DEBIAN-CVE-2026-33317

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, missing checks in entrygetattributevalue in ta/pkcs11/src/object.c can lead to out-of-bounds read from...

Linux Distros Unpatched Vulnerability : CVE-2026-34517

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, for some multipart form fields, aiohttp read the entire...

CVE-2026-34520

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, the C parser the default for most installs accepted null bytes and control characters in response headers. This issue has been patched in version 3.13.4...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to insufficient restrictions in the handling of HTTP headers and trailers. An attacker can exhaust system memory by sending specially crafted requests, potentially leading to...

EUVD-2025-208753

An authenticated arbitrary file upload vulnerability in the Courses/Work Assignments module of gunet Open eClass v3.11, and fixed in v3.13, allows attackers to execute arbitrary code via uploading a crafted SVG file...

GUnet OpenEclass 安全漏洞

GUnet OpenEclass is a learning management system developed by the Greek company GUnet. Versions of GUnet OpenEclass prior to version 3.13 contained security vulnerabilities. These vulnerabilities stemmed from the existence of an authenticated arbitrary file upload in the Courses/Work Assignments...

CVE-2025-65734

The CVE-2025-65734 entry concerns gunet Open eClass. An authenticated arbitrary file upload vulnerability exists in the Courses/Work Assignments module, allowing code execution via a crafted SVG file. Affected version v3.11; fixed in v3.13. The issue requires authentication and uses a crafted SVG...

PT-2026-25769

An authenticated arbitrary file upload vulnerability in the Courses/Work Assignments module of gunet Open eClass v3.11, and fixed in v3.13, allows attackers to execute arbitrary code via uploading a crafted SVG file...

[SECURITY] Fedora 42 Update: python3.13-3.13.12-1.fc42

Python 3.13 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries...

CVE-2025-69227

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow for an infinite loop to occur when assert statements are bypassed, resulting in a DoS attack when processing a POST body. If optimizations are enabled -O or PYTHONOPTIMIZE=1, and the...

SUSE SLED15 / SLES15 Security Update : python313 (SUSE-SU-2026:0024-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0024-1 advisory. Update to version 3.13.11. Security issues fixed: - CVE-2025-12084: quadratic complexity when building nested...

PT-2026-1098

Name of the Vulnerable Software and Affected Versions Qfiling versions prior to 3.13.1 Description A path traversal issue exists in Qfiling that could allow remote attackers to read the contents of unexpected files or system data. Approximately 3257k+ instances are potentially exposed. The...

PT-2025-51945

Name of the Vulnerable Software and Affected Versions Bludit versions prior to 3.13.1 Description A file download issue exists in the Backup Plugin within Bludit. Logged-in users can access arbitrary files. Attackers can exploit the plugin’s download functionality by manipulating file path...

SUSE SLED15 / SLES15 Security Update : python313 (SUSE-SU-2025:4277-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4277-1 advisory. Update to 3.13.9: - CVE-2025-6075: Fixed simple quadratic complexity vulnerabilities of os.path.expandvars...

CVE-2025-66059 WordPress Seriously Simple Podcasting plugin <= 3.13.0 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Retrieve Embedded Sensitive Data.This issue affects Seriously Simple Podcasting: from n/a through = 3.13.0...

PT-2025-47736

Name of the Vulnerable Software and Affected Versions Seriously Simple Podcasting versions through 3.13.0 Description A Cross-Site Request Forgery CSRF issue exists in Seriously Simple Podcasting. This allows attackers to perform actions on behalf of authenticated users without their knowledge...

Intel ACAT 安全漏洞

Intel ACAT is an open source platform from Intel Corporation USA. A security vulnerability exists in Intel ACAT versions prior to 3.13, which stems from a competitive condition in the Ring 3 user application that could lead to a denial-of-service attack...

Assistive Context-Aware Toolkit (ACAT) Software Advisory

Summary: A potential security vulnerability in some Assistive Context-Aware Toolkit ACAT software maintained by Intel may allow denial of service. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2025-27725 Description: Time-of-check...

Excitel Broadband Private my Excitel 安全漏洞

Excitel Broadband Private my Excitel is a fast online payment software from Excitel Broadband Private. A security vulnerability exists in Excitel Broadband Private my Excitel version 3.13.0, which stems from improperly restricted authentication attempts in the One-Time Password Handler component...

WordPress GiveWP plugin <= 3.13.0 - Insecure Direct Object Reference to Authenticated (GiveWP Worker+) Arbitrary Post Actions vulnerability

Insecure Direct Object Reference to Authenticated GiveWP Worker+ Arbitrary Post Actions vulnerability discovered by Thanh Nam Tran in WordPress Plugin GiveWP versions = 3.13.0...