The vulnerability of the organization’s software and management tools for personal and corporate notes in Notes Station, when used with QNAP network storage devices. This vulnerability stems from the lack of authenticity verification for a critical function, allowing attackers to execute arbitrary code.

The vulnerability of the organization’s software for managing personal and corporate notes in Notes Station, when used with QNAP network storage systems, stems from the lack of authenticity verification for a critical function. Exploiting this vulnerability could allow an attacker operating...

openSUSE Security Advisory (SUSE-SU-2024:1403-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.1.9 on RHEL 7 (RHSA-2025:1746)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:1746 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

Malicious code in sample-notes-application (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain...

MAL-2025-1544 Malicious code in sample-notes-application (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain...

Medium: harfbuzz

Issue Overview: HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hbcairoglyphsfrombuffer function. CVE-2024-56732 Affected Packages: harfbuzz Issue Correction: Run dnf update harfbuzz --releasever 2023.6.20250218 or dnf update...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.16.35 security update

Red Hat OpenShift Container Platform release 4.16.35 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...

New XCSSET Malware Variant Targeting macOS Notes App and Wallets

Microsoft warns Apple developers about a new XCSSET malware variant targeting macOS, posing security risks through stealthy infections…...

Vulnerability-learning

It is an offensive tool for web application security. The reposi...

Azure Linux 3.0 Security Update: postgresql (CVE-2024-4317)

The version of postgresql installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-4317 advisory. - Missing authorization in PostgreSQL built-in views pgstatsext and pgstatsextexprs allows an unprivileged...

Important: Red Hat Security Advisory: Gatekeeper v3.14.3

Gatekeeper v3.14.3 Gatekeeper is a validating webhook with auditing capabilities that can enforce custom resource definition-based policies that are run with the Open Policy Agent OPA. Gatekeeper is supported through a Red Hat Advanced Cluster Management for Kubernetes subscription. Red Hat Produ...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: bpf: Zero the value of ARGPTRTOLONG,INT in cases of errors. For all non-tracing helpers that previously had ARGPTRTOLONG,INT as input arguments, the value is set to zero in cases of errors. This prevents a potential memory leak...

Mageia: Security Advisory (MGASA-2025-0045)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-24028

Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by differences between how Joplin's HTML sanitizer handles comments and how the browser handles comments. This affects both the Rich Tex...

PT-2025-6010 · Joplin · Joplin

Name of the Vulnerable Software and Affected Versions: Joplin versions prior to 3.2.12 Description: This issue is caused by differences between how Joplin's HTML sanitizer handles comments and how the browser handles comments, affecting both the Rich Text Editor and the Markdown viewer. However,...

CVE-2024-34660

Heap-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code...

CVE-2024-34656

Path traversal in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code...

CVE-2024-49362

Joplin is a free, open source note taking and to-do application. Joplin-desktop has a vulnerability that leads to remote code execution RCE when a user clicks on an link within untrusted notes. The issue arises due to insufficient sanitization of tag attributes introduced by the Mermaid. This...

Important: python-virtualenv

Issue Overview: virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287. CVE-2024-53899 Affected Packages: python-virtualenv Issue...

SUSE-SU-2025:20013-1 Security update for podman

This update for podman fixes the following issues: - CVE-2024-6104: Fixed dependency issue with go-retryablehttp: url might write sensitive information to log file bsc1227052. - Update to version 4.9.5: Bump to v4.9.5 Update release notes for v4.9.5 fix "concurrent map writes" in network ls compa...