PT-2026-44782

These are all security issues fixed in the libsuricata8 0 5-8.0.5-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10885-1 libsuricata8_0_5-8.0.5-1.1 on GA media

These are all security issues fixed in the libsuricata805-8.0.5-1.1 package on the GA media of openSUSE Tumbleweed...

PT-2026-44776

These are all security issues fixed in the libsuricata8 0 5-8.0.5-1.1 package on the GA media of openSUSE Tumbleweed...

SQL Injection

Overview dolibarr/dolibarr is a modern and easy to use web software to manage your business. Affected versions of this package are vulnerable to SQL Injection via the rowid parameter in the admin/dict.php process. An attacker can access sensitive database information and partially modify data by...

CVE-2026-39364

CVE-2026-39364 affects the Vite dev server. Vulnerable versions include Vite 7.1.0 through 7.3.1 and 8.0.0 through 8.0.4; on those, files that should be blocked by server.fs.deny (e.g., .env, *.crt) could be retrieved via HTTP 200 when requesting with certain query params (?raw, ?import&raw, or ?...

CVE-2026-39364

Vite is a frontend tooling framework for JavaScript. From 7.1.0 to before 7.3.2 and 8.0.5, on the Vite dev server, files that should be blocked by server.fs.deny e.g., .env, .crt can be retrieved with HTTP 200 responses when query parameters such as ?raw, ?import&raw, or ?import&url&inline are...

Vite 访问控制错误漏洞

Vite is a new type of front-end build tool developed by Vite itself. Versions of Vite from 7.1.0 to 7.3.2, as well as versions before 8.0.5, have a access control error vulnerability. This vulnerability stems from the ability to bypass the server file blocklist, potentially allowing access to fil...

Vite 访问控制错误漏洞

Vite is a new type of front-end build tool developed by Vite itself. Versions of Vite from 6.0.0 to 6.4.2, before 7.3.2, and before 8.0.5 have a security vulnerability related to access control. This vulnerability stems from the lack of access control in WebSocket paths, which could allow attacke...

Missing Authentication for Critical Function

Overview vite is a Native-ESM powered web dev build tool Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the fetchModule method exposed through the WebSocket interface when the server is explicitly exposed to the network and WebSocket is enable...

CVE-2025-60232

Deserialization of Untrusted Data vulnerability in quantumcloud KBx Pro Ultimate knowledgebase-helpdesk-pro allows Object Injection.This issue affects KBx Pro Ultimate: from n/a through = 8.0.5...

EUVD-2025-35400

Deserialization of Untrusted Data vulnerability in quantumcloud KBx Pro Ultimate knowledgebase-helpdesk-pro allows Object Injection.This issue affects KBx Pro Ultimate: from n/a through = 8.0.5...

BIT-MONGODB-2025-6711 Incomplete Redaction of Sensitive Information in MongoDB Server Logs

An issue has been identified in MongoDB Server where unredacted queries may inadvertently appear in server logs when certain error conditions are encountered. This issue affects MongoDB Server v8.0 versions prior to 8.0.5, MongoDB Server v7.0 versions prior to 7.0.18 and MongoDB Server v6.0...

EUVD-2024-52315

Malicious code in bioql PyPI...

EUVD-2025-2695

Malicious code in bioql PyPI...

EUVD-2025-27797

Malicious code in bioql PyPI...

MAL-2025-47459 Malicious code in libvirt-python (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c2071f9220268a6478afd2c0c3f551190b1ac0eec255abc1d5e1dbc35744e5e0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

BIT-MONGODB-2025-6710 Pre-authentication Denial of Service Stack Overflow Vulnerability in JSON Parsing via Excessive Recursion in MongoDB

MongoDB Server may be susceptible to stack overflow due to JSON parsing mechanism, where specifically crafted JSON inputs may induce unwarranted levels of recursion, resulting in excessive stack space consumption. Such inputs can lead to a stack overflow that causes the server to crash which coul...

PT-2025-37717

Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 6.0.25 MongoDB Server versions prior to 7.0.21 MongoDB Server versions prior to 8.0.5 Description: The MongoDB Windows installation MSI may leave Access Control Lists ACLs unset on custom installation...

WordPress KBx Pro Ultimate plugin <= 8.0.5 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin KBx Pro Ultimate versions = 8.0.5...

Security Bulletin: cups vulnerability in BAMOE 8.0.5 images

Summary There was a cups library vulnerability in BAMOE 8.0.5 images, transitively brought in by RHEL base OS image layer. Vulnerability Details CVEID:CVE-2024-47175 DESCRIPTION: OpenPrinting libppd could allow a remote attacker to execute arbitrary command on the system, caused by the failure to...