Ubuntu: Security Advisory (USN-7278-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the Xerox Workplace Suite print server, related to the improper use of standard permissions, allows a malicious actor to gain access to read, modify, or delete data.

The vulnerability of the Xerox Workplace Suite print management server is related to the incorrect use of standard permissions. Exploiting this vulnerability can allow an attacker to gain read, modify, or delete access to data remotely...

The vulnerability of the d_status.asp component of the D-Link DIR-816A router’s microprogramming system allows a intruder to gain unauthorized access to protected information.

The vulnerability of the dstatus.asp component of the D-Link DIR-816A2 router’s microprogramming system is related to the disclosure of information. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information through a specially...

Code-Projects Wazifa System 注入漏洞

Wazifa System is a content management system. Wazifa System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the /controllers /control.php file. An attacker can exploit this vulnerability to execute illegal SQL commands t...

The vulnerability of the Java VM component of the Oracle Database Server management system allows a hacker to gain access to read data or modify data.

The vulnerability of the Java VM component of the Oracle Database Server management system is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to gain read access to data or modify data using network packets...

CVE-2024-49797

IBM ApplinX 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques...

PT-2025-5868 · Smartcom Bulgaria Ad · Smartcom Ralink Cpe/Wifi Router

Name of the Vulnerable Software and Affected Versions: Smartcom Bulgaria AD Smartcom Ralink CPE/WiFi router versions SAM-4G1G-TT-W-VC, SAM-4F1F-TT-W-A1 Description: The issue allows a remote attacker to obtain sensitive information via the weak default WiFi password generation algorithm in WiFi...

CVE-2024-6396

A vulnerability in the backuprun function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. The vulnerability arises due to improper handling of the runhash and repo.path parameters, which can be manipulated to create an...

Medium: java-17-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK: 17.0.13,...

The vulnerability of the `ksmbd_vfs_stream_read()` function in the KSMBD daemon of the Linux operating system allows a hacker to disclose protected information and cause service failures.

The vulnerability of the ksmbdvfsstreamread function in the KSMBD daemon of the Linux operating system is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow a remote attacker to disclose sensitive information and cause service failures by...

The vulnerability of the GraphQL Query Handler component of the software platform based on Git, which is used for collaborative code development in GitLab EE/CE, allows a perpetrator to access confidential information.

The vulnerability of the GraphQL Query Handler component in the Git-based software platform, which is used for collaborative code development in GitLab EE/CE, is related to the absence of authentication. Exploiting this vulnerability allows a malicious actor to gain access to confidential...

CVE-2024-51462 IBM QRadar WinCollect Agent data manipulation

IBM QRadar WinCollect Agent 10.0.0 through 10.1.12 could allow a remote attacker to inject XML data into parameter values due to improper input validation of assumed immutable data...

IBM QRadar WinCollect Agent 安全漏洞

IBM QRadar WinCollect Agent is an agent program from International Business Machines IBM that collects and sends Windows event logs. A security vulnerability exists in IBM QRadar WinCollect Agent versions 10.0.0 through 10.1.12, which arises from improper validation of inputs for assumed immutabl...

PT-2025-1134

Name of the Vulnerable Software and Affected Versions Ivanti EPM versions before 2024 January-2025 Security Update Ivanti EPM versions before 2022 SU6 January-2025 Security Update Description The issue is related to an absolute path traversal in Ivanti EPM, which can be exploited by a remote...

CVE-2024-25037

IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser...

CVE-2024-5591

IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system...

The vulnerability of Dell RecoverPoint’s data protection software for virtual machines, related to the use of strictly encrypted credentials, allows attackers to gain unauthorized access to protected information.

The vulnerability of Dell RecoverPoint’s data protection software for virtual machines relates to the use of strictly encrypted authentication credentials. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information remotely...

CVE-2024-49820

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man i...

ansible-core: Unsafe Tagging Bypass via hostvars Object in Ansible-Core

A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playboo...

LightFTP 安全漏洞

LightFTP is a lightweight FTP service by hfiref0x individual developers. A security vulnerability exists in LightFTP version 2.3, which stems from a lack of thread security on the server and can be caused to crash by anomalous data sent by an anonymous user from a remote network...