OPENSUSE-SU-2026:10829-1 python311-idna-3.15-1.1 on GA media

These are all security issues fixed in the python311-idna-3.15-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-41459

Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that allows unauthenticated attackers to retrieve the full server-side filesystem path of the application root. Attackers can send a GET request to the /setup page to access the exposed rootpath value...

Xerte Online Toolkits 路径遍历漏洞

Xerte Online Toolkits is an online learning content creation platform provided by British company Xerte. Versions of Xerte Online Toolkits 3.15 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the elFinder connector in the /editor/elfinder/php/connector.php...

Xerte Online Toolkits 安全漏洞

Xerte Online Toolkits is an online learning content creation platform provided by Xerte Ltd. in the UK. Versions of Xerte Online Toolkits 3.15 and earlier contained a security vulnerability. This vulnerability stemmed from the unvalidated user-accessible /setup page, which allowed access to the...

Fedora 43 : python3.15 (2026-7ea30e843c)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-7ea30e843c advisory. New prerelease version Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Fedora 44 : pcs (2026-015b33238d)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-015b33238d advisory. - Rebased pcs to the newest major version see CHANGELOG.md - Updated standalone web UI and HA Cluster Management Cockpit application to pcs-web-ui 0.1.24.2 s...

SUSE CVE-2026-28292

simple-git, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes CVE-2022-25860 and CVE-2022-25912 and achieve full remote code execution on the host machine. Version 3.23.0 contains ...

CVE-2026-28292 simple-git has blockUnsafeOperationsPlugin bypass via case-insensitive protocol.allow config key that enables RCE

simple-git, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes CVE-2022-25860 and CVE-2022-25912 and achieve full remote code execution on the host machine. Version 3.23.0 contains ...

OPENSUSE-SU-2026:10126-1 python315-3.15.0~a3-3.1 on GA media

These are all security issues fixed in the python315-3.15.0a3-3.1 package on the GA media of openSUSE Tumbleweed...

CVE-2025-68857

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ichurakov Paid Downloads paid-downloads allows Blind SQL Injection.This issue affects Paid Downloads: from n/a through = 3.15...

WordPress plugin Paid Downloads has a SQL injection vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress Paid Downloads plugin <= 3.15 - SQL Injection vulnerability

SQL Injection vulnerability discovered by 0xVenus in WordPress Plugin Paid Downloads versions = 3.15...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002862)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002862 advisory. The handleinvept function in arch/x86/kvm/vmx.c in the Linux kernel 3.12 through 3.15 allows privileged KVM guest OS users to cause a denial of service NULL pointer...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002567)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002567 advisory. The handleinvept function in arch/x86/kvm/vmx.c in the Linux kernel 3.12 through 3.15 allows privileged KVM guest OS users to cause a denial of service NULL pointer...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000948)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000948 advisory. The XFS implementation in the Linux kernel before 3.15 improperly uses an old size value during remote attribute replacement, which allows local users to cause a...

OPENSUSE-SU-2025:15713-1 python315-3.15.0~a1-1.1 on GA media

These are all security issues fixed in the python315-3.15.0a1-1.1 package on the GA media of openSUSE Tumbleweed...

EUVD-2025-28131

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2017-5644

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service CPU consumption via a specially crafted OOXML file, aka an XML...

ROOT-OS-ALPINE-315-CVE-2022-25309 CVE-2022-25309 in rootio-fribidi - Patched by Root

Root has patched CVE-2022-25309 in the rootio-fribidi package for Root:Alpine:3.15. Multiple fixed versions available...

CVE-2025-47792

Nextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications already installed on a user machine can create link shares for almost all data via the socket API. These shares can then be easily sent off to an external service...