37 matches found
CVE-2026-46518
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.1, a stored cross-site scripting vulnerability in the prescription CSS/HTML multi-print feature allows a patient portal user to execute arbitrary JavaScript in a...
EUVD-2026-35869
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.1, a stored cross-site scripting vulnerability in the prescription CSS/HTML multi-print feature allows a patient portal user to execute arbitrary JavaScript in a...
CVE-2026-46518
OpenEMR vulnerability CVE-2026-46518: a stored XSS in the prescription CSS/HTML multi-print feature affects OpenEMR prior to version 8.0.0.1. A patient portal user can inject attacker-controlled HTML into patient_data via PUT /api/patient/:num and trigger JavaScript execution in a clinician’s bro...
PT-2026-48297
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.1, a stored cross-site scripting vulnerability in the prescription CSS/HTML multi-print feature allows a patient portal user to execute arbitrary JavaScript in a...
Security update for mariadb
This update for mariadb fixes the following issues: Security fixes: CVE-2026-3494: audit plugin comment handling bypass bsc1259176. CVE-2026-44168: wsrep SST unsafe parameter handling on the donor side bsc1266442. CVE-2026-44170: argument injection in CONNECT REST Xcurl on Windows via unsanitized...
CVE-2026-8477
Improper enforcement of the sealed-entry workflow in the entry sensitive-data retrieval feature in Devolutions Server allows an authenticated user with access to a sealed entry to retrieve its sensitive data without triggering the unseal audit notification via a crafted API request. This issue...
MAL-2026-4673 Malicious code in sparkecoder (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4e17b053b29d371301e49a703b1b6d2fba5631df4bf7b6926503a6b8bb82257 package.json declares a postinstall hook: "npm install -g agent-browser 2/dev/null || true; agent-browser install 2/dev/null || true". On npm install...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Audit: Added missing syscalls to the read class. The “at” variant of getxattr and listxattr are missing from the audit read class. Calling getxattrat or listxattrat on a file to read its extended attributes will bypass audit rule...
cpython: CPython: Logging Bypass in Legacy .pyc File Handling
A flaw was found in CPython. This vulnerability allows a local user with low privileges to bypass security auditing mechanisms. The issue occurs because the SourcelessFileLoader component, responsible for handling older Python compiled files .pyc, does not properly trigger system audit events. Th...
cpython: CPython: Logging Bypass in Legacy .pyc File Handling
A flaw was found in CPython. This vulnerability allows a local user with low privileges to bypass security auditing mechanisms. The issue occurs because the SourcelessFileLoader component, responsible for handling older Python compiled files .pyc, does not properly trigger system audit events. Th...
EUVD-2026-12556
In the Linux kernel, the following vulnerability has been resolved: audit: add missing syscalls to read class The "at" variant of getxattr and listxattr are missing from the audit read class. Calling getxattrat or listxattrat on a file to read its extended attributes will bypass audit rules such...
CVE-2026-23241 audit: add missing syscalls to read class
In the Linux kernel, the following vulnerability has been resolved: audit: add missing syscalls to read class The "at" variant of getxattr and listxattr are missing from the audit read class. Calling getxattrat or listxattrat on a file to read its extended attributes will bypass audit rules such...
CVE-2026-23241
CVE-2026-23241 affects the Linux kernel audit subsystem: the read class was missing getxattrat()/listxattrat() syscalls, enabling bypass of audit rules (e.g., -w /tmp/test -p rwa). Upstream patches add the missing syscalls to the audit read class. Connected OSV entries report Root:Ubuntu-24.04 an...
CVE-2025-71239
In the Linux kernel, the following vulnerability has been resolved: audit: add fchmodat2 to change attributes class fchmodat2, introduced in version 6.6 is currently not in the change attribute class of audit. Calling fchmodat2 to change a file attribute in the same fashion than chmod or fchmodat...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fchmodat2 function not being included in the audit change attributes class. This could lead t...
MiracleLinux 3 : kernel-2.6.18-53.23AXS3 (AXSA:2009-61:05)
The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2009-61:05 advisory. The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic functions of the operating...
EUVD-2025-24037
Malicious code in bioql PyPI...
CVE-2025-54997 OpenBao: Privileged Operator May Execute Code on the Underlying Host
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, some OpenBao deployments intentionally limit privileged API operators from executing system code or making network connections...
CVE-2025-54997 OpenBao: Privileged Operator May Execute Code on the Underlying Host
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, some OpenBao deployments intentionally limit privileged API operators from executing system code or making network connections...
CVE-2024-1887
Mattermost fails to check if compliance export is enabled when fetching posts of public channels allowing a user that is not a member of the public channel to fetch the posts, which will not be audited in the compliance export...