OPENSUSE-SU-2026:10732-1 libmodsecurity3-3.0.15-1.1 on GA media

These are all security issues fixed in the libmodsecurity3-3.0.15-1.1 package on the GA media of openSUSE Tumbleweed...

BIT-MODSECURITY2-2026-30923 libModSecurity3 denial of service via segfault when using t:hexDecode on single-character query strings

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a...

BIT-MODSECURITY-2026-30923 libModSecurity3 denial of service via segfault when using t:hexDecode on single-character query strings

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a...

SUSE CVE-2026-30923

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a...

CVE-2026-30923 libModSecurity3 denial of service via segfault when using t:hexDecode on single-character query strings

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a...

EUVD-2026-27422

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a...

Linux Distros Unpatched Vulnerability : CVE-2026-30923

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity ...

PT-2026-36537

Name of the Vulnerable Software and Affected Versions libModSecurity3 versions prior to 3.0.15 Description A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a single character. This allows an attacker to crash worker processe...

EUVD-2026-18112

IBM Content Navigator 3.0.15, 3.1.0, and 3.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2026-23794

Reflected XSS in Apache Syncope's Enduser Login page. An attacker that tricks a legitimate user into clicking a malicious link and logging in to Syncope Enduser could steal that user's credentials. This issue affects Apache Syncope: from 3.0 through 3.0.15, from 4.0 through 4.0.3. Users are...

Use of Hard-coded Cryptographic Key

Overview org.apache.syncope.core:syncope-core-starter is an Apache Syncope Core Spring Boot Starter Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key in the password encryption process. An attacker can recover original cleartext password values by accessing t...

Use of Hard-coded Cryptographic Key

Overview org.apache.syncope.core:syncope-core-provisioning-java is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology and released under Apache 2.0 license. Affected versions of this package are vulnerable to Use of Hard-coded...

IBM Content Navigator 安全漏洞

IBM Content Navigator is a Web client from International Business Machines IBM. The product supports searching and processing documents stored in content servers from a Web browser. A security vulnerability exists in IBM Content Navigator versions 3.0.11, 3.0.15, 3.1.0, and 3.2.0, which originate...

EUVD-2017-1496

Malware in sbrugna...

CVE-2019-13392

A reflected Cross-Site Scripting XSS vulnerability in MindPalette NateMail 3.0.15 allows an attacker to execute remote JavaScript in a victim's browser via a specially crafted POST request. The application will reflect the recipient value if it is not in the NateMail recipient array. Note that th...

Comerzzia Backoffice SQL注入漏洞

Comerzzia Backoffice is a modular retail platform from Comerzzia. A SQL injection vulnerability exists in Comerzzia Backoffice version 3.0.15, which stems from unfiltered uidActivity, codCompany, and uidInstance parameters, and could lead to SQL injection attacks...

PT-2025-22133 · Unknown · Comerzzia Backoffice: Sales Orchestrator

Name of the Vulnerable Software and Affected Versions: Comerzzia Backoffice: Sales Orchestrator version 3.0.15 Description: The issue allows an attacker to retrieve, create, update, and delete databases via the uidActivity, codCompany, and uidInstance parameters of the "/comerzzia/login" endpoint...

WordPress Animator – Scroll Triggered Animations plugin <= 3.0.15 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Animator versions = 3.0.15...

[R1] Nessus Version 10.7.6 Fixes Multiple Vulnerabilities

R1 Nessus Version 10.7.6 Fixes Multiple Vulnerabilities Arnie Cabral Wed, 09/11/2024 - 12:57 Nessus leverages third-party software to help provide underlying functionality. Several of the third-party components OpenSSL, expat were found to contain vulnerabilities, and updated versions have been...

OpenSSL DoS Vulnerability (20240903) - Windows

OpenSSL is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openssl:openssl";...