PT-2026-25615

A vulnerability was detected in myAEDES App up to 1.18.4 on Android. Affected is an unknown function of the file aedes/me/beta/utils/EngageBayUtils.java of the component aedes.me.beta. Performing a manipulation of the argument AUTH KEY results in information disclosure. The attack is only possibl...

Debian dla-4419 : gstreamer1.0-gtk3 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4419 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4419-1 [email protected]...

CVE-2025-64715

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.16.17, 1.17.10, and 1.18.4, CiliumNetworkPolicys which use egress.toGroups.aws.securityGroupsIds to reference AWS security group IDs that do not exist or are not attached to any network...

PT-2025-48349

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.16.17, 1.17.10, and 1.18.4, CiliumNetworkPolicys which use egress.toGroups.aws.securityGroupsIds to reference AWS security group IDs that do not exist or are not attached to any network...

SUSE: Security Advisory (SUSE-SU-2025:03449-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for cairo

This update for cairo fixes the following issues: CVE-2025-50422: Fixed Poppler crash on malformed input bsc1247589 Update to version 1.18.4: The dependency on LZO has been made optional through a build time configuration toggle. You can build Cairo against a Freetype installation that does not...

SUSE-SU-2025:03449-1 Security update for cairo

This update for cairo fixes the following issues: - CVE-2025-50422: Fixed Poppler crash on malformed input bsc1247589 - Update to version 1.18.4: + The dependency on LZO has been made optional through a build time configuration toggle. + You can build Cairo against a Freetype installation that do...

CVE-2025-8778

The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the nitropacksetcompressionajax function in all versions up to, and including, 1.18.4. This makes it possible for authenticated attackers, with Subscriber-level access and...

PT-2025-37019

Name of the Vulnerable Software and Affected Versions: NitroPack versions up to and including 1.18.4 Description: The NitroPack plugin for WordPress is susceptible to unauthorized data modification. This is due to a missing capability check within the nitropack set compression ajax function...

OPENSUSE-SU-2025:15457-1 cairo-devel-1.18.4-3.1 on GA media

These are all security issues fixed in the cairo-devel-1.18.4-3.1 package on the GA media of openSUSE Tumbleweed...

Copyparty 跨站脚本漏洞

Copyparty is a portable file server for ed individual developers. A cross-site scripting vulnerability exists in Copyparty 1.18.4 and earlier versions, which stems from improper cleaning of the multimedia tags of music files and could lead to the execution of arbitrary JavaScript code...

Amazon Linux 2 : gstreamer1-plugins-good, --advisory ALAS2-2025-2776 (ALAS-2025-2776)

The version of gstreamer1-plugins-good installed on the remote host is prior to 1.18.4-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2776 advisory. GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detecte...

Gorush 安全漏洞

Gorush is a push notification server written in Go by Bo-Yi Wu, an individual developer. A security vulnerability exists in Gorush v1.18.4, which stems from the use of a deprecated version of TLS in the RunHTTPServer function. An attacker can use this vulnerability to intercept and manipulate dat...

Debian: Security Advisory (DSA-5445-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DataEase 注入漏洞

DataEase is an open source data visualization and analysis tool. Used to help users quickly analyze data and gain insight into business trends , so as to achieve business improvement and optimization . An injection vulnerability exists in DataEase version 1.18.4 and earlier versions. An attacker...

DataEase 跨站脚本漏洞

DataEase is an open source data visualization and analysis tool. It is used to help users quickly analyze data and gain insights into business trends for business improvement and optimization. A cross-site scripting vulnerability exists in DataEase 1.18.4 and earlier versions that stems from not...

SUSE CVE-2022-1962

Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations...

Security fix for the ALT Linux 10 package golang version 1.18.4-alt1

July 28, 2022 Alexey Shabalin 1.18.4-alt1 - New version 1.18.4. - Fixes: + CVE-2022-1705 + CVE-2022-32148 + CVE-2022-30631 + CVE-2022-30633 + CVE-2022-28131 + CVE-2022-30635 + CVE-2022-30632 + CVE-2022-30630 + CVE-2022-1962...

PT-2021-3744 · Oracle +11 · Mysql Server +10

Name of the Vulnerable Software and Affected Versions: MIT Kerberos 5 krb5 versions prior to 1.18.4 MIT Kerberos 5 krb5 versions 1.19.x prior to 1.19.2 MySQL Server versions 8.0.26 and earlier Description: The issue is related to a NULL pointer dereference in the Key Distribution Center KDC...

ALPINE-CVE-2021-3498

GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files...