CVE-2025-27779 Applio allows unsafe deserialization in model_blender.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in modelblender.py lines 20 and 21. modelfusiona and modelfusionb from voiceblender.py take user-supplied input e.g. a path to a model and pass that value to the runmodelblenderscript and...

CVE-2025-27780 Applio allows unsafe deserialization in model_information.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in modelinformation.py. modelname in modelinformation.py takes user-supplied input e.g. a path to a model and pass that value to the runmodelinformationscript and later to modelinformation...

CVE-2024-29195 affecting package azure-iot-sdk-c for versions less than 2022.01.21-4

CVE-2024-29195 affecting package azure-iot-sdk-c for versions less than 2022.01.21-4. A patched version of the package is available...

RockyLinux 9 : libpq (RLSA-2025:1738)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:1738 advisory. postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CVE-2025-1094 Tenable has extracted the preceding...

notice-facile.com Cross Site Scripting vulnerability OBB-4037592

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2024-56761 affecting package kernel for versions less than 6.6.76.1-1

CVE-2024-56761 affecting package kernel for versions less than 6.6.76.1-1. A patched version of the package is available...

CVE-2024-49897 affecting package kernel for versions less than 6.6.64.2-9

CVE-2024-49897 affecting package kernel for versions less than 6.6.64.2-9. A patched version of the package is available...

CVE-2024-56599 affecting package kernel for versions less than 6.6.76.1-1

CVE-2024-56599 affecting package kernel for versions less than 6.6.76.1-1. A patched version of the package is available...

CVE-2024-43911 affecting package kernel for versions less than 6.6.64.2-9

CVE-2024-43911 affecting package kernel for versions less than 6.6.64.2-9. A patched version of the package is available...

CVE-2023-52920 affecting package kernel for versions less than 6.6.64.2-9

CVE-2023-52920 affecting package kernel for versions less than 6.6.64.2-9. A patched version of the package is available...

CVE-2024-53122 affecting package kernel for versions less than 5.15.176.3-1

CVE-2024-53122 affecting package kernel for versions less than 5.15.176.3-1. A patched version of the package is available...

CVE-2024-44940 affecting package kernel for versions less than 5.15.176.3-1

CVE-2024-44940 affecting package kernel for versions less than 5.15.176.3-1. A patched version of the package is available...

CVE-2024-56766 affecting package kernel for versions less than 5.15.176.3-1

CVE-2024-56766 affecting package kernel for versions less than 5.15.176.3-1. A patched version of the package is available...

CVE-2024-46841 affecting package kernel for versions less than 5.15.176.3-1

CVE-2024-46841 affecting package kernel for versions less than 5.15.176.3-1. A patched version of the package is available...

USN-7299-4 xorg-server, xorg-server-hwe-16.04, xorg-server-hwe-18.04 regression

USN-7299-2 fix vulnerabilities in X.Org X Server. This fix caused a regression in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. This update fix the regression and re-apply the fix for the CVE listed. We apologize for the inconvenience. Original advisory details: Jan-Niklas Sohn discovered that the X.Org...

CVE-2025-29771

HtmlSanitizer (client-side HTML sanitizer) is affected: versions prior to 2.0.3 are vulnerable to cross-site scripting when used with a contentEditable element that sets innerHTML to a sanitized string. The issue is caused by the code beautifier running after sanitation, enabling XSS. remediation...

USN-7343-2: Jinja2 regression

USN-7343-1 fixed vulnerabilities in Jinja2. The update introduced a regression when attempting to import Jinja2 on Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Rafal Krupinski discovered that Jinja2 did not...

CVE-2025-27792 Opal vulnerable to CSRF protection bypass

Opal is OBiBa’s core database application for biobanks or epidemiological studies. Prior to version 5.1.1, the protections against cross-site request forgery CSRF were insufficient application-wide. The referrer header is checked, and if it is invalid, the server returns 403. However, the referre...

CVE-2025-27101 Broken Access Control in Opal filesystem's copy functionality exposes all user data

Opal is OBiBa’s core database application for biobanks or epidemiological studies. Prior to version 5.1.1, when copying any parent directory to a folder in the /temp/ directory, all files in that parent directory are copied, including files which the user should not have access to. All users of t...

CLSA-2025-1741629091 libxml2: Fix of CVE-2025-27113

CVE-2025-27113: fix compilation of explicit child axis...