7.0
CVE-2025-38732 - netfilter: nf_reject: don't leak dst refcount for loopback packets
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject: don't leak dst refcount for loopback packets recent patches to add a WARN() when replacing skb dst entry found an old bug: WARNING: include/linux/skbuff.h:1165 skb_dst_check_unset include/linux/skbuff.h:116β¦
7.5
CVE-2025-58362 - Hono contains a flaw in URL path parsing, potentially leading to path confusion
Hono is a Web application framework that provides support for any JavaScript runtime. Versions 4.8.0 through 4.9.5 contain a flaw in the getPath utility function which could allow path confusion and potential bypass of proxy-level ACLs (e.g. Nginx location blocks). The original implementation relieβ¦
6
CVE-2025-58359 - frost-core: refresh shares with smaller min_signers will reduce group security
ZF FROST is a Rust implementation of FROST (Flexible Round-Optimised Schnorr Threshold signatures). In versions 2.0.0 through 2.1.0, refresh shares with smaller min_signers will reduce security of group. The inability to change min_signers (i.e. the threshold) with the refresh share functionality (β¦
7.2
CVE-2025-58179 - Astro Cloudflare adapter is vulnerable to Server-Side Request Forgery via /_image endpoint
Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URLs β¦
2.1
CVE-2025-58352 - Weblate has long session expiry times during second factor verification
Weblate is a web based localization tool. Versions lower than 5.13.1 contain a vulnerability that causes long session expiry during the second factor verification. The long session expiry could be used to circumvent rate limiting of the second factor. This issue is fixed in version 5.13.1.
5.1
CVE-2025-55739 - api: Shared OAuth Signing Key Between Different Instances
api is a module for FreePBX@, which is an open source GUI that controls and manages AsteriskΒ© (PBX). In versions lower than 15.0.13, 16.0.2 through 16.0.14, 17.0.1 and 17.0.2, there is an identical OAuth private key used across multiple systems that installed the same FreePBX RPM or DEB package. Anβ¦
9
CVE-2025-55241 - Azure Entra Elevation of Privilege Vulnerability
Azure Entra Elevation of Privilege Vulnerability
7.5
CVE-2025-55238 - Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability
Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability
10
CVE-2025-54914 - Azure Networking Elevation of Privilege Vulnerability
Azure Networking Elevation of Privilege Vulnerability
6.5
CVE-2025-55242 - Xbox Certification Bug Copilot Djando Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Xbox allows an unauthorized attacker to disclose information over a network.