MiracleLinux 8 : ruby:2.6 (AXSA:2021-2402:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2402:01 advisory. rubygem-bundler: Insecure permissions on directory in /tmp/ allows for execution of malicious code CVE-2019-3881 ruby: NUL injection vulnerability o...

Citrix Workspace app for Windows Security Bulletin CVE-2025-4879

Severity - High Description of Problem A vulnerability has been discovered that impacts the Citrix Workspace app for Windows. Affected Versions The vulnerability affects the following supported versions of the Citrix Workspace app for Windows Current Release CR Citrix Workspace app for Windows...

CVE-2024-2402

The Better Comments WordPress plugin before 1.5.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-2402

The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchterm parameter in versions up to, and including, 1.0.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

2402 LTSR target device stuck initializing while checking the status of Hybrid joined machines

...

PVS configuration wizard error - Unable to communicate with license server

When upgrading the PVS farm to PVS 2402, PVS configuration wizard could not progress further if "Validate license server communication" was checked, displaying an error "Unable to communicate with the license server, or the license server version is not compatible with this version of Citrix...

Black area's when launching Horizon app on VDA 2402 CU1

After upgrading our VDA to 2402 cu1 we are presented with black artifacts on launch of Horizon app...

On Prem || FAS 2402 LTSR || FAS with intune certificate

Impacts and limitations of FAS with Intune certificate...

CVE-2025-2402

A hard-coded, non-random password for the object store minio of KNIME Business Hub in all versions except the ones listed below allows an unauthenticated remote attacker in possession of the password to read and manipulate swapped jobs or read and manipulate in- and output data of active jobs. It...

CVE-2025-2402

creationtimestamp| type| source ---|---|--- 2025-03-31 06:30:59+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/9593 2025-03-31 06:59:08+00:00| seen| https://bsky.app/profile/potato.software/post/3llnruhrno32t 2025-03-31 10:49:40+00:00| seen| https://t.me/cvedetector/21565 2026-03-25...

CVE-2025-2402

CVE-2025-2402 affects KNIME Business Hub. A hard-coded, non-random password for the object store (MinIO) in all versions except the listed fixes enables an unauthenticated attacker to read/manipulate swapped jobs or in/out data of active jobs, and can cause a denial-of-service by writing large da...

Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...

CVE-2024-25634

alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, an attacker can access data from other organizers. The attacker can use a specially crafted request to receive the e-mail log sent by other events. Version 2.0-M4-2402 fixes this issue...

EPA Client Removed When Workspace App is Upgraded from 2402 to 2402 CU1

Endpoints have Workspace app 2402 installed along with EPA Client Endpoints have been upgraded to Workspace app 2402 CU1 After upgrade, the EPA client has been removed...

Citrix Printing - Printer properties local settings is grayed out

Printer properties local settings grayed out after Citrix VDA server upgraded to Windows 2019 and Citrix upgraded to 2402...

Launch of Resources from CWA 2402,2403 or 2405 may fail if MSTeams Citrix plugin is installed

Affected versions : CWA release 2402, 2403 or 2405 When launching a published Desktop users are presented with a grey window momentarily. This then closes but shows connected in connection center Application launches will simply fail but the below error will be observed in the event logs In the...

CVE-2024-42427

Dell ThinOS versions 2402 and 2405, contains an Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of privileges...

PT-2024-29941 · Dell · Dell Thinos

Name of the Vulnerable Software and Affected Versions: Dell ThinOS versions 2402 and 2405 Description: The issue is related to an Improper Neutralization of Special Elements used in a Command, also known as a 'Command Injection' vulnerability. An unauthenticated attacker with physical access coul...

Citrix Systems Virtual Apps and Desktops Security Vulnerability

Citrix Systems Virtual Apps and Desktops is a virtualization software from Citrix Systems that provides virtual desktops and virtual applications for any operating system. A security vulnerability exists in versions prior to Citrix Systems Virtual Apps and Desktops 2402 that stems from the presen...

Citrix Systems Provisioning Security Vulnerability

Citrix Systems Provisioning is a software streaming technology push technology from Citrix Systems, Inc. It is used to deliver patches, updates, and other configuration information to multiple virtual desktop endpoints via a shared desktop image. A security vulnerability exists in versions prior ...