Important: Red Hat Security Advisory: postgresql:13 security update

An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A...

CVE-2025-14040

The Automotive Car Dealership Business WordPress Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Call to Action' custom fields in all versions up to, and including, 13.4. This is due to insufficient input sanitization and output escaping on user-supplied attributes in th...

PT-2026-22306

The Automotive Car Dealership Business WordPress Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Call to Action' custom fields in all versions up to, and including, 13.4. This is due to insufficient input sanitization and output escaping on user-supplied attributes in th...

CVE-2025-69771

Cross-Site Scripting XSS vulnerability in the subtitle loading function of the asbplayer Chrome Extension version 1.14.0 allows attackers to execute arbitrary JavaScript in the context of the active streaming platform via a crafted .srt subtitle file. Because the script executes within the...

CVE-2026-3102

A vulnerability was determined in exiftool up to 13.49 on macOS. This issue affects the function SetMacOSTags of the file lib/Image/ExifTool/MacOS.pm of the component PNG File Parser. This manipulation of the argument DateTimeOriginal causes os command injection. The attack is possible to be...

CVE-2019-25457

Web Ofisi Firma v13 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'oz' array parameter. Attackers can send GET requests to category pages with malicious 'oz' values using time-based blind SQL injectio...

Web Ofisi Firma SQL注入漏洞

Web Ofisi Firma is a general-purpose corporate website script system developed by the Turkish company Web Ofisi. Version 13 of Web Ofisi Firma contains an SQL injection vulnerability, which stems from insufficient input validation for oz array parameters, potentially allowing SQL injection attack...

Hardened Repository error: "veeam-grp-backup group has no rights on the backup folder"

Challenge When editing the properties of a Hardened Repository that has been upgraded to Veeam Hardened Repository version 13 for Veeam Backup & Replication 13 using the Veeam Infrastructure Appliance ISO, and was originally created using the Veeam Hardened Repository ISO version 2.0 for Veeam...

FreePBX 13.x < 13.0.197.14 / 14.x < 14.0.13.12 / 15.x < 15.0.16.27 Remote Admin Authentication Bypass

The version of FreePBX installed on the remote host is 13.x prior to 13.0.197.14, 14.x prior to 14.0.13.12, or 15.x prior to 15.0.16.27. It is, therefore, affected by an authentication bypass vulnerability: - Sangoma FreePBX has incorrect access control that allows unauthenticated remote attacker...

Oracle Application Testing Suite (January 2026 CPU)

The versions of Oracle Application Testing Suite installed on the remote host are affected by a vulnerability as referenced in the January 2026 CPU advisory. - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Load Testing for Web Apps Apache...

Oracle Linux 8 : postgresql:13 (ELSA-2026-0523)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-0523 advisory. pgaudit pgrepack postgres-decoderbufs postgresql 13.23-1 - Update to 13.23 - Resolves: RHEL-128818 CVE-2025-12818 Tenable has extracted the preceding...

Progress Flowmon ADS SQL注入漏洞

Progress Flowmon ADS is a network traffic analysis and anomaly detection system from Progress, Inc. A SQL injection vulnerability exists in Progress Flowmon ADS versions prior to 12.5.4 and prior to 13.0.1, which stems from an SQL injection that could lead to the execution of unexpected SQL queri...

CVE-2023-43304

An issue in PARK DANDAN mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token...

CVE-2023-43995

An issue in picot.golf mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token...

CVE-2021-22166

An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method...

CVE-2021-22192

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server...

Technitium DNS Server 安全漏洞

Technitium DNS Server is an open source authoritative and recursive DNS server from the Technitium team. It can be used to self-host DNS servers for privacy and security. A security vulnerability exists in Technitium DNS Server version 13.5 that stems from improper handling of the rate limiting...

PT-2026-1811

Name of the Vulnerable Software and Affected Versions Technitium DNS Server version 13.5 Description An issue exists in the rate-limiting component of the software that allows a remote attacker to cause a denial of service. This impacts DNS service availability. Recommendations At the moment, the...

Kentico Xperience 安全漏洞

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that stems from a lack of effective filtering and escaping of user-supplied data by a form component, which can be exploited by an attacker to execute arbitrary web...

CVE-2025-15002

A vulnerability has been found in SeaCMS up to 13.3. The affected element is an unknown function of the file js/player/dmplayer/dmku/class/mysqli.class.php. Such manipulation of the argument page/limit leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to...