Alibaba Cloud Linux 3 : 0204: mod_auth_openidc:2.3 (ALINUX3-SA-2024:0204)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0204 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-24814: modauthopenidc is an OpenID Certifi...

Important: tomcat10

Issue Overview: Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException...

WordPress TheGem Theme <= 5.10.3 is vulnerable to Arbitrary File Upload

Software TheGem Type Theme Vulnerable versions = 5.10.3 Fixed in 5.10.3.1 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2025-4317 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 9a2acfb1e3cd Credits Foxyyy Required privilege Subscriber Published...

Important: ghostscript

Issue Overview: PS interpreter - check the type of the Pattern Implementation NOTE: https://bugs.ghostscript.com/showbug.cgi?id=707991 NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f49812186baa7d1362880673408a6fbe8719b4f8 NOTE:...

U.S. Dept Of Defense: Cross-Site Scripting via 'description_extra' parameter

A Cross-Site Scripting XSS vulnerability was discovered in the 'descriptionextra' parameter of the application. The vulnerability allowed an attacker to inject malicious scripts that could be executed, potentially leading to unintended consequences. The vulnerability was reported and the necessar...

WordPress Frontend Login and Registration Blocks plugin <= 1.1.1 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by kr0d in WordPress Plugin Frontend Login and Registration Blocks versions = 1.1.1...

WordPress PSW Front-end Login & Registration plugin <= 1.13 - Broken Authentication Vulnerability

Broken Authentication Vulnerability discovered by LVT-tholv2k in WordPress Plugin PSW Front-end Login & Registration versions = 1.13...

SonicWall SMA100 SSL-VPN Affected By Multiple Vulnerabilities

1 CVE-2025-32819 - Post-Authentication SSLVPN user arbitrary file delete vulnerabilityA vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default...

DEBIAN-CVE-2025-27533

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling of OpenWire commands the size value of buffers was not properly validated which could lead to excessive memory allocation and be exploited to cause a denial of service DoS by depleting process memor...

MAL-2025-3689 Malicious code in internal-lib-t1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0656cbf9afeeae51e03fe153910e1dad3a3840f219effb0583665acdfefb34ca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

WordPress PeproDev Ultimate Profile Solutions plugin 1.9.1-7.5.2 - Missing Authorization to Limited Unauthenticated Arbitrary User Meta Update

Missing Authorization to Limited Unauthenticated Arbitrary User Meta Update vulnerability discovered by kr0d in WordPress Plugin PeproDev Ultimate Profile Solutions versions 1.9.1-7.5.2...

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration through the Session API. An attacker can authenticate on behalf of the user by repeatedly using idp intents to retrieve the id and token from the application's URI. Remediation Upgrade...

Observable Response Discrepancy

Overview Affected versions of this package are vulnerable to Observable Response Discrepancy due to the timing analysis of post-login API responses. An attacker can determine if a specific user account exists by observing the response times. Remediation Upgrade Umbraco.Cms.Core to version 10.8.10...

Malicious code in vim-refactor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b68d05cbbe21dcfb11bb65a968508b32daf65b9e59fd898e3ee64f54c67de6c2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Security Bulletin: Vulnerability in urllib3 affects IBM Cloud Pak for Data System 1.0(CPDS 1.0)[CVE-2024-37891].

Summary The urllib3 package is used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE CVE-2024-37891. Vulnerability Details CVEID:CVE-2024-37891 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtain sensitive information,...

CVE-2024-46986

Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on...

WordPress Ivy School Theme <= 1.6.0 is vulnerable to Local File Inclusion

Software Ivy School Type Theme Vulnerable versions = 1.6.0 Fixed in 1.6.1 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-39470 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 2982cc652634 Credits Bonds Required privilege Unauthenticated...

Fedora 40 : mod_auth_openidc (2025-80600b51c5)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-80600b51c5 advisory. REbase modauthopenidc-2.4.16.11 resolves CVE-2025-31492 - modauthopenidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data Tenable has...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.17.25 bug fix and security update

Red Hat OpenShift Container Platform release 4.17.25 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a...

Security Bulletin: There is a vulnerability in vitest-2.1.8.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-24963,CVE-2025-24964)

Summary There is a vulnerability in vitest-2.1.8.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-24963 DESCRIPTION: Vitest is a testing framework powered by Vite. The screenshot-error handler on the browser mode HTTP server that...