Important: Red Hat Security Advisory: Red Hat Ceph Storage

A new version of Red Hat build of Ceph Storage has been released The Red Hat Storage Ceph container images are based on the latest ubi9 base image and Ceph 7.1. This release updates to the latest version...

PT-2025-46575

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 142.0.7444.166 Chromium versions prior to 142.0.7444.162-1deb12u1 Debian bookworm Chromium versions prior to 142.0.7444.162-1deb13u1 Debian trixie Chromium versions prior to 142.0.7444.162-alt0.p11.1 Description...

Fedora 41 : wireshark (2025-54df0e65ea)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-54df0e65ea advisory. New version 4.6.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...

Tenda AC18 newVersion Parameter Stack Buffer Overflow Vulnerability

Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 has a stack buffer overflow vulnerability, which originates from the parameter newVersion in the file /goform/setNotUpgrade fails to correct...

EUVD-2023-0391

Malicious code in bioql PyPI...

EUVD-2025-26263

Malicious code in bioql PyPI...

CVE-2025-9716

A vulnerability was determined in O2OA up to 10.0-410. Affected by this vulnerability is an unknown functionality of the file /xprocessplatformassembledesigner/jaxrs/form of the component Personal Profile Page. This manipulation of the argument name/alias/description causes cross site scripting...

CVE-2025-9737

A vulnerability was detected in O2OA up to 10.0-410. Affected is an unknown function of the file /xqueryassembledesigner/jaxrs/importmodel of the component Personal Profile Page. Performing manipulation of the argument description/applicationName/queryName results in cross site scripting. Remote...

CVE-2025-9736 O2OA Personal Profile statement cross site scripting

A security vulnerability has been detected in O2OA up to 10.0-410. This impacts an unknown function of the file /xqueryassembledesigner/jaxrs/statement of the component Personal Profile Page. Such manipulation of the argument description/queryName leads to cross site scripting. The attack may be...

CVE-2025-9735 O2OA Personal Profile table cross site scripting

A weakness has been identified in O2OA up to 10.0-410. This affects an unknown function of the file /xqueryassembledesigner/jaxrs/table of the component Personal Profile Page. This manipulation of the argument description/applicationName/queryName causes cross site scripting. The attack may be...

CVE-2025-9735 O2OA Personal Profile table cross site scripting

A weakness has been identified in O2OA up to 10.0-410. This affects an unknown function of the file /xqueryassembledesigner/jaxrs/table of the component Personal Profile Page. This manipulation of the argument description/applicationName/queryName causes cross site scripting. The attack may be...

CVE-2025-9734

A security flaw has been discovered in O2OA up to 10.0-410. The impacted element is an unknown function of the file /xqueryassembledesigner/jaxrs/stat of the component Personal Profile Page. The manipulation of the argument name/alias/description/applicationName results in cross site scripting. T...

CVE-2025-9716

A vulnerability was determined in O2OA up to 10.0-410. Affected by this vulnerability is an unknown functionality of the file /xprocessplatformassembledesigner/jaxrs/form of the component Personal Profile Page. This manipulation of the argument name/alias/description causes cross site scripting...

PT-2025-35417

Name of the Vulnerable Software and Affected Versions: O2OA versions up to 10.0-410 Description: A security issue has been identified in O2OA that allows for cross site scripting. The issue impacts an unknown function within the /x query assemble designer/jaxrs/statement file of the Personal...

CVE-2025-9683

A vulnerability was found in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /xcmsassemblecontrol/jaxrs/form of the component Personal Profile Page. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit has been ma...

CVE-2025-9683 O2OA Personal Profile form cross site scripting

A vulnerability was found in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /xcmsassemblecontrol/jaxrs/form of the component Personal Profile Page. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit has been ma...

CVE-2025-9682 O2OA Personal Profile appdict cross site scripting

A vulnerability has been found in O2OA up to 10.0-410. Affected by this vulnerability is an unknown functionality of the file /xcmsassemblecontrol/jaxrs/design/appdict of the component Personal Profile Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The...

CVE-2025-9681

The CVE-2025-9681 vulnerability affects the O2OA platform, specifically the Personal Profile Page component, within the /x_program_center/jaxrs/agent file. The flaw is triggered by manipulation of an unknown function, enabling cross-site scripting and allowing a remote attacker to exploit the iss...

PT-2025-35348

Name of the Vulnerable Software and Affected Versions: O2OA versions up to 10.0-410 Description: A flaw exists in O2OA, potentially leading to cross site scripting. The issue affects an unknown function within the /x program center/jaxrs/agent file of the Personal Profile Page component. The atta...

PT-2025-35352

Name of the Vulnerable Software and Affected Versions: O2OA versions up to 10.0-410 Description: A cross site scripting issue exists in O2OA up to version 10.0-410. The issue is related to an unknown functionality within the file /x cms assemble control/jaxrs/form of the Personal Profile Page...