SUSE SLES15 Security Update : valkey (SUSE-SU-2026:1949-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1949-1 advisory. This update for valkey fixes the following issues - CVE-2026-23479: use-after-free in unblock client flow may lead to remote code...

Security update for valkey

This update for valkey fixes the following issues CVE-2026-23479: use-after-free in unblock client flow may lead to remote code execution bsc1264164. CVE-2026-23631: Lua use-after-free via the master-replica synchronization mechanism may lead to remote code execution bsc1264165. CVE-2026-25243:...

CVE-2026-23479 affecting package valkey for versions less than 8.0.9-1

CVE-2026-23479 affecting package valkey for versions less than 8.0.9-1. A patched version of the package is available...

RHSA-2025:17317 Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.9 security update

Bulletin has no description...

Linux Distros Unpatched Vulnerability : CVE-2020-1778

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When OTRS uses multiple backends for user authentication with LDAP, agents are able to login even if the account is set to invalid. This issue affects OTRS; 8.0...

CVE-2025-1530

The Tripetto plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.0.9. This is due to missing nonce validation. This makes it possible for unauthenticated attackers to delete arbitrary results via a forged request granted they can trick a site...

WordPress plugin Tripetto 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site reques...

.NET 8.0 security update

8.0.110-1.0.1 - Add support for Oracle Linux 8.0.110-1 - Update to .NET SDK 8.0.110 and Runtime 8.0.10 - Resolves: RHEL-60800 8.0.109-1 - Update to .NET SDK 8.0.109 and Runtime 8.0.9 - Resolves: RHEL-56679...

Ai3 QbiBot 跨站脚本漏洞

Ai3 QbiBot is an intelligent customer service from the Chinese company Ai3. Ai3 QbiBot v8.0.9.b1 and prior versions suffer from a cross-site scripting vulnerability that originates from not properly filtering user input, allowing an unauthenticated, remote attacker to insert JavaScript code into...

SUSE CVE-2020-1778

When OTRS uses multiple backends for user authentication with LDAP, agents are able to login even if the account is set to invalid. This issue affects OTRS; 8.0.9 and prior versions...

WordPress Quiz And Survey Master 8.0.8 Media Deletion Vulnerability

WordPress Quiz and Survey Master plugin versions 8.0.8 and below suffer from a missing authentication vulnerability that allows an attacker to delete media from the WordPress instance. 1. ADVISORY INFORMATION ======================= Product: Quiz And Survey Master Vendor URL:...

WordPress Quiz And Survey Master 8.0.8 Cross Site Request Forgery Vulnerability

WordPress Quiz and Survey Master plugin versions 8.0.8 and below suffer from a cross site request forgery vulnerability. 1. ADVISORY INFORMATION ======================= Product: Quiz And Survey Master Vendor URL: https://wordpress.org/plugins/quiz-master-next/ Type: Cross-Site Request Forgery CSR...

CVE-2020-1778 Bypassing user account validation

When OTRS uses multiple backends for user authentication with LDAP, agents are able to login even if the account is set to invalid. This issue affects OTRS; 8.0.9 and prior versions...

Oracle Financial Services Applications Financial Services Data Foundation Unauthorized Operation Vulnerability

Oracle Financial Services Applications is a suite of financial services software from Oracle USA. The product includes core banking, online banking and property management. A security vulnerability exists in the User Interface component of Financial Services Data Foundation versions 8.0.6 through...

CVE-2020-2964

Vulnerability in the Oracle Financial Services Data Foundation product of Oracle Financial Services Applications component: User Interface. Supported versions that are affected are 8.0.6 - 8.0.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

Synacor Zimbra Collaboration Operating System Command Injection Vulnerability

Synacor Zimbra Collaboration Suite ZCS is an open source collaboration suite from Synacor, USA. The product includes WebMail, Calendar, Address Book and more. An operating system command injection vulnerability exists in Synacor Zimbra Collaboration versions prior to 8.0.9. The vulnerability stem...

CVE-2018-9335

The PAN-OS session browser in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML...

CVE-2018-9242

The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier may allow an attacker to delete files in the system via specific request parameters...

Local Privilege Escalation in Management Web Interface

A vulnerability exists in the Management web interface that could allow local privilege escalation. The Management web interface does not properly validate specific request parameters, which can potentially allow deletion of files in the system. Ref. PAN-90954; CVE-2018-9242 Successful exploitati...

ownCloud 8.0.x < 8.0.9, 8.1.x < 8.1.4 Path Disclosure Vulnerability - Linux

ownCloud is prone to path disclosure vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:owncloud:owncloud";...