OPENSUSE-SU-2026:10815-1 libsdb2_4_2-6.1.4-2.1 on GA media

These are all security issues fixed in the libsdb242-6.1.4-2.1 package on the GA media of openSUSE Tumbleweed...

Security update for radare2 (critical)

openSUSE security update: security update for radare2 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20653-1 Rating: critical References: bsc1234065 bsc1237250 bsc1238075 bsc1238451 bsc1244121 bsc1262142 Cross-References: CVE-2024-29645 CVE-2025-13...

Radare2 路径遍历漏洞

Radare2 is an open-source reverse framework for Unix-based geeks, developed by Radare. Versions of radare2 prior to 6.1.4 contained a path traversal vulnerability. This vulnerability stemmed from path traversal during project deletion, allowing local attackers to recursively delete any directory ...

UBUNTU-CVE-2026-40517

radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with newline characters in symbol names. Attackers can inject arbitrary radare2 commands through unsanitiz...

OPENSUSE-SU-2026:10555-1 libsdb2_4_2-6.1.4-1.1 on GA media

These are all security issues fixed in the libsdb242-6.1.4-1.1 package on the GA media of openSUSE Tumbleweed...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414337)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414337 advisory. cbqclassify in net/sched/schcbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service slab-out-of-bounds read because of type confusion...

EUVD-2023-52379

Malicious code in bioql PyPI...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the JSON Web Services published to OSGi. An attacker can gain unauthorized access to restricted service operations by invoking classes directly, which causes Service Access Policies to be executed. Remediatio...

CVE-2024-46911

Cross-site Resource Forgery CSRF, Privilege escalation vulnerability in Apache Roller. On multi-blog/user Roller websites, by default weblog owners are trusted to publish arbitrary weblog content and this combined with a deficiency in Roller's CSRF protections allowed an escalation of privileges...

CVE-2025-24859 Apache Roller: Insufficient Session Expiration on Password Change

A session management vulnerability exists in Apache Roller before version 6.1.5 where active user sessions are not properly invalidated after password changes. When a user's password is changed, either by the user themselves or by an administrator, existing sessions remain active and usable. This...

CVE-2025-24717

Cross-Site Request Forgery CSRF vulnerability in Wow-Company Modal Window allows Cross Site Request Forgery. This issue affects Modal Window: from n/a through 6.1.4...

WordPress plugin Modal Window 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forgery...

CVE-2024-47793

Stored cross-site scripting vulnerability exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. When accessing the edit screen containing custom columns column type: images or files, an arbitrary script may be executed on the web browser of the user...

CVE-2024-46911 Apache Roller: Weakness in CSRF protection allows privilege escalation

Cross-site Resource Forgery CSRF, Privilege escalation vulnerability in Apache Roller. On multi-blog/user Roller websites, by default weblog owners are trusted to publish arbitrary weblog content and this combined with a deficiency in Roller's CSRF protections allowed an escalation of privileges...

CVE-2024-46911 Apache Roller: Weakness in CSRF protection allows privilege escalation

Cross-site Resource Forgery CSRF, Privilege escalation vulnerability in Apache Roller. On multi-blog/user Roller websites, by default weblog owners are trusted to publish arbitrary weblog content and this combined with a deficiency in Roller's CSRF protections allowed an escalation of privileges...

PT-2024-32280 · Apache · Apache Roller

Name of the Vulnerable Software and Affected Versions: Apache Roller versions prior to 6.1.4 Description: A Cross-site Resource Forgery CSRF and privilege escalation vulnerability exists in Apache Roller. On multi-blog/user Roller websites, weblog owners are trusted to publish arbitrary weblog...

This Week in Spring - February 20th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! How are you this fine 20th of February, 2024? I'm doing alright on this rainy 20th of Feburary here in San Francisco, and I hope you are too! We've got a ton of things to get into this week so let's dive right into it! Have y...

[SECURITY] Fedora 38 Update: unrealircd-6.1.4-1.fc38

UnrealIRCd is an Open Source IRC server based on the branch of IRCu called Dreamforge, formerly used by the DALnet IRC network. Since the beginning of development on UnrealIRCd in May of 1999, it has become a highly advanced IRCd with a strong focus on modularity, an advanced and highly...

CVE-2023-48323

Cross-Site Request Forgery CSRF vulnerability in Awesome Support Team Awesome Support – WordPress HelpDesk & Support Plugin allows Cross Site Request Forgery.This issue affects Awesome Support – WordPress HelpDesk & Support Plugin: from n/a through 6.1.4...

PT-2023-30784 · WordPress · Awesome Support

Name of the Vulnerable Software and Affected Versions: Awesome Support – WordPress HelpDesk & Support Plugin versions n/a through 6.1.4 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows Cross Site Request Forgery. Recommendations: For versions n/a through...