This Week in Spring - June 2nd, 2026

Hi, Spring fans, and welcome to another momentous installment of This Week in Spring! A lot to get into this week, but let's first take some time to address the meta: where are the May releases? If you read our May 11th post, you know they've been delayed. We wanted to speak a bit more about why ...

Astra Linux – Vulnerability in GhostScript

A vulnerability classified as problematic was discovered in GhostPCL 9.55.0. This vulnerability affects the chunkfreeobject function in the gsmchunk.c file. Manipulation with a malicious file can lead to memory corruption. The attack can be initiated remotely, but requires user interaction. The...

CVE-2026-22721

VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria Operations may leverage this vulnerability to obtain administrative access in VMware Aria Operations. To remediate CVE-2026-22721, apply the patches listed in the 'Fix...

Fortinet Multiple Products Improper Verification of Cryptographic Signature Vulnerability

Fortinet FortiOS, FortiSwitchMaster, FortiProxy, and FortiWeb contain an improper verification of cryptographic signature vulnerability that may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML message. Please be aware that CVE-2025-59719...

Linux Distros Unpatched Vulnerability : CVE-2024-52867

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns e.g., for...

PT-2025-26742

Name of the Vulnerable Software and Affected Versions: Quest KACE Systems Management Appliance SMA versions 13.0.x through 13.0.384 Quest KACE Systems Management Appliance SMA versions 13.1.x through 13.1.80 Quest KACE Systems Management Appliance SMA versions 13.2.x through 13.2.182 Quest KACE...

CVE-2025-41233

Description: VMware AVI Load Balancer contains an authenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the Moderate severity range https://www.broadcom.com/support/vmware-services/security-response with a maximum CVSSv3 base score of 6.8...

PT-2025-17180 · Unknown · Relywp Ai Text To Speech

Name of the Vulnerable Software and Affected Versions: RelyWP AI Text to Speech versions 3.0.3 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For RelyWP AI Text...

Linux Distros Unpatched Vulnerability : CVE-2024-53196

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: arm64: Don't retire aborted MMIO instruction Returning an abort to the guest for an unsupported MMIO access is a documented feature of the KVM UAPI...

Linux Distros Unpatched Vulnerability : CVE-2025-1180

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability classified as problematic has been found in GNU Binutils 2.43. This affects the function bfdelfwritesectionehframe of the file bfd/elf-eh-frame....

PT-2023-9392 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Xen versions affected versions not specified Linux kernel versions affected versions not specified Description: The issue is related to insufficient input validation in the libfsimage component of the Xen hypervisor and Linux kernel. This cou...

Cross-site Scripting (XSS) in Website Settings name field

Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Patches Update to version 10.5.21 or apply this patches manually...

SUSE CVE-2015-5477

named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service REQUIRE assertion failure and daemon exit via TKEY queries...

UBUNTU-CVE-2022-3572

A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions from 13.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the Jira Connect integration which could lead to a reflected XSS that allowed...

main.popinmobile.com Cross Site Scripting vulnerability OBB-1419627

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

[SA14286] Sun Solaris ARP Flooding Denial of Service Vulnerability

TITLE: Sun Solaris ARP Flooding Denial of Service Vulnerability SECUNIA ADVISORY ID: SA14286 VERIFY ADVISORY: http://secunia.com/advisories/14286/ CRITICAL: Less critical IMPACT: DoS WHERE: From local network OPERATING SYSTEM: Sun Solaris 7 http://secunia.com/product/93/ Sun Solaris 8...

[SA12470] Sun Solaris in.named Dynamic Update Denial of Service Vulnerability

TITLE: Sun Solaris in.named Dynamic Update Denial of Service Vulnerability SECUNIA ADVISORY ID: SA12470 VERIFY ADVISORY: http://secunia.com/advisories/12470/ CRITICAL: Not critical IMPACT: DoS WHERE: From remote OPERATING SYSTEM: Sun Solaris 8 http://secunia.com/product/94/ DESCRIPTION: A...

Mandrake Linux Security Advisory : fetchmail (MDKSA-2003:101)

A bug was discovered in fetchmail 6.2.4 where a specially crafted email message can cause fetchmail to crash. Thanks to Nalin Dahyabhai of Red Hat for providing the patch to fix the problem. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugi...

Mozilla Browsers shell: URI Arbitrary Command Execution

The remote host is using Mozilla and/or Firefox, a web browser. The remote version of this software contains a weakness that could allow an attacker to execute arbitrary commands on the remote host. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid12642;...

Multiple FTP Server setproctitle Function Arbitrary Command Execution

The remote FTP server misuses the function setproctitle and may allow an attacker to gain a root shell on this host by logging in as 'anonymous' and providing a carefully crafted format string as its email address. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid11391...