266 matches found
PT-2025-7836 · Wpsoul · Wpsoul Greenshift
Name of the Vulnerable Software and Affected Versions: wpsoul Greenshift versions through 10.8 Description: The issue affects wpsoul Greenshift, allowing Stored XSS due to improper neutralization of input during web page generation. Recommendations: For versions through 10.8, update to a version...
FreeBSD : vscode -- multiple vulnerabilities (cbf5d976-656b-4bb6-805f-3af038e2de3e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the cbf5d976-656b-4bb6-805f-3af038e2de3e advisory. VSCode developers report: The update addresses these issues, including a fix for a security...
Ubuntu 20.04 LTS : Ruby regression (USN-7256-2)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7256-2 advisory. USN-7256-1 fixed vulnerabilities in Ruby. The update introduced a minor regression. This update fixes the problem. We apologize for the inconvenience. Tenable has...
CVE-2025-25193
Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118.Final. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file...
CVE-2024-42348
FOG is a cloning/imaging/rescue suite/inventory management system. FOG Server 1.5.10.41.2 can leak AD username and password when registering a computer. This vulnerability is fixed in 1.5.10.41.3 and 1.6.0-beta.1395...
SUSE: Security Advisory (SUSE-SU-2025:0338-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Advisory (SUSE-SU-2024:4326-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PT-2024-39976 · Unknown · Openharmony
Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 4.1.1 Description: The issue allows a local attacker to cause information leaks through out-of-bounds reads. Recommendations: For OpenHarmony versions prior to 4.1.1, update to a version that contains a fix for...
PT-2024-34979 · Unknown · Bcristopeit Wow Guild Armory Roster
Name of the Vulnerable Software and Affected Versions: bcristopeit WoW Guild Armory Roster versions 0.5.5 and earlier Description: The issue affects the bchristopeit WoW Guild Armory Roster, allowing Stored XSS due to improper neutralization of input during web page generation. This can lead to...
OPENSUSE-SU-2024:0358-1 Security update for qbittorrent
This update for qbittorrent fixes the following issues: - Update to version 5.0.1 fixes boo1232731 CVE-2024-51774 Added features: Add 'Simple pread/pwrite' disk IO type Bug fixes: Don't ignore SSL errors boo1232731 CVE-2024-51774 Don't try to apply Mark-of-the-Web to nonexistent files Disable 'Mo...
PT-2024-29688 · Spotify · Spotify
Name of the Vulnerable Software and Affected Versions: Spotify app version 8.9.58 Description: The issue is related to a buffer overflow in the Spotify app's use of the strcat function. Recommendations: For version 8.9.58, update to a newer version that contains a fix for this issue...
CVE-2024-47815 Cross-site Scripting in IncidentReporting
IncidentReporting is a MediaWiki extension for moving incident reports from wikitext to database tables. There are a variety of Cross-site Scripting issues, though all of them require elevated permissions. Some are available to anyone who has the editincidents right, some are available to those w...
Updated rootcerts nss firefox firefox-l10n packages fix security vulnerabilities
The current versions have reached EOL and several security vulnerabilities were fixed by Mozilla. We are having some issues that are delaying the build for some architectures, so for the moment we are releasing this update just for x8664...
PT-2024-39529 · WordPress · Re:Wp
Name of the Vulnerable Software and Affected Versions: Re:WP plugin for WordPress version 1.0.1 and earlier Description: The Re:WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This makes it...
kernel security update
4.18.0-553.22.110.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...
RHSA-2014:0899 Red Hat Security Advisory: openstack-neutron security, bug fix, and enhancement update
Bulletin has no description...
postgresql:15 security update
pgaudit pgrepack postgres-decoderbufs postgresql 15.8-1 - Update to 15.8 - Fix CVE-2024-7348...
Joomla! URL Validation Vulnerability (20240801)
Joomla! is prone to an inadequate validation of internal URLs vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
nginx -- Vulnerability in the ngx_http_mp4_module
The nginx development team reports: This update fixes the buffer overread vulnerability in the ngxhttpmp4module...
PT-2024-22383 · Azuresoft · Azuresoft Myhorus
Name of the Vulnerable Software and Affected Versions: AzureSoft MyHorus version 4.3.5 Description: A SQL injection issue allows authenticated users to execute arbitrary SQL commands. Recommendations: For AzureSoft MyHorus version 4.3.5, update to a newer version that contains a fix for this issu...