Azure Linux 3.0 Security Update: valkey (CVE-2024-51741)

The version of valkey installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-51741 advisory. - Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileg...

PT-2026-1737

Name of the Vulnerable Software and Affected Versions brandexponents Oshine oshin versions through 7.2.7 Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Remote File Inclusion. This allows for PHP Local File Inclusion...

Oracle Linux 9 : redis:7 (ELSA-2025-20955)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-20955 advisory. - rebase to 7.2.11 for CVE-2025-49844 CVE-2025-46817 CVE-2025-46818 CVE-2025-46819 - rebase to 7.2.10 for CVE-2025-27151 CVE-2025-32023 and...

EUVD-2024-45795

Malicious code in bioql PyPI...

EUVD-2025-12221

Malicious code in bioql PyPI...

CVE-2025-32960

The CUBA REST API add-on performs operations on data and entities. Prior to version 7.2.7, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code ...

CVE-2025-32960

The CUBA REST API add-on performs operations on data and entities. Prior to version 7.2.7, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code ...

CVE-2025-32960 CUBA Generic REST API Vulnerable to Cross-Site Scripting (XSS) in the /files Endpoint

The CUBA REST API add-on performs operations on data and entities. Prior to version 7.2.7, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code ...

CVE-2025-32960 CUBA Generic REST API Vulnerable to Cross-Site Scripting (XSS) in the /files Endpoint

The CUBA REST API add-on performs operations on data and entities. Prior to version 7.2.7, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code ...

CVE-2025-32960

The CVE-2025-32960 vulnerability affects the CUBA REST API add-on prior to 7.2.7, where the input parameter (file path and name) can be manipulated to cause the server to return Content-Type: text/html for names ending in .html, enabling execution of malicious JavaScript in the browser after an a...

CUBA REST API Add-on 跨站脚本漏洞

CUBA REST API Add-on is a general-purpose REST API open-sourced by CUBA Platform. A cross-site scripting vulnerability exists in CUBA REST API Add-on versions prior to 7.2.7, which stems from improper file path manipulation and could lead to malicious JavaScript execution...

redis:7 security update

7.2.7-1 - rebase to 7.2.7 for CVE-2024-46981 and CVE-2024-51741...

SUSE CVE-2024-46981

Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate...

DEBIAN-CVE-2024-46981

Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate...

UBUNTU-CVE-2024-51741

Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem is fixed in Redis 7.2.7 and 7.4.2...

Malicious code in dhp-logging-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware def2cfdcf7555dce8bc6545670a20f1748d6588683a817bc7d922f42c8e9cd43 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Fortinet FortiManager Unauthenticated RCE

This module exploits a missing authentication vulnerability affecting FortiManager and FortiManager Cloud devices to achieve unauthenticated RCE with root privileges. The vulnerable FortiManager versions are: 7.6.0 7.4.0 through 7.4.4 7.2.0 through 7.2.7 7.0.0 through 7.0.12 6.4.0 through 6.4.14...

WordPress plugin File Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-10210

Name of the Vulnerable Software and Affected Versions Fortinet FortiManager versions 7.2.1 through 7.2.8 Fortinet FortiManager versions 7.4.0 through 7.4.5 Fortinet FortiManager versions 7.6.0 through 7.6.1 Fortinet FortiManager Cloud versions 7.2.2 through 7.2.7 Fortinet FortiManager Cloud...

RHSA-2020:0806 Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.7 on RHEL 8 security update

Bulletin has no description...