CVE-2026-28840

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.4. An app may be able to gain root privileges...

CVE-2026-28936

CVE-2026-28936 affects Apple platforms and is described as a vulnerability where processing a maliciously crafted file may lead to an unexpected app termination. It has been fixed in multiple updates: iOS 18.7.9 and iPadOS 18.7.9; iOS 26.5 and iPadOS 26.5; macOS Sonoma 14.8.7; macOS Tahoe 26.5; a...

SUSE CVE-2026-31863

Anytype Heart is the middleware library for Anytype. The challenge-based authentication for the local gRPC client API can be bypassed, allowing an attacker to gain access without the 4-digit code. This vulnerability is fixed in anytype-heart 0.48.4, anytype-cli 0.1.11, and Anytype Desktop 0.54.5...

CVE-2026-1198

SIMPLE.ERP is vulnerable to the SQL Injection in search functionality in "Obroty na kontach" window. Lack of input validation allows an authenticated attacker to prepare a malicious query to the database that will be executed. This issue was fixed in [email protected]...

CVE-2025-54146 Qsync Central

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4...

CVE-2025-43322

CVE-2025-43322 is a logic-issue vulnerability affecting macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, and macOS Tahoe 26.1. The issue could allow an app to access user‑sensitive data due to improved checks in the affected components. Apple lists mitigation as the respective OS updates (Sonoma 14.8.2...

SUSE CVE-2025-31206

A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to an unexpected Safari crash...

SUSE SLES12 Security Update : python-WebOb (SUSE-SU-2024:2969-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:2969-1 advisory. - CVE-2024-42353: Fixed open redirect via WebOb's Response object in Location header bsc1229221 Tenable has extracted the preceding...

CVE-2024-27804

The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges...

PT-2024-23590 · Unknown · Ros2 Dashing Diademata

Name of the Vulnerable Software and Affected Versions: ROS2 Dashing Diademata versions 2 Description: A command injection issue has been found, allowing remote attackers to execute arbitrary commands. Recommendations: For ROS2 Dashing Diademata version 2, update to a version that includes a fix f...

CVE-2024-23254

The issue was addressed with improved UI handling. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. A malicious website may exfiltrate audio data cross-origin...

CVE-2023-6021

LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here:...

CVE-2023-32353

A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to elevate privileges...

PT-2022-16212 · Hewlett Packard · Hpe Superdome Flex 280 Server +1

Name of the Vulnerable Software and Affected Versions: HPE Superdome Flex Server versions prior to 3.50.58 HPE Superdome Flex 280 Server versions prior to 1.20.204 Description: A potential security issue has been identified that could allow a user with Administrator access to escalate their...

CVE-2021-36695

Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 2021.1.7 contains a cross-site scripting XSS vulnerability in the download file feature on a manager profile due to lack of input validation...

SUSE: Security Advisory (SUSE-SU-2019:0619-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2017:2142-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2021-27292

ua-parser-js = 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time...

Fedora 26 : git (2017-7ea0e02914)

An issue in git-shell could allow remote users to run an interactive pager. From the update announcement : ... fix a recently disclosed problem with 'git shell', which may allow a user who comes over SSH to run an interactive pager by causing it to spawn 'git upload-pack --help' CVE-2017-8386. Th...

PT-2016-4782 · Cisco · Cisco Firepower Management Center

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Management Center versions 4.10.3 through 5.4.0 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Recommendations: For versions 4.10.3 through 5.4.0...