SUSE CVE-2026-3608

Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow error. This issue affects Kea versions 2.6.0 through 2.6.4 and 3.0.0 through 3.0.2...

MiracleLinux 3 : kernel-2.6.18-53.22AXS3 (AXSA:2009-42:04)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2009-42:04 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Fixed bugs: CVE-2008-3528 The error-reporting functionality in 1...

PT-2025-43262

Name of the Vulnerable Software and Affected Versions designthemes Triss versions through 2.6 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Reflected Cross-Site Scripting XSS condition. This allows an attacker to inject...

Linux Distros Unpatched Vulnerability : CVE-2025-32802

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root...

PT-2025-5104 · WordPress · Wp Service Payment Form With Authorize.Net

Name of the Vulnerable Software and Affected Versions: WP Service Payment Form With Authorize.net versions n/a through 2.6.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Reflected XSS. This means an attacker can trick a user into performing unintended...

Mitel InAttend 安全漏洞

Mitel InAttend is an enterprise call management system from Mitel Canada. A security vulnerability exists in Mitel InAttend versions 2.6 SP4 through 2.7 and CMG versions 8.5 SP4 through 8.6, which is caused by a vulnerability in the BluStar component that could allow access to sensitive...

PT-2024-21371 · Fastdds +1 · Fastdds +1

Name of the Vulnerable Software and Affected Versions: FastDDS versions 2.6.x through 2.12.x Description: An issue in the HistoryQosPolicy component of FastDDS leads to a SIGABRT signal abort upon receiving DataWriter's data. Recommendations: For versions 2.6.x through 2.12.x, consider disabling...

CVE-2023-47809

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themepoints Accordion plugin = 2.6 versions...

PT-2023-17692 · Harbor · Harbor

Name of the Vulnerable Software and Affected Versions: Harbor versions 2.6.x and earlier Harbor versions 2.7.2 and earlier Harbor versions 2.8.2 and earlier Harbor versions 1.10.17 and earlier Description: A timing condition in Harbor allows an attacker with network access to create jobs, stop jo...

XWiki Platform 跨站脚本漏洞

XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the XWiki Foundation in France. A security vulnerability exists in XWiki Platform. An attacker could use this vulnerability to inject Javascript code into a page by forging a URL and trigger a cross-site...

SUSE CVE-2009-3228

The tcfilltclass function in net/sched/schapi.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain 1 tcmpad1 and 2 tcmpad2 structure members, which might allow local users to obtain sensitive information from kernel memory via...

SUSE CVE-2011-3872

Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise PE Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent certificate, adds the Puppet master's certdnsnames values to the X.509 Subject Alternative Name field of the certificate, which allows remote attackers to spoof ...

Puppet Arbitrary Command Execution

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full...

alwakeupword (=1.0.0), armadillin (>=0.0.2 <=0.53.0) +42 more potentially affected by CVE-2022-23563 via tensorflow (>=2.6.0 <=2.6.2)

tensorflow PYPI version =2.6.0, =0.0.2, =1.0.1, =0.0.9, =0.2.0, =4.4.0, =1.1.2, =0.2.0, =0.0.1, =1.0.0, =1.1.2 - imgtovar =0.8.5 and more Source cves: CVE-2022-23563 Source advisory: OSV:GHSA-WC4G-R73W-X8MM...

alwakeupword (=1.0.0), armadillin (>=0.0.2 <=0.53.0) +42 more potentially affected by CVE-2022-21739 via tensorflow (>=2.6.0 <=2.6.2)

tensorflow PYPI version =2.6.0, =0.0.2, =1.0.1, =0.0.9, =0.2.0, =4.4.0, =1.1.2, =0.2.0, =0.0.1, =1.0.0, =1.1.2 - imgtovar =0.8.5 and more Source cves: CVE-2022-21739 Source advisory: OSV:GHSA-3MW4-6RJ6-74G5...

alwakeupword (=1.0.0), armadillin (>=0.0.2 <=0.53.0) +35 more potentially affected by CVE-2021-41220 via tensorflow (>=2.6.0 <=2.6.0rc2)

tensorflow PYPI version =2.6.0, =0.0.2, =0.0.9, =0.2.0, =4.4.0, =1.1.2, =0.2.0, =0.0.1, =1.0.0, =0.1.5, =0.2.1 and more Source cves: CVE-2021-41220 Source advisory: OSV:GHSA-GPFH-JVF9-7WG5...

alwakeupword (=1.0.0), armadillin (>=0.0.2 <=0.53.0) +35 more potentially affected by CVE-2021-41226 via tensorflow (>=2.6.0 <=2.6.0rc2)

tensorflow PYPI version =2.6.0, =0.0.2, =0.0.9, =0.2.0, =4.4.0, =1.1.2, =0.2.0, =0.0.1, =1.0.0, =0.1.5, =0.2.1 and more Source cves: CVE-2021-41226 Source advisory: OSV:GHSA-374M-JM66-3VJ8...

PT-2019-17130 · Ibm · Ibm Security Key Lifecycle Manager

Name of the Vulnerable Software and Affected Versions: IBM Security Key Lifecycle Manager versions 2.6 through 3.0.1 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a...

Security Bulletin: IBM Security Key Lifecycle Manager is affected by Cross-Site Scripting (CVE-2019-4564)

Summary IBM Security Key Lifecycle Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Vulnerability Details...

rubygems: Escape sequence injection vulnerability in verbose

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteractionverbose calls say without escaping, escape sequence injection is possible...