Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: check if the new fence is really later CVE-2022-49935 In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix doregisterframebuffer to prevent null-ptr-deref in...

Malicious code in npm-suite-extras (npm)

The package npm-suite-extras was found to contain malicious code...

MAL-2025-27846 Malicious code in npm-suite-extras (npm)

The package npm-suite-extras was found to contain malicious code...

Linux Distros Unpatched Vulnerability : CVE-2020-12755

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the...

GHSA-CX25-XG7C-XFM5 Apache Struts Extras Before 2 has an Improper Output Neutralization for Logs Vulnerability

UNSUPPORTED WHEN ASSIGNED Improper Output Neutralization for Logs vulnerability in Apache Struts. This issue affects Apache Struts Extras: before 2. When using LookupDispatchAction, in some cases, Struts may print untrusted input to the logs without any filtering. Specially-crafted input may lead...

Improper Output Neutralization for Logs

Overview Affected versions of this package are vulnerable to Improper Output Neutralization for Logs via the LookupDispatchAction function. An attacker can manipulate log output by submitting specially crafted input, causing parts of the log message to appear as separate log lines and potentially...

br.net.woodstock.rockframework:rockframework-struts (>=2.0.0 <=2.0.8), br.net.woodstock.rockframework:rockframework-web (>=1.2.1 <=3.0.1) +25 more potentially affected by CVE-2025-54656 via org.apache.struts:struts-extras (>=1.3.10 <=1.3.8)

org.apache.struts:struts-extras MAVEN version =1.3.10, =2.0.0, =1.2.1, =0.4.5, =0.4.5, =0.4.5, =0.4.5, =0.4.5, =0.4.5, =0.4.5, =0.4.5, =0.4.5, =2.1.1, =3.0-beta-1, =3.0.0 and more Source cves: CVE-2025-54656 Source advisory: SNYK:JAVA-ORGAPACHESTRUTS-11502096...

CVE-2025-54656

UNSUPPORTED WHEN ASSIGNED Improper Output Neutralization for Logs vulnerability in Apache Struts. This issue affects Apache Struts Extras: before 2. When using LookupDispatchAction, in some cases, Struts may print untrusted input to the logs without any filtering. Specially-crafted input may lead...

Apache Struts Extras 2 安全漏洞

Apache Struts Extras 2 is an extension to the Apache Struts 2 framework from the Apache USA Foundation. A security vulnerability exists in Apache Struts Extras 2 that stems from the possibility of printing untrusted input to the log when using LookupDispatchAction...

Malicious code in adaptivecards-extras (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware faf58ad9cd734c67c84987538bfdc3425df8d975d05eb6ae506699cee00cc69e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-6144 Malicious code in adaptivecards-extras (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware faf58ad9cd734c67c84987538bfdc3425df8d975d05eb6ae506699cee00cc69e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Medium: gimp

Issue Overview: GIMP FLI file parsing out-of-bounds heap overflow. CVE-2025-2761 Affected Packages: gimp Note: This advisory is applicable to Amazon Linux 2 - Gimp Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and AL2...

Medium: soci-snapshotter

Issue Overview: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673 Affected Packages: soci-snapshotter Note: This advisory is applicable to Amazon Linux 2 - Docker Extra. Visit this page to learn more abo...

Important: containerd

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

Low: kernel

Issue Overview: No CVE associated with this advisory Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.15 Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories...

Important: runfinch-finch

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

CVE-2025-24538

Cross-Site Request Forgery CSRF vulnerability in Slava Abakumov BuddyPress Groups Extras buddypress-groups-extras allows Cross Site Request Forgery.This issue affects BuddyPress Groups Extras: from n/a through = 3.6.10...

CVE-2024-3611

The Toolbar Extras for Elementor & More – WordPress Admin Bar Enhanced plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tbex-version' shortcode in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplie...

CVE-2023-32305

aiven-extras is a PostgreSQL extension. Versions prior to 1.1.9 contain a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages missing schema qualifiers on privileged functions called by the...

CVE-2020-9840

In SwiftNIO Extras before 1.4.1, a logic issue was addressed with improved restrictions...