Debian dsa-6234 : pdns-recursor - security update

The remote Debian 13 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-6234 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6234-1 [email protected] https://www.debian.org/securit...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003708)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003708 advisory. drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. Tenable h...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003831)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003831 advisory. In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peakusb/pcanusbfd.c driver, aka...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003668)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003668 advisory. drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic which may be remote via usbip o...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003593)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003593 advisory. drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. Tenable h...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003778)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003778 advisory. checkinputterm in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion. Tenable has extracted the preceding...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000262)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000262 advisory. parseaudiomixerunit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access. Tenable has extract...

CVE-2025-64460

A flaw was found in Django. This vulnerability allows a remote attacker to cause a potential denial-of-service DoS attack triggering Central Processing Unit CPU and memory exhaustion via specially crafted Extensible Markup Language XML input processed by the XML Deserializer. Mitigation Mitigatio...

Django 4.2.x < 4.2.27, 5.0.x < 5.1.15, 5.2.x < 5.2.9 Multiple Vulnerabilities - Linux

Django is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:djangoproject:django"; if descriptio...

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to the improper privilege management for in the upload process. An attacker can install or remove arbitrary packages and potentially execute malicious code by leveraging insufficient access controls in the...

EUVD-2025-200248

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML...

EUVD-2019-6493

Malware in sbrugna...

CVE-2025-4135

A vulnerability was found in Netgear WG302v2 up to 5.2.9 and classified as critical. Affected by this issue is the function uigetinputvalue. The manipulation of the argument host leads to command injection. The attack may be launched remotely. The vendor was contacted early about this disclosure...

CVE-2024-43921

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Magic Post Thumbnail allows Reflected XSS.This issue affects Magic Post Thumbnail: from n/a through 5.2.9...

CVE-2024-45874

A DLL hijacking vulnerability in VegaBird Vooki 5.2.9 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Vooki.exe...

CVE-2024-45874

Vulnerability: CVE-2024-45874 affects VegaBird Vooki 5.2.9. Risk arises from DLL hijacking by placing a crafted DLL in the same directory as Vooki.exe, enabling arbitrary code execution and potential persistence. Affected component is the Vooki application (VegaBird Vooki 5.2.9); root cause is lo...

CVE-2024-45874

A DLL hijacking vulnerability in VegaBird Vooki 5.2.9 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Vooki.exe...

VegaBird Vooki 5.2.9 DLL Hijacking

==================================== CVE ID: CVE-2024-45874 Author: Iulian Florea Vendor: VegaBird Product: Vooki - Dynamic Web Application & REST API Vulnerability Scanner DAST Tool Vulnerability Type: DLL Hijacking ==================================== ==================================== Summar...

PT-2024-31826 · Vegabird · Vegabird Vooki

Name of the Vulnerable Software and Affected Versions: VegaBird Vooki version 5.2.9 Description: A DLL hijacking issue allows attackers to execute arbitrary code and maintain persistence by placing a crafted DLL file in the same directory as Vooki.exe. This enables attackers to potentially gain...

PT-2024-30782 · Unknown · Magic Post Thumbnail

Name of the Vulnerable Software and Affected Versions: Magic Post Thumbnail versions 5.2.9 and earlier Description: The issue is related to improper neutralization of input during web page generation, leading to a Cross-site Scripting XSS vulnerability. This allows for Reflected XSS. The estimate...