EUVD-2023-29142

Malicious code in bioql PyPI...

EUVD-2023-57718

Malicious code in bioql PyPI...

EUVD-2022-41782

Malicious code in bioql PyPI...

CVE-2025-39801 affecting package kernel for versions less than 6.6.104.2-1

CVE-2025-39801 affecting package kernel for versions less than 6.6.104.2-1. An upgraded version of the package is available that resolves this issue...

CVE-2025-38471 affecting package kernel for versions less than 6.6.104.2-1

CVE-2025-38471 affecting package kernel for versions less than 6.6.104.2-1. An upgraded version of the package is available that resolves this issue...

CVE-2025-57902

Cross-Site Request Forgery CSRF vulnerability in Md Taufiqur Rahman RIS Version Switcher – Downgrade or Upgrade WP Versions Easily ris-version-switcher allows Cross Site Request Forgery.This issue affects RIS Version Switcher – Downgrade or Upgrade WP Versions Easily: from n/a through = 1.0...

PT-2025-38983

Name of the Vulnerable Software and Affected Versions BunnyPad versions prior to 11.0.27000.0915 Description BunnyPad, a note-taking software, is susceptible to a buffer overflow when opening files that are 20MB or larger. The issue was addressed with the release of version 11.0.27000.0915...

Security Bulletin: Hive creates a credentials file to a temporary directory in the file system with permissions 644 by default when the file permissions are not set explicitly, which affects IBM watsonx.data

Summary Hive creates a credentials file to a temporary directory in the file system with permissions 644 by default when the file permissions are not set explicitly. Any unauthorized user having access to the directory can read the sensitive information written into this file. These can affect...

Linux Distros Unpatched Vulnerability : CVE-2020-15133

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In faye-websocket before version 0.11.0, there is a lack of certification validation in TLS handshakes. The Faye::WebSocket::Client class uses the...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.12.79 security and extras update

Red Hat OpenShift Container Platform release 4.12.79 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of...

Security Bulletin: IBM Cloud Pak System is vulnerable to HTML injection[CVE-2023-38007].

Summary IBM Cloud Pak System is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. Vulnerability was addressed in IBM Cloud Pak System. Vulnerability...

Untrusted Search Path

Overview Affected versions of this package are vulnerable to Untrusted Search Path. An attacker can achieve remote code execution by planting malicious files on the victim's system, with knowledge of where they should be placed, then tricking a user to run these files. Remediation Upgrade...

UBUNTU-CVE-2025-49128

Jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. Starting in version 2.0.0 and prior to version 2.13.0, a flaw in jackson-core's JsonLocation.appendSourceDesc method allows up to 500 bytes of unintended memory content t...

CVE-2023-24480

Controller DoS due to stack overflow when decoding a message from the server. See Honeywell Security Notification for recommendations on upgrading and versioning...

CVE-2017-20188

A vulnerability has been found in Zimbra zm-ajax up to 8.8.1 and classified as problematic. Affected by this vulnerability is the function XFormItem.prototype.setError of the file WebRoot/js/ajax/dwt/xforms/XFormItem.js. The manipulation of the argument message leads to cross site scripting. The...

Security Bulletin: Vulnerability in Werkzeug affects IBM Cloud Pak for Data System 1.0(CPDS 1.0)[CVE-2023-46136].

Summary The Werkzeug package is used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE CVE-2023-46136. Vulnerability Details CVEID:CVE-2023-46136 DESCRIPTION: Pallets Werkzeug is vulnerable to a denial of service, caused by a flaw when parsin...

Cross-site Request Forgery (CSRF)

Overview concrete5/concrete5 is a concrete5 open source CMS. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the formatWithoutCountry function, which does not sanitize the address attribute. A user with the ability to fill in an address attribute can modify...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.18.6 packages and security update

Red Hat OpenShift Container Platform release 4.18.6 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a...

PHP 8.4.x < 8.4.5 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.4.5. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.4.5 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.17.20 bug fix and security update

Red Hat OpenShift Container Platform release 4.17.20 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a...