RHEL 7 : redhat-access-plugin-openstack (RHSA-2015:0645)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2015:0645 advisory. The Red Hat Support plug-in for Red Hat OpenStack is a Technology Preview feature which offers seamless integrated access to Red Hat subscription...

RHEL 6 : Red Hat JBoss Enterprise Application Platform 6.4.11 update on RHEL 6 (Moderate) (RHSA-2016:2068)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:2068 advisory. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a...

RHEL 6 : openstack-neutron (RHSA-2014:1078)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:1078 advisory. OpenStack Networking Neutron is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main functi...

RHEL 7 : redhat-access-plugin (RHSA-2015:0840)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2015:0840 advisory. The Red Hat Support plug-in for Red Hat OpenStack is a Technology Preview feature which offers seamless integrated access to Red Hat subscription...

RHEL 7 : qemu-kvm-rhev (RHSA-2015:1718)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:1718 advisory. KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the...

RHEL 6 / 7 : rh-java-common-apache-commons-collections (RHSA-2015:2523)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:2523 advisory. The Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections...

BIT-MINIO-2024-55949 Privilege escalation in IAM import API in MinIO

MinIO is a high-performance, S3 compatible object store, open sourced under GNU AGPLv3 license. Minio is subject to a privilege escalation in IAM import API, all users are impacted since MinIO commit 580d9db85e04f1b63cc2909af50f0ed08afa965f. This issue has been addressed in commit...

BIT-GIT-2024-52005 The sideband payload is passed unfiltered to the terminal in git

Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the remote Git process to the client via the so-called "sideband channel". These messages will be prefixed with "remote:" and printed directly to the...

[SECURITY] [DLA 4123-1] wpa security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4123-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès April 12, 2025 https://wiki.debian.org/LTS -...

PT-2025-15798 · WordPress · Kevon Adonis Wp Abstracts

Name of the Vulnerable Software and Affected Versions: Kevon Adonis WP Abstracts versions 2.7.4 and earlier Description: A Cross-Site Request Forgery CSRF issue allows unauthorized actions to be performed on behalf of a user. This can lead to various security problems, including data modification...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS through the handling of Well-Known Text formatted strings with nested GeometryCollection objects. An attacker can cause a stackoverflow by sending specially crafted requests that exploit this recursion. Details...

WordPress Motors plugin <= 1.4.63 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by siavashvafshar in WordPress Plugin Motors versions = 1.4.63...

VulnCheck KEV: CVE-2025-27636

Bypass/Injection vulnerability in Apache Camel components under particular conditions. This issue affects Apache Camel: from 4.10.0 through = 4.10.1, from 4.8.0 through = 4.8.4, from 3.10.0 through = 3.22.3. Users are recommended to upgrade to version 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LTS...

CVE-2025-27427

CVE-2025-27427 affects Apache ActiveMQ Artemis 2.0.0–2.39.0. A user with createDurableQueue or createNonDurableQueue permissions can augment the routing-type of an address without createAddress permission, and with send permission plus automatic queue creation could send messages using a routing-...

CVE-2025-27427 Apache ActiveMQ Artemis: Address routing-type can be updated by user without the createAddress permission

A vulnerability exists in Apache ActiveMQ Artemis whereby a user with the createDurableQueue or createNonDurableQueue permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permission for that particular address. When...

Security Bulletin: Vulnerability in archive/zip affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in archive/zip has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

Malicious code in @ofjaaah/jose2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ebd3f76646b8605352a4f16ce597be1bc5465c4fe3856d9a333b5975d8a0f4a0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-29980

A SQL injection issue has been discovered in eTRAKiT.net release 3.2.1.77. Due to improper input validation, a remote unauthenticated attacker can run arbitrary commands as the current MS SQL server account. It is recommended that the CRM feature is turned off while on eTRAKiT.net release 3.2.1.7...

adclaw (>=1.0.0 <=1.0.29), agentjet (=0.0.1) +27 more potentially affected by CVE-2024-8487 via agentscope (>=0.1.0 <=2.0.0)

agentscope PYPI version =0.1.0, =1.0.0, =0.3.0, =0.1.0, =0.2.0, =0.1.5, =1.0.0.post2, =0.1.0, =0.1.0, =0.0.1, =0.1.0.post1, =0.2.0, =0.4.0, =0.4.1 and more Source cves: CVE-2024-8487 Source advisory: SNYK:PYTHON-AGENTSCOPE-9511372...

Azure Linux 3.0 Security Update: vim (CVE-2025-26603)

The version of vim installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-26603 advisory. - Vim is a greatly improved version of the good old UNIX editor Vi. Vim allows to redirect screen messages using...