Astra Linux – Vulnerability in python-urllib3

The urllib3 library before version 1.24.2 in Python mishandles certain cases where the desired set of CA certificates differs from the CA certificates stored in the operating system’s store. As a result, SSL connections succeed in situations where a verification failure would be the correct...

EulerOS 2.0 SP11 : unbound (EulerOS-SA-2026-1595)

According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : NLnet Labs Unbound up to and including version 1.24.1 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement...

Fedora 42 : unbound (2025-38b1c0f3b5)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-38b1c0f3b5 advisory. Update to 1.24.2 rhbz2417261 - Additional fix for CVE-2025-11411 https://nlnetlabs.nl/projects/unbound/download/unbound-1-24-2 Tenable has extracted the...

Fedora: Security Advisory (FEDORA-2025-90281e4554)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AZL-68796 CVE-2025-11411 affecting package unbound for versions less than 1.19.1-4

NLnet Labs Unbound up to and including version 1.24.1 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive DNS replies in the authority section can be used to trick resolvers to update their delegation information for the zone. Usually these RRSets are...

EUVD-2019-0153

Malware in sbrugna...

CVE-2023-31045

A stored Cross-site scripting XSS issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. When a user is editing any content type e.g., page, post, or card as an admin, the stored XSS payload is execute...

Security update for go1.24

This update for go1.24 fixes the following issues: Update to go1.24.2 CVE-2025-22871: Fix an issue with request smuggling through invalid chunked data. bsc1240550 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

CVE-2024-28109

veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution RCE vulnerability. This vulnerability is fixed in 1.24.2...

GHSA-QXQF-2MFX-X8JW veraPDF has potential XSLT injection vulnerability when using policy files

Impact Executing policy checks using custom schematron files invokes an XSL transformation that may theoretically lead to a remote code execution RCE vulnerability. Patches This has been patched and users should upgrade to veraPDF v1.24.2 Workarounds This doesn't affect the standard validation an...

CVE-2024-28109

veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution RCE vulnerability. This vulnerability is fixed in 1.24.2...

PT-2024-22267 · Unknown · Verapdf-Library

Name of the Vulnerable Software and Affected Versions: veraPDF-library versions prior to 1.24.2 Description: The veraPDF-library, a PDF/A validation library, has a remote code execution RCE vulnerability when executing policy checks using custom schematron files. This invokes an XSL transformatio...

CVE-2024-26138 License information is public, exposing instance id and license holder details

The XWiki licensor application, which manages and enforce application licenses for paid extensions, includes the document Licenses.Code.LicenseJSON that provides information for admins regarding active licenses. This document is public and thus exposes this information publicly. The information...

PT-2024-21295 · Xwiki · Xwiki Application Licensing

Name of the Vulnerable Software and Affected Versions: XWiki Application Licensing versions prior to 1.24.2 Description: The XWiki licensor application includes a public document Licenses.Code.LicenseJSON that exposes sensitive information, including the instance's id, first and last name, and...

WordPress Plugin Import and export users and customers Security Vulnerabilities

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

GHSA-GWVM-45GX-3CF8 Authorization Header forwarded on redirect

urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect i.e., a redirect that differs in host, port, or scheme. This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this...

urllib3 Input Validation Error Vulnerability

urllib3 is a Python HTTP library. It features thread-safe connection pooling, file publishing support, and more. A security vulnerability exists in urllib3 versions prior to 1.24.2, which stems from a vulnerability that allows an attacker to obtain credentials in an authorization header or transm...

CVE-2023-31045

A stored Cross-site scripting XSS issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. When a user is editing any content type e.g., page, post, or card as an admin, the stored XSS payload is execute...

PT-2023-23121 · Unknown · Backdrop Cms

Name of the Vulnerable Software and Affected Versions: Backdrop CMS versions prior to 1.24.2 Description: A stored Cross-site scripting XSS issue in Text Editors and Formats allows remote attackers to inject arbitrary web script or HTML via the name parameter. When a user is editing any content...

Backdrop CMS 跨站脚本漏洞

Backdrop CMS is an open source content management system CMS. A security vulnerability exists in Backdrop CMS versions prior to 1.24.2. An attacker can exploit this vulnerability to inject arbitrary web script or html code via the name parameter...