351 matches found
CVE-2025-32739
Improper conditions check in some firmware for some IntelR Graphics Drivers and Intel LTS kernels within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable denial of service. This resul...
Ubuntu 22.04 LTS / 25.10 : .NET vulnerability (USN-8025-1)
The remote Ubuntu 22.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8025-1 advisory. Kevin Jones discovered that the System.Security.Cryptography.Cose component in .NET did not properly handle certain missing special elements in input data...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : ImageMagick vulnerability (USN-8021-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8021-1 advisory. Benny Isaacs discovered that ImageMagick did not properly manage memory when processing certain image...
Debian dla-4474 : librlottie-dev - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4474 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4474-1 [email protected]...
Cube Core is vulnerable to Denial of Service (DoS) via crafted request
Impact It is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. Affected Versions: = 1.1.17 Mitigation: Upgrade to a patched version: - 1.5.13 and later regular release - 1.4.2 active LTS release References The issue was reported by...
[SECURITY] [DLA 4472-1] sudo security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4472-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès February 06, 2026 https://wiki.debian.org/LTS -...
CVE-2025-13491
IBM App Connect Enterprise Certified Container CD: 11.2.0 through 11.6.0, 12.1.0 through 12.19.0 and 12.0 LTS: 12.0.0 through 12.0.19 could allow an attacker to access sensitive files or modify configurations due to an untrusted search path...
CVE-2025-13491 IBM App Connect Enterprise Certified Container Information Disclosure
IBM App Connect Enterprise Certified Container CD: 11.2.0 through 11.6.0, 12.1.0 through 12.19.0 and 12.0 LTS: 12.0.0 through 12.0.19 could allow an attacker to access sensitive files or modify configurations due to an untrusted search path...
CVE-2025-13491 IBM App Connect Enterprise Certified Container Information Disclosure
IBM App Connect Enterprise Certified Container CD: 11.2.0 through 11.6.0, 12.1.0 through 12.19.0 and 12.0 LTS: 12.0.0 through 12.0.19 could allow an attacker to access sensitive files or modify configurations due to an untrusted search path...
EUVD-2025-206870
IBM App Connect Enterprise Certified Container up to 12.19.0 Continuous Delivery and 12.0 LTS Long Term Support could allow an attacker to access sensitive files or modify configurations due to an untrusted search path...
CVE-2026-25523
Magento-lts is a long-term support alternative to Magento Community Edition CE. Prior to version 20.16.1, the admin url can be discovered without prior knowledge of it's location by exploiting the X-Original-Url header on some configurations. This issue has been patched in version 20.16.1...
CVE-2026-25523 Magento's X-Original-Url header can expose admin url
Magento-lts is a long-term support alternative to Magento Community Edition CE. Prior to version 20.16.1, the admin url can be discovered without prior knowledge of it's location by exploiting the X-Original-Url header on some configurations. This issue has been patched in version 20.16.1...
EUVD-2026-5330
Magento-lts is a long-term support alternative to Magento Community Edition CE. Prior to version 20.16.1, the admin url can be discovered without prior knowledge of it's location by exploiting the X-Original-Url header on some configurations. This issue has been patched in version 20.16.1...
magento-lts 信息泄露漏洞
Magento-LTS is an open-source alternative to OpenMage, designed as a reliable substitute for the official Magento CE version. Versions of Magento-LTS prior to 20.16.1 contained an information leakage vulnerability. This vulnerability stemmed from the ability to exploit the X-Original-Url header...
[SECURITY] [DLA 4465-1] clamav new upstream version
------------------------------------------------------------------------- Debian LTS Advisory DLA-4465-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort February 03, 2026 https://wiki.debian.org/LTS -...
OpenSSL Toolkit 3.5.5
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. This is the 3.5 LTS release...
[SECURITY] [DLA 4443-1] dcmtk security update
Debian LTS Advisory DLA-4443-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany January 19, 2026 https://wiki.debian.org/LTS Package : dcmtk Version : 3.6.5-1+deb11u6 CVE ID : CVE-2025-14607 CVE-2025-14841 Debian Bug : 1122926 1123584 Two vulnerabilities have been...
CVE-2026-23525
1Panel is an open-source, web-based control panel for Linux server management. A stored Cross-Site Scripting XSS vulnerability exists in the 1Panel App Store when viewing application details. Malicious scripts can execute in the context of the user’s browser, potentially compromising session data...
TYPO3 CMS Allows Broken Access Control in Edit Document Controller
Problem By exploiting the defVals parameter, attackers could bypass field‑level access checks during record creation in the TYPO3 backend. This gave them the ability to insert arbitrary data into prohibited exclude fields of a database table for which the user already has write permission for a...
Dell PowerProtect Data Domain 操作系统命令注入漏洞
Dell PowerProtect Data Domain Dell PowerProtect DD is a suite of hardware appliances for data protection, backup, storage, and deduplication from Dell, USA. The Dell PowerProtect Data Domain suffers from an operating system command injection vulnerability that originates from improper...