157 matches found
UBUNTU-CVE-2025-53689
Blind XXE Vulnerabilities in jackrabbit-spi-commons and jackrabbit-core in Apache Jackrabbit 2.23.2 due to usage of an unsecured document build to load privileges. Users are recommended to upgrade to versions 2.20.17 Java 8, 2.22.1 Java 11 or 2.23.2 Java 11, beta versions, which fix this issue...
SUSE-SU-2025:02150-1 Security update for google-osconfig-agent
This update for google-osconfig-agent fixes the following issues: - Update to version 20250416.02 bsc1244304, bsc1244503 defaultSleeper: tolerate 10% difference to reduce test flakiness Add output of some packagemanagers to the testdata - from version 20250416.01 Refactor OS Info package - from...
PT-2025-32985
Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 11.0.0-M1 through 11.0.7 Apache Tomcat versions 10.1.0-M1 through 10.1.41 Apache Tomcat versions 9.0.0.M1 through 9.0.105 Description: A session fixation issue exists in Apache Tomcat due to a flaw in the rewrite valve...
CVE-2024-56145
Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has registerargcargv enabled. For these users an unspecified remote code execution vector is present...
CVE-2025-3936
Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Niagara Framework: before 4.14.2, before 4.15.1,...
PT-2025-22467 · Linux +3 · Linux +4
Name of the Vulnerable Software and Affected Versions: Tridium Niagara Framework versions prior to 4.14.2, prior to 4.15.1, prior to 4.10.11 Tridium Niagara Enterprise Security versions prior to 4.14.2, prior to 4.15.1, prior to 4.10.11 Description: The issue is related to the improper use of a...
CVE-2025-22233 Spring Framework DataBinder Case Sensitive Match Exception
CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Spring Framework: 6.2...
Security Bulletin: IBM Maximo Application Suite - Manage Component uses dompurify-3.2.3.tgz which is vulnerable to CVE-2025-26791.
Summary IBM Maximo Application Suite - Manage Component uses dompurify-3.2.3.tgz which is vulnerable to CVE-2025-26791. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect...
GHSA-3988-Q8Q7-P787 ash_authentication has email link auto-click account confirmation vulnerability
Impact The confirmation flow for account creation currently uses a GET request triggered by clicking a link sent via email. Some email clients and security tools e.g., Outlook, virus scanners, and email previewers may automatically follow these links, unintentionally confirming the account. This...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to systeminformation-5.22.11.tgz CVE-2024-56334
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to systeminformation-5.22.11.tgz CVE-2024-56334. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-56334 DESCRIPTION: systeminformation is a System and OS informati...
PT-2025-11151 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 17.2 through 17.7.7 GitLab EE versions 17.8 through 17.8.5 GitLab EE versions 17.9 through 17.9.2 Description: An issue was discovered in the Google Cloud IAM integration feature, where an input validation problem could hav...
SUSE SLED15 / SLES15 / openSUSE 15 : Recommended update for Maven (SUSE-SU-2025:0719-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0719-1 advisory. maven-dependency-analyzer was updated from version 1.13.2 to 1.15.1: - Key changes across versions: Bug...
Recommended update for Maven
This update for Maven fixes the following issues: maven-dependency-analyzer was updated from version 1.13.2 to 1.15.1: Key changes across versions: Bug fixes and improved support of dynamic types Dependency upgrades ASM, Maven core, and notably the removal of commons-io Improved error handling by...
Exposure of Sensitive Information Through Metadata
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Exposure of Sensitive Information Through Metadata via the tag search page or in the tags block which allows users to discover tags that are not expected to be visible. Remediation Upgrade...
CVE-2025-24964
Vitest is a testing framework powered by Vite. Affected versions are subject to arbitrary remote Code Execution when accessing a malicious website while Vitest API server is listening by Cross-site WebSocket hijacking CSWSH attacks. When api option is enabled Vitest UI enables it, Vitest starts a...
SQL Injection
Overview centreon/centreon is a network, system, applicative supervision and monitoring tool. Affected versions of this package are vulnerable to SQL Injection through the form used to create virtual metrics. An attacker can manipulate the underlying database queries and potentially access, modif...
PT-2024-8695 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.0 through 17.3.7 GitLab CE/EE versions 17.4 through 17.4.4 GitLab CE/EE versions 17.5 through 17.5.2 Description: The issue is related to a flaw in the authorization mechanism of GitLab CE/EE, which could allow...
Improper Privilege Management
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Improper Privilege Management due to insufficient capability checks in the process of restoring glossaries which allows an attacker to restore glossaries in courses into the global site glossary...
UBUNTU-CVE-2024-38286
Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. The following versions were EOL at the time the CVE was created but are known to be...
PT-2024-34873 · Unknown · Symphony Php Framework
Name of the Vulnerable Software and Affected Versions: Symphony PHP framework versions prior to 5.4.46 Symphony PHP framework versions prior to 6.4.14 Symphony PHP framework versions prior to 7.1.7 Description: The Symphony process module in the Symphony PHP framework executes commands in...