1219 matches found
Unity Linux 20.1060e / 20.1070e Security Update: ruby (UTSA-2026-016521)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016521 advisory. An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data...
EUVD-2026-26484
@diplodoc/search-extension 1.0.0 through 3.x before 3.0.3 allows stored XSS via the title in a .md file...
CVE-2026-40201
The CVE-2026-40201 affects @diplodoc/search-extension from versions 1.0.0 through 3.x prior to 3.0.3, where a stored XSS is possible via the title in a .md file. The issue is caused by input not being properly sanitized before being rendered in titles, enabling an attacker-supplied payload to exe...
GHSA-2M67-WJPJ-XHG9 Jackson Core: Document length constraint bypass in blocking, async, and DataInput parsers
Summary Jackson Core 3.x does not consistently enforce StreamReadConstraints.maxDocumentLength. Oversized JSON documents can be accepted without a StreamConstraintsException in multiple parser entry points, which allows configured size limits to be bypassed and weakens denial-of-service...
CVE-2026-34876
An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtlsccmfinish in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized taglen parameter. This is caused by missing validation of t...
📄 OpenSSL 3.x ASN.1 AES‑GCM Nonce Stack Corruption
This Metasploit auxiliary module generates a specially crafted CMS file encoded in DER format to test a stack-based buffer overflow vulnerability in OpenSSL's ASN.1 parser related to improper handling of oversized AES-GCM nonce IV values within AES-GCM-Parameters as defined in RFC 5084. The...
MiracleLinux 4 : jakarta-commons-httpclient-3.1-0.7.AXS4 (AXSA:2013-313:01)
The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2013-313:01 advisory. The Hyper-Text Transfer Protocol HTTP is perhaps the most significant protocol used on the Internet today. Web services, network-enabled appliances and the...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001948)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001948 advisory. Use-after-free vulnerability in the pathopenat function in fs/namei.c in the Linux kernel 3.x and 4.x before 4.0.4 allows local users to cause a denial of service or...
CVE-2019-16725
In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates...
CVE-2026-21444 libtpms returns wrong initialization vector when certain symmetric ciphers are used
libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV initialization vector when certain symmetric ciphers were used...
PT-2026-1122
Name of the Vulnerable Software and Affected Versions libtpms versions 0.10.0 through 0.10.1 Description libtpms, a library providing software emulation of a Trusted Platform Module, contains a flaw impacting data confidentiality. When integrated with OpenSSL 3.x, the library incorrectly returns...
CVE-2025-48878
Combodo iTop is a web based IT service management tool. In versions on the 3.x branch prior to 3.2.2, an insecure direct object reference allows a user e.g. with Service desk agent profile to create a ModuleInstallation object when they shouldn't be able to do so. Version 3.2.2 fixes the issue...
CVE-2025-48878
CVE-2025-48878 affects Combodo iTop (3.x) prior to 3.2.2. The vulnerability is an insecure direct object reference that allows a user (e.g., with a Service desk agent profile) to create a ModuleInstallation object when they should not be able to. The issue is resolved in 3.2.2. Impact details are...
EUVD-2025-34672
Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from malicious external parties in an unfiltered/unsalted way...
Security Bulletin: Ehcache library of IBM Terracotta hash flooding DoS vulnerability
Summary The Ehcache 3.x component library of IBM Terracotta was found to have a hash flooding DoS vulnerability that can affect applications that use cache keys directly sourced from end users. Vulnerability Details CVEID:CVE-2025-2529 DESCRIPTION: Applications using affected versions of Ehcache...
EUVD-2018-11750
Malware in sbrugna...
EUVD-2019-6159
Malware in sbrugna...
EUVD-2007-6175
Malware in sbrugna...
EUVD-2020-3171
Malware in sbrugna...
EUVD-2020-18471
Malware in sbrugna...