118 matches found
PT-2026-25615
A vulnerability was detected in myAEDES App up to 1.18.4 on Android. Affected is an unknown function of the file aedes/me/beta/utils/EngageBayUtils.java of the component aedes.me.beta. Performing a manipulation of the argument AUTH KEY results in information disclosure. The attack is only possibl...
PT-2026-6308
Name of the Vulnerable Software and Affected Versions cert-manager versions 1.18.0 through 1.18.4 cert-manager versions 1.19.0 through 1.19.2 Description cert-manager simplifies the process of obtaining, renewing, and using certificates in Kubernetes clusters. The cert-manager-controller performs...
Debian dla-4419 : gstreamer1.0-gtk3 - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4419 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4419-1 [email protected]...
CVE-2025-64715
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.16.17, 1.17.10, and 1.18.4, CiliumNetworkPolicys which use egress.toGroups.aws.securityGroupsIds to reference AWS security group IDs that do not exist or are not attached to any network...
PT-2025-48349
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.16.17, 1.17.10, and 1.18.4, CiliumNetworkPolicys which use egress.toGroups.aws.securityGroupsIds to reference AWS security group IDs that do not exist or are not attached to any network...
SUSE SLED15: cairo-devel / cairo-devel-32bit / cairo-tools / libcairo-gobject2 / etc (SUSE-SU-2025:03449-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:03449-1 advisory. - CVE-2025-50422: Fixed Poppler crash on malformed input bsc1247589 - Update to version 1.18.4: - The...
SUSE: Security Advisory (SUSE-SU-2025:03449-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security update for cairo
This update for cairo fixes the following issues: CVE-2025-50422: Fixed Poppler crash on malformed input bsc1247589 Update to version 1.18.4: The dependency on LZO has been made optional through a build time configuration toggle. You can build Cairo against a Freetype installation that does not...
SUSE-SU-2025:03449-1 Security update for cairo
This update for cairo fixes the following issues: - CVE-2025-50422: Fixed Poppler crash on malformed input bsc1247589 - Update to version 1.18.4: + The dependency on LZO has been made optional through a build time configuration toggle. + You can build Cairo against a Freetype installation that do...
CVE-2025-8778
The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the nitropacksetcompressionajax function in all versions up to, and including, 1.18.4. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2025-8778
The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the nitropacksetcompressionajax function in all versions up to, and including, 1.18.4. This makes it possible for authenticated attackers, with Subscriber-level access and...
PT-2025-37019
Name of the Vulnerable Software and Affected Versions: NitroPack versions up to and including 1.18.4 Description: The NitroPack plugin for WordPress is susceptible to unauthorized data modification. This is due to a missing capability check within the nitropack set compression ajax function...
OPENSUSE-SU-2025:15457-1 cairo-devel-1.18.4-3.1 on GA media
These are all security issues fixed in the cairo-devel-1.18.4-3.1 package on the GA media of openSUSE Tumbleweed...
Linux Distros Unpatched Vulnerability : CVE-2020-5225
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system...
Copyparty 跨站脚本漏洞
Copyparty is a portable file server for ed individual developers. A cross-site scripting vulnerability exists in Copyparty 1.18.4 and earlier versions, which stems from improper cleaning of the multimedia tags of music files and could lead to the execution of arbitrary JavaScript code...
Amazon Linux 2 : gstreamer1-plugins-good, --advisory ALAS2-2025-2776 (ALAS-2025-2776)
The version of gstreamer1-plugins-good installed on the remote host is prior to 1.18.4-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2776 advisory. GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detecte...
Gorush 安全漏洞
Gorush is a push notification server written in Go by Bo-Yi Wu, an individual developer. A security vulnerability exists in Gorush v1.18.4, which stems from the use of a deprecated version of TLS in the RunHTTPServer function. An attacker can use this vulnerability to intercept and manipulate dat...
BIT-GOLANG-2022-28131 Stack exhaustion from deeply nested XML documents in encoding/xml
Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document...
BIT-GOLANG-2022-30630 Stack exhaustion in Glob on certain paths in io/fs
Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators...
BIT-GOLANG-2022-30631 Stack exhaustion when reading certain archives in compress/gzip
Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files...