Linux Distros Unpatched Vulnerability : CVE-2022-30768

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Stored Cross Site Scripting XSS issue in ZoneMinder 1.36.12 allows an attacker to execute HTML or JavaScript code via the Username field when an Admin or...

Linux Distros Unpatched Vulnerability : CVE-2022-42890

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics...

Linux Distros Unpatched Vulnerability : CVE-2017-12871

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the...

QNAP File Station 5 代码问题漏洞

QNAP Systems File Station 5威联通QNAP presents a file management application for browsing, uploading, downloading and managing files and folders stored on NAS devices, remote servers or external storage devices. A null pointer dereference vulnerability exists in QNAP Systems File Station 5, which ca...

Google Sign-In for Rails allowed redirect to protocol-relative URI

Summary It is possible to redirect a user to another origin if the "proceedto" value in the session store is set to a protocol-relative URL. Details The googlesignin gem persists an optional URL for redirection after authentication. If this URL is set to a protocol-relative URL, it improperly...

GHSA-CXM3-WV7P-598C Malicious versions of Nx were published

Summary Malicious versions of the nx package, as well as some supporting plugin packages, were published to npm, containing code that scans the file system, collects credentials, and posts them to GitHub as a repo under user's accounts. Immediate Actions Required For all users, check if you were...

Linux Distros Unpatched Vulnerability : CVE-2018-16468

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. CVE-2018-16468 Note...

Linux Distros Unpatched Vulnerability : CVE-2023-40032

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libvips is a demand-driven, horizontally threaded image processing library. A specially crafted SVG input can cause libvips versions 8.14.3 or earlier to segfau...

Linux Distros Unpatched Vulnerability : CVE-2020-25789

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. The cachedurl feature mishandles JavaScript inside an SVG document. CVE-2020-25789 Note...

Linux Distros Unpatched Vulnerability : CVE-2021-44118

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP 4.0.0 is affected by a Cross Site Scripting XSS vulnerability. To exploit the vulnerability, a visitor must browse to a malicious SVG file. The vulnerabili...

CVE-2025-9389

A vulnerability was identified in vim 9.1.0000. Affected is the function memmoveavxunalignederms of the file memmove-vec-unaligned-erms.S. The manipulation leads to memory corruption. The attack needs to be performed locally. The exploit is publicly available and might be used. Some users are not...

DEBIAN-CVE-2025-54462

A heap-based buffer overflow vulnerability exists in the Nex parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch 35a819fa. A specially crafted .nex file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2025-54300

A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. The SVG upload feature does not sanitize uploads...

CVE-2025-54300

CVE-2025-54300 affects the Quantum Manager component for Joomla, versions 1.0.0–3.2.0. The root cause is an unsanitized SVG upload mechanism that allows stored XSS. The CVSS 4.0 vector indicates Network access, high impact on confidentiality and availability, and user interaction not required but...

Security update for libqt4

This update for libqt4 fixes the following issues: CVE-2021-45930: Fixed out-of-bounds write leading to DoS bsc1196654 CVE-2023-32573: Fixed missing initialization of QtSvg QSvgFont munitsPerEm bsc1211298 CVE-2023-32763: Fixed buffer overflow on QTextLayout during rendering of an SVG file with an...

FFmpeg 代码问题漏洞

FFmpeg is a complete solution for recording, converting, and streaming audio and video from the FFmpeg team. A code issue vulnerability exists in FFmpeg that originates from an attacker being able to force a null pointer to be dereferenced, potentially resulting in a denial of service...

PT-2025-34597 · Joomla +1 · Joomla! +1

Name of the Vulnerable Software and Affected Versions: Quantum Manager versions 1.0.0 through 3.2.0 Description: A stored cross-site scripting XSS issue was identified in the Quantum Manager component for Joomla. The SVG upload feature does not properly sanitize uploaded files, allowing for the...

Linux Distros Unpatched Vulnerability : CVE-2017-6820

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rcubeutils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets CSS...

Linux Distros Unpatched Vulnerability : CVE-2017-3225

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's u...

Linux Distros Unpatched Vulnerability : CVE-2018-6561

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element. CVE-2018-6561 Note that Nessus relies on the presence of the package as...