RHCOS 4 : OpenShift Container Platform 4.4.13 machine-config-daemon and openshift (RHSA-2020:2927)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2927 advisory. - kubernetes: node localhost services reachable via martian packets CVE-2020-8558 - proglottis/gpgme: Use-after-free in GPGME bindin...

Debian dsa-6174 : spip - security update

The remote Debian 13 host has a package installed that is affected by a vulnerability as referenced in the dsa-6174 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6174-1 [email protected] https://www.debian.org/security/...

SPIP 安全漏洞

SPIP is an open-source software developed by SPIP for creating Internet websites. Versions of SPIP prior to 4.4.13 contained security vulnerabilities. These vulnerabilities were caused by improper handling of the author’s data structure by STATUT, which could lead to improper permission allocatio...

CVE-2026-27468

Mastodon is a free, open-source social network server based on ActivityPub. FASP registration requires manual approval by an administrator. In versions 4.4.0 through 4.4.13 and 4.5.0 through 4.5.6, actions performed by a FASP to subscribe to account/content lifecycle events or to backfill content...

CVE-2026-3203

RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service...

[SECURITY] [DSA 6124-1] wireshark security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6124-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 08, 2026 https://www.debian.org/security/faq -...

SUSE SLES16 Security Update : wireshark (SUSE-SU-2026:20222-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:20222-1 advisory. Update to Wireshark 4.4.13: - CVE-2025-11626: MONGO dissector infinite loop bsc1251933. - CVE-2025-13499: Kafka dissector crash...

KLA91057 DoS vulnerabilities in Wireshark

Multiple vulnerabilities were found in Wireshark. Malicious users can exploit these vulnerabilities to cause denial of service. Below is a complete list of vulnerabilities: 1. Denial of service vulnerability in Wireshark dissector can be exploited remotely to cause denial of service. 2. Denial of...

Joomla! 4.x < 4.4.13 Multiple Vulnerabilities

According to its self-reported version, the instance of Joomla! running on the remote web server is 4.x prior to 4.4.13 or 5.x prior to 5.2.6. It is, therefore, affected by multiple vulnerabilities. - Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr metho...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to insufficient authentication in the upgrade flow. An attacker can bypass access restrictions and perform unauthorized actions by exploiting the unprotected upgrade logic. Remediation...

GHSA-XPC5-RR39-V8V2 Mautic has an XSS in contact tracking and page hits report

Summary Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report. Patches Please update to 4.4.13 or 5.1.1 or later. Workarounds None References https://owasp.org/www-project-top-ten/2017/A72017-Cross-SiteScriptingXSS...

PT-2024-11534 · Mautic · Mautic

Name of the Vulnerable Software and Affected Versions: Mautic versions prior to 4.4.13 Mautic versions prior to 5.1.1 Description: The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to the patc...

RHSA-2020:2927 Red Hat Security Advisory: OpenShift Container Platform 4.4.13 machine-config-daemon and openshift security update

Bulletin has no description...

PT-2024-15716 · Zhihuiyun · Zhihuiyun

Name of the Vulnerable Software and Affected Versions: ZhiHuiYun versions up to 4.4.13 Description: A critical issue affects the function download network image of the file /app/Http/Controllers/ImageController.php of the component Search. The manipulation of the argument url leads to server-side...

Simple File List < 4.4.13 - Page Creation via CSRF

The plugin does not implement nonce checks, which could allow attackers to make a logged in admin create new page and change it's content via a CSRF attack...

Typo3 API XSS Vulnerabilities

The t3libdiv::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to bypass the cross-site scripting XSS protection mechanism and inject arbitrary web script or HTML via non printable characters...

Mageia: Security Advisory (MGASA-2016-0232)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Code injection

NMSAccess32.exe in TeraRecon AQNetClient 4.4.13 allows attackers to execute a malicious binary with SYSTEM privileges via a low-privileged user account. To exploit this, a low-privileged user must change the service configuration or overwrite the binary service...

@alex.garcia/oak (>=0.0.17 <=0.0.19), @apify/better-sqlite3-prebuilds (=7.1.1) +195 more potentially affected by CVE-2021-32804 via tar (>=4.0.1 <=4.4.13)

tar NPM version =4.0.1, =0.0.17, =0.0.1, =0.2.0, =0.2.0, =3.0.7, =3.0.6, =1.4.0, =1.0.0, =1.0.0-alpha.1, =1.10.9-beta, =1.0.0, =1.1.4, =2.1.0, =2.2.0 and more Source cves: CVE-2021-32804 Source advisory: OSV:GHSA-3JFQ-G458-7QM9...

CVE-2020-15094 RCE in Symfony

In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially...