K000160700: Log4J vulnerability CVE-2025-68161

Security Advisory Description The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https:// logging.apache . org/log4j/2.x/manual/appenders/network...

CVE-2026-29089

TimescaleDB is a time-series database for high-performance real-time analytics packaged as a Postgres extension. From version 2.23.0 to 2.25.1, PostgreSQL uses the searchpath setting to locate unqualified database objects tables, functions, operators. If the searchpath includes user-writable...

CVE-2026-29089

TimescaleDB (Postgres extension) contains a vulnerability in the upgrade path where PostgreSQL’s untrusted search_path can be abused. From versions 2.23.0–2.25.1 , if the search_path includes user-writable schemas, a malicious user could create functions shadowing builtin Postgres functions, caus...

CVE-2026-29089 TimescaleDB uses untrusted search path during extension upgrade

TimescaleDB is a time-series database for high-performance real-time analytics packaged as a Postgres extension. From version 2.23.0 to 2.25.1, PostgreSQL uses the searchpath setting to locate unqualified database objects tables, functions, operators. If the searchpath includes user-writable...

CVE-2026-29089 TimescaleDB uses untrusted search path during extension upgrade

TimescaleDB is a time-series database for high-performance real-time analytics packaged as a Postgres extension. From version 2.23.0 to 2.25.1, PostgreSQL uses the searchpath setting to locate unqualified database objects tables, functions, operators. If the searchpath includes user-writable...

PT-2026-23731

Name of the Vulnerable Software and Affected Versions TimescaleDB versions 2.23.0 through 2.25.1 Description TimescaleDB is a time-series database that functions as a Postgres extension. A flaw exists where PostgreSQL’s use of the search path setting can allow a malicious user to create functions...

Important: Red Hat Security Advisory: RHOAI 2.25.2 - Red Hat OpenShift AI

Updated images are now available for Red Hat OpenShift AI. Release of RHOAI 2.25.2 provides these changes:...

CVE-2025-68161 Apache Log4j Core: Missing TLS hostname verification in Socket appender

The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.htmlSslConfiguration-attr-verifyHostName configuration attribut...

FreeBSD : spotipy -- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (8acfcfdc-d27c-11f0-8512-b0416f0c4c67)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 8acfcfdc-d27c-11f0-8512-b0416f0c4c67 advisory. https://github.com/spotipy-dev/spotipy/security/advisories/GHSA-r77h-rpp9-w2xm reports: Spotipy is a...

CVE-2025-66040

Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting XSS vulnerability in the OAuth callback server that allows for JavaScript injection through the unsanitized error parameter. Attackers can execute arbitrary JavaScript in the user's brows...

Fedora 43 : python-spotipy (2025-20ca419536)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-20ca419536 advisory. update to version 2.25.2 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested fo...

Fedora: Security Advisory (FEDORA-2025-be2a1b5e6a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux Distros Unpatched Vulnerability : CVE-2025-66040

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting XSS vulnerability in the OAuth callback server tha...

DEBIAN-CVE-2025-66040

Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting XSS vulnerability in the OAuth callback server that allows for JavaScript injection through the unsanitized error parameter. Attackers can execute arbitrary JavaScript in the user's brows...

UBUNTU-CVE-2025-66040

Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting XSS vulnerability in the OAuth callback server that allows for JavaScript injection through the unsanitized error parameter. Attackers can execute arbitrary JavaScript in the user's brows...

Spotipy 跨站脚本漏洞

Spotipy is the spotipy-dev individual developer's lightweight Python library for the Spotify Web API. A cross-site scripting vulnerability exists in Spotipy versions prior to 2.25.2, which stems from the OAuth callback server failing to clean up incorrect parameters, which could lead to a...

OPENSUSE-SU-2025:15777-1 python311-spotipy-2.25.2-1.1 on GA media

These are all security issues fixed in the python311-spotipy-2.25.2-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2025-66040 Spotipy has a XSS vulnerability in OAuth callback server

Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting XSS vulnerability in the OAuth callback server that allows for JavaScript injection through the unsanitized error parameter. Attackers can execute arbitrary JavaScript in the user's brows...

CVE-2025-66040

Spotipy (Python Spotify Web API client) has an XSS vulnerability in its OAuth callback server. The issue arises from reflecting the unsanitized error URL parameter directly into the HTML response, enabling JavaScript injection during the OAuth flow. Affected versions are prior to 2.25.2, with the...

CVE-2025-66040

Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting XSS vulnerability in the OAuth callback server that allows for JavaScript injection through the unsanitized error parameter. Attackers can execute arbitrary JavaScript in the user's brows...