been released for Fedora 43. The mingw-libpng package contained high-risk vulnerabilities (CVE-2025-66293, CVE-2025-64505) that could lead to system compromise. Read more: 👉 tinyurl.com/3w9f9rfr #Security