OPENSUSE-SU-2026:10674-1 curl-8.20.0-1.1 on GA media

These are all security issues fixed in the curl-8.20.0-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-32538 WordPress SMTP Mailer plugin <= 1.1.24 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Noor Alam SMTP Mailer smtp-mailer allows Retrieve Embedded Sensitive Data.This issue affects SMTP Mailer: from n/a through = 1.1.24...

CVE-2026-24942

Cross-Site Request Forgery CSRF vulnerability in magepeopleteam WpEvently mage-eventpress allows Cross Site Request Forgery.This issue affects WpEvently: from n/a through = 5.1.1...

CVE-2021-2365

Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite component: People Management. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Human Resources...

EUVD-2021-10959

Malware in sbrugna...

EUVD-2019-18860

Malware in sbrugna...

CVE-2025-47288

Discourse Policy plugin gives the ability to confirm users have seen or done something. Prior to version 0.1.1, if there was a policy posted to a public topic that was tied to a private group then the group members could be shown to non-group members. This issue has been patched in version 0.1.1....

CVE-2024-31970

AdTran SRG 834-5 HDC17600021F1 devices with SmartOS 11.1.1.1 and fixed in Version 12.1.3.1 have SSH enabled by default, accessible both over the LAN and the Internet. During a window of time when the device is being set up, it uses a default username and password combination of admin/admin with...

CVE-2019-8834

A configuration issue was addressed with additional restrictions. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iTunes 12.10.3 for Windows, iClo...

CVE-2025-23505 WordPress Pit Login Welcome plugin <= 1.1.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pantho Bihosh Pit Login Welcome pit-login-welcome allows Reflected XSS.This issue affects Pit Login Welcome: from n/a through = 1.1.5...

SUSE-SU-2025:0345-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation bsc1236136...

PT-2024-28055 · Nptd-Rs · Nptd-Rs

Name of the Vulnerable Software and Affected Versions: nptd-rs versions prior to 1.1.3 Description: The issue is related to a missing limit for accepted NTS-KE connections in nptd-rs, a tool for synchronizing computer clocks that implements the NTP and NTS protocols. This allows an unauthenticate...

Unchecked cToken mint in mint() risks imbalance, breaking 1:1 peg reserve backing.

Lines of code Vulnerability details Impact mint does not check return code from cToken.mint. If minting fails, contract could have imbalance between cTokens and minted asD tokens. Attacker mints asD but underlying cToken mint fails. Result is loss of 1:1 peg backing. Proof of Concept In the mint...

Unchecked redeemUnderlying failure allows burning asD without redeeming NOTE, breaking peg.

Lines of code Vulnerability details Impact The burn function does not validate the return code from redeemUnderlying. This means if redeeming fails, asD tokens could be burned without redeeming the underlying NOTE, breaking 1:1 peg. Attacker burns asD tokens and receives NOTE, but contract fails ...

PT-2022-25163 · Intelbras · Intelbras Wifiber 120Ac Inmesh

Name of the Vulnerable Software and Affected Versions: Intelbras WiFiber 120AC inMesh versions before 1-1-220826 Description: The issue allows command injection by authenticated users. This is demonstrated by the "/boaform/formPing6" and "/boaform/formTracert" URIs for ping and traceroute...

Input validation

An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift. If a user creates a project called "MyProject", and then later deletes it another user can then create a project called "MyProject" and access...

GSD-2022-1001649 spi: cadence-quadspi: fix protocol setup for non-1-1-X operations

spi: cadence-quadspi: fix protocol setup for non-1-1-X operations This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.35 by commit...

1&1 Versatel Expands Its Business Portfolio in Germany with Akamai

1&1 Versatel is a B2B provider for fibre gigabit connections and network-related services in Germany. The company is part of the United Internet AG and as such a sister company of 1&1 AG. 1&1 Versatel operates one of the biggest and most powerful fibre networks in Germany - providing its own...

Out-of-bounds

The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, WhatsApp for KaiOS prior to v2.2143, WhatsApp Desktop prior to v2.2146 could have allowed an...

Top 10 Cybersecurity Best Practices to Combat Ransomware

If you’re like most IT professionals, the threat of a ransomware attack might keep you up at night. And you have a valid reason to worry — ransomware doesn’t discriminate. Organizations across every industry, public or private, are potential victims, if they haven’t been victims already. In fact,...