CVE-2025-55194 – Part-DB Persistent File Extension Denial of Service

CVE ID : CVE-2025-55194

Published : Aug. 13, 2025, 11:15 p.m. | 1 hour, 8 minutes ago

Description : Part-DB is an open source inventory management system for electronic components. Prior to version 1.17.3, any authenticated user can upload a profile picture with a misleading file extension (e.g., .jpg.txt), resulting in a persistent 500 Internal Server Error when attempting to view or edit that user’s profile. This makes the profile permanently inaccessible via the UI for both users and administrators, constituting a Denial of Service (DoS) within the user management interface. This issue has been patched in version 1.17.3.

Severity: 5.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-55196 – Kubernetes External Secrets Operator Namespace Bypass Vulnerability

CVE ID : CVE-2025-55196

Published : Aug. 13, 2025, 11:15 p.m. | 1 hour, 8 minutes ago

Description : External Secrets Operator is a Kubernetes operator that integrates external secret management systems. From version 0.15.0 to before 0.19.2, a vulnerability was discovered where the List() calls for Kubernetes Secret and SecretStore resources performed by the PushSecret controller did not apply a namespace selector. This flaw allowed an attacker to use label selectors to list and read secrets/secret-stores across the cluster, bypassing intended namespace restrictions. An attacker with the ability to create or update PushSecret resources and control SecretStore configurations could exploit this vulnerability to exfiltrate sensitive data from arbitrary namespaces. This could lead to full disclosure of Kubernetes secrets, including credentials, tokens, and other sensitive information stored in the cluster. This vulnerability has been patched in version 0.19.2. A workaround for this issue includes auditing and restricting RBAC permissions so that only trusted service accounts can create or update PushSecret and SecretStore resources.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-55197 – PyPDF FlateDecode Filter Exhaustion Denial of Service

CVE ID : CVE-2025-55197

Published : Aug. 13, 2025, 11:15 p.m. | 1 hour, 8 minutes ago

Description : pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM being exhausted. This requires just reading the file if a series of FlateDecode filters is used on a malicious cross-reference stream. Other content streams are affected on explicit access. This issue has been fixed in 6.0.0. If an update is not possible, a workaround involves including the fixed code from pypdf.filters.decompress into the existing filters file.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

GitHub Availability Report: July 2025

In July, we experienced one incident that resulted in degraded performance across GitHub services. July 28 21:41 UTC (lasting 5…

Pyrefly – Python type checker

Pyrefly aims to increase development velocity with IDE features and by checking your Python code. The post Pyrefly – Python…

Distribution Release: Kaisen Linux 3.0

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. Exactly one year after Kaisen Linux’s most recent release candidate, the project has announced version 3.0 of its Debian-based, desktop distribution. In an unusual move, the release announcement also includes a report that the distribution is being discontinued. “I would like to begin this blog post by announcing….