21005 matches found
CVE-2025-27222
TRUfusion Enterprise ≤ 7.10.4.0 is impacted by a pre-auth path-traversal in the /trufusionPortal/getCobrandingData endpoint. The unsanitized input can cause the traversal sequences to be processed, allowing an unauthenticated attacker to read arbitrary local files accessible to the TRUfusion user...
Linux Distros Unpatched Vulnerability : CVE-2025-59419
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec in Netty contains an SM...
Apache Tomcat 10.1.0.M1 < 10.1.45 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 10.1.45. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat10.1.45security-10 advisory. - Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regressi...
Linux Distros Unpatched Vulnerability : CVE-2025-12105
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2...
Apache Tomcat 11.0.0.M1 < 11.0.11 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 11.0.11. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat11.0.11security-11 advisory. - Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regressi...
OESA-2025-2530 netty security update
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers clients. %package help Summary: Documents for Buildarch: noarch Requires: man info Provides: -javadoc = - Obsoletes: -javadoc - %description help Man pages a...
OESA-2025-2529 netty security update
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers clients. %package help Summary: Documents for Buildarch: noarch Requires: man info Provides: -javadoc = - Obsoletes: -javadoc - %description help Man pages a...
OESA-2025-2528 netty security update
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers clients. %package help Summary: Documents for Buildarch: noarch Requires: man info Provides: -javadoc = - Obsoletes: -javadoc - %description help Man pages a...
OESA-2025-2527 netty security update
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers clients. %package help Summary: Documents for Buildarch: noarch Requires: man info Provides: -javadoc = - Obsoletes: -javadoc - %description help Man pages a...
OESA-2025-2526 netty security update
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers clients. %package help Summary: Documents for Buildarch: noarch Requires: man info Provides: -javadoc = - Obsoletes: -javadoc - %description help Man pages a...
Oracle Siebel Server prior to 25.8 (October 2025 CPU)
The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2025 CPU advisory. - Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule...
Huawei EulerOS: Security Advisory for busybox (EulerOS-SA-2025-2283)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP13 : busybox (EulerOS-SA-2025-2283)
According to the versions of the busybox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal.CVE-2023-39810 In tar in BusyBox through 1.37.0,...
SUSE CVE-2025-12105
A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missin...
North Korean Hackers Lure Defense Engineers With Fake Jobs to Steal Drone Secrets
Threat actors with ties to North Korea have been attributed to a new wave of attacks targeting European companies active in the defense industry as part of a long-running campaign known as Operation Dream Job. "Some of these companies are heavily involved in the unmanned aerial vehicle UAV sector...
AZL-72841 CVE-2025-12105 affecting package libsoup for versions less than 3.4.4-11
A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missin...
DEBIAN-CVE-2025-12105
A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missin...
CVE-2025-12105
A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missin...
CVE-2025-12105
A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missin...
UBUNTU-CVE-2025-12105
A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missin...