ROOT-OS-UBUNTU-2404-CVE-2025-21873 CVE-2025-21873 in rootio-linux - Patched by Root

Root has patched CVE-2025-21873 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

acherion (>=0.2.0 <=0.5.3), aesp (=2025.9.12) +223 more potentially affected by CVE-2026-21873 via nicegui (>=2.22.2 <=3.3.1)

nicegui PYPI version =2.22.2, =0.2.0, =1.0.0, =0.0.1, =0.1.0, =0.2.200, =0.3.0, =0.3.0, =0.0.0, =0.4.14, =1.0.0, =0.4.4, =0.4.9 and more Source cves: CVE-2026-21873 Source advisory: SNYK:PYTHON-NICEGUI-14912444...

CVE-2026-21873

NiceGUI (Python UI framework) has a cross-site scripting risk in versions 2.22.0–3.4.1 due to an unsafe pushstate listener in ui.sub_pages that lets an attacker manipulate the URL fragment via an iframe. The issue is exploitable without user interaction and affects pages embeddable in iframes. A ...

CVE-2026-21873 Zero-click XSS in all NiceGUI apps which uses `ui.sub_pages`

NiceGUI is a Python-based UI framework. From versions 2.22.0 to 3.4.1, an unsafe implementation in the pushstate event listener used by ui.subpages allows an attacker to manipulate the fragment identifier of the URL, which they can do despite being cross-site, using an iframe. This issue has been...

CVE-2026-21873

creationtimestamp| type| source ---|---|--- 2026-01-08 09:24:29+00:00| published-proof-of-concept| https://github.com/zauberzeug/nicegui/security/advisories/GHSA-mhpg-c27v-6mxr 2026-01-08 11:01:09+00:00| seen| Telegram/wglSmFthAobarYZ5lKlTDy3be09zcc68zd-F7c4mDs3nfFs 2026-01-08 13:29:51+00:00| see...

Ubuntu: Security Advisory (USN-7809-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-7801-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-7766-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux Distros Unpatched Vulnerability : CVE-2025-21873

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: bsg: Fix crash when arpmb command fails If the device doesn't support arpmb...

CVE-2025-21873

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: bsg: Fix crash when arpmb command fails If the device doesn't support arpmb we'll crash due to copying user data in bsgtransportsgiofn. In the case where ufsbsgexecadvancedrpmbreq returns an error, do not set the...

CVE-2025-21873

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: bsg: Fix crash when arpmb command fails If the device doesn't support arpmb we'll crash due to copying user data in bsgtransportsgiofn. In the case where ufsbsgexecadvancedrpmbreq returns an error, do not set the...

CVE-2025-21873

CVE-2025-21873 affects the Linux kernel SCSI/UFS stack, specifically the bsg path. The issue occurs when an ARPMB (arpmb) command fails on devices that do not support ARPMB, leading to a crash due to copying user data in bsg_transport_sg_io_fn(). When ufs_bsg_exec_advanced_rpmb_req() returns an e...

CVE-2025-21873 scsi: ufs: core: bsg: Fix crash when arpmb command fails

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: bsg: Fix crash when arpmb command fails If the device doesn't support arpmb we'll crash due to copying user data in bsgtransportsgiofn. In the case where ufsbsgexecadvancedrpmbreq returns an error, do not set the...

CVE-2023-42094

Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious...

CVE-2023-42094 Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious...

CVE-2023-42094 Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious...

Moderate: Red Hat Security Advisory: rh-mysql80-mysql security update

An update for rh-mysql80-mysql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

SUSE CVE-2023-21873

unknown...

Ubuntu: Security Advisory (USN-5823-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-21873

creationtimestamp| type| source ---|---|--- 2023-01-18 02:26:37+00:00| seen| https://t.me/cibsecurity/56644...