198 matches found
ROOT-OS-UBUNTU-2404-CVE-2025-71192 CVE-2025-71192 in rootio-linux - Patched by Root
Root has patched CVE-2025-71192 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
EUVD-2026-33550
An incorrect handling of permissions in OTRS External Interface and the ConfigItem List module allows an authenticated customer to query the system for CI information. Please note that CMDB has to be anabled and CustomerGroupSupport has to be used to be affected. This issue affects OTRS: 7.0.X...
RHCOS 4 : OpenShift Container Platform 4.18.25 (RHSA-2025:16729)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:16729 advisory. - podman: Build Context Bind Mount CVE-2025-4953 Note that Nessus has not tested for this issue but has instead relied only on the...
Oracle Linux 8 : libxml2 (ELSA-2026-11349)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-11349 advisory. - Fix CVE-2025-9714 RHEL-119279 - Fix CVE-2025-32415 RHEL-100177 - Fix CVE-2025-7425 RHEL-102797 - Fix CVE-2025-6021 RHEL-96498 - Fix CVE-2025-49794 RHEL-96398...
OTRS 安全漏洞
OTRS is a service management solution developed by the German company OTRS. There is a security vulnerability in OTRS, which stems from an issue with the SQL Box component where resource consumption is uncontrolled, potentially leading to denial-of-service attacks against web servers. The followi...
CVE-2025-14716
creationtimestamp| type| source ---|---|--- 2026-03-19 10:16:14+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2025-14716 2026-03-19 12:28:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhfytvmznw2v...
CVE-2025-71120
creationtimestamp| type| source ---|---|--- 2026-03-19 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/ 2026-04-02 17:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0397/ 2026-04-07 18:00:00+00:00| seen|...
CVE-2025-58402
creationtimestamp| type| source ---|---|--- 2026-03-02 10:55:00+00:00| seen| https://cert.pl/en/posts/2026/03/CVE-2025-10350/ 2026-03-02 12:04:23+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mg37lmhd7v2z...
CVE-2026-2636 Denial of Service in Microsoft OS
This vulnerability is caused by a CWE‑159: "Improper Handling of Invalid Use of Special Elements" weakness, which leads to an unrecoverable inconsistency in the CLFS.sys driver. This condition forces a call to the KeBugCheckEx function, allowing an unprivileged user to trigger a system crash...
CVE-2025-71222
A flaw was found in the Linux kernel's wifi: wlcore component. A local attacker with low privileges could exploit a vulnerability related to insufficient skb socket buffer headroom before a skbpush operation within the wl1271txwork function. This could lead to an skbunderpanic kernel panic,...
CLSA-2026-1769506798 cups: Fix of CVE-2025-58436
CVE-2025-58436: fix issue where slow messages could delay cupsd...
Oracle Linux 9 : postgresql (ELSA-2026-0491)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-0491 advisory. - Resolves: RHEL-128812 CVE-2025-12818 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note tha...
Medium: nodejs24
Issue Overview: Use after free due to connection being cleaned up after error CVE-2025-62408 Affected Packages: nodejs24 Issue Correction: Run dnf update nodejs24 --releasever 2023.10.20260105 or dnf update --advisory ALAS2023-2025-1348 --releasever 2023.10.20260105 to update your system. More...
EUVD-2025-205170
In the Linux kernel, the following vulnerability has been resolved: USB: gadget: Fix use-after-free during usb config switch In the process of switching USB config from rndis to other config, if the hardware does not support the -pullup callback, or the hardware encounters a low probability fault...
EUVD-2025-204720
In the Linux kernel, the following vulnerability has been resolved: iio: accel: bmc150: Fix irq assumption regression The code in bmc150-accel-core.c unconditionally calls bmc150accelsetinterrupt in the iiobuffersetupops, such as on the runtime PM resume path giving a kernel splat like this if th...
EUVD-2025-204636
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.0 via the ajaxgetmembers function. This is due to the use of a...
CVE-2025-64468 Use-after-Free in sentry!sentry_span_set_data() in NI LabVIEW
There is a use-after-free vulnerability in sentry!sentryspansetdata when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability...
EUVD-2025-202883
In trustyffamemreclaim of shared-mem-smcall.c, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-55307
An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. Opening a malicious PDF containing a crafted JavaScript call to search.query with a crafted cDIPath parameter e.g., "/" may cause an out-of-bounds read in internal path-parsing logic, potentially leadi...
CVE-2025-62555 Microsoft Word Remote Code Execution Vulnerability
...