SUSE-SU-2026:1964-1 Security update for rmt-server

This update for rmt-server fixes the following issues - CVE-2026-26961: rack: mismatch in header handling can allow to smuggle multipart content bsc1261398. - CVE-2026-26962: rack: improper unfolding of folded multipart headers can lead to header injection or response splitting bsc1261471. -...

EUVD-2017-7122

Malware in sbrugna...

EUVD-2019-15840

Malware in sbrugna...

EUVD-2022-32534

Malicious code in bioql PyPI...

EulerOS 2.0 SP13 : glibc (EulerOS-SA-2025-1988)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of...

DEBIAN-CVE-2025-4802

Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or calls to NSS functions...

AZL-61877 CVE-2025-4802 affecting package glibc for versions less than 2.38-14

Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or calls to NSS functions...

PT-2025-9149 · Woocommerce · Multilevel Referral Affiliate Plugin For Woocommerce

Name of the Vulnerable Software and Affected Versions: Multilevel Referral Affiliate Plugin for WooCommerce versions up to 2.27 Description: The issue allows authenticated attackers with Subscriber-level access and above to inject SQL queries, potentially extracting sensitive information from the...

WordPress Multilevel Referral Affiliate Plugin for WooCommerce plugin <= 2.28 - SQL Injection vulnerability

SQL Injection vulnerability discovered by oncybersec in WordPress Plugin Multilevel Referral Affiliate Plugin for WooCommerce versions = 2.28...

PT-2024-35851 · Woocommerce · Multilevel Referral Affiliate Plugin For Woocommerce

Name of the Vulnerable Software and Affected Versions: Multilevel Referral Affiliate Plugin for WooCommerce versions n/a through 2.27 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows reflected XSS...

OPENSUSE-SU-2024:10248-1 grep-2.27-2.1 on GA media

These are all security issues fixed in the grep-2.27-2.1 package on the GA media of openSUSE Tumbleweed...

CVE-2023-42419 Improper Management of Cryptographic Keys in the Maintenance Server in QCOW Air-Gapped Distribution (China Edition)

Maintenance Server, in Cybellum's QCOW air-gapped distribution China Edition, versions 2.15.5 through 2.27, was compiled with a hard-coded private cryptographic key. An attacker with administrative privileges & access to the air-gapped server could potentially use this key to run commands on the...

K13255123: glibc vulnerability CVE-2017-18269

Security Advisory Description An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library aka glibc or libc6 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of t...

SUSE CVE-2021-42715

An issue was discovered in stb stbimage.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stbimage by submitting crafted HDR files...

CVE-2021-37789

stbimage.h 2.27 has a heap-based buffer over in stbijpegload, leading to Information Disclosure or Denial of Service...

CVE-2021-37789

stbimage.h 2.27 has a heap-based buffer over in stbijpegload, leading to Information Disclosure or Denial of Service...

PT-2022-26892 · Jenkins · Jenkins Pipeline: Stage View Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Stage View Plugin versions 2.26 and earlier Description: The issue arises from the incorrect encoding of the ID of input steps when generating URLs to proceed or abort Pipeline builds, allowing attackers who can configure...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1594 more potentially affected by CVE-2021-21608 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.27)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2021-21608 Source advisory: OSV:GHSA-WV63-GWR9-5C55...

CVE-2022-28048

STB v2.27 was discovered to contain an integer shift of invalid size in the component stbijpegdecodeblockprogac...

PT-2022-7205 · Libstb +3 · Libstb +3

Name of the Vulnerable Software and Affected Versions: Libstb versions prior to the version with the fixed stb image.h component stb image.h version 2.27 Description: The issue is related to a heap-based use-after-free in the stb image.h component of the Libstb library for C/C++. This can be...