Oracle Critical Patch Update Advisory - April 2026

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches add...

CVE-2026-0542

ServiceNow has addressed a remote code execution vulnerability that was identified in the ServiceNow AI platform. This vulnerability could enable an unauthenticated user, in certain circumstances, to execute code within the ServiceNow Sandbox. ServiceNow addressed this vulnerability by deploying ...

CVE-2025-30186

CVE-2025-30186 affects Open-Xchange OX App Suite. Malicious content uploaded as a file can execute script code when users follow attacker-controlled links, enabling unintended actions within the user’s account and potential exfiltration of sensitive data. The impact is described as limited to the...

PT-2025-43922

Name of the Vulnerable Software and Affected Versions CodeAstro Gym Management System version 1.0 Description A flaw exists in CodeAstro Gym Management System version 1.0 that allows for SQL injection. This occurs through manipulation of the ID argument in the file...

EUVD-2022-24672

Malicious code in bioql PyPI...

CVE-2025-34520

An authentication bypass vulnerability in Arcserve Unified Data Protection UDP allows unauthenticated attackers to gain unauthorized access to protected functionality or user accounts. By manipulating specific request parameters or exploiting a logic flaw, an attacker can bypass login mechanisms...

CVE-2025-41233

Description: VMware AVI Load Balancer contains an authenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the Moderate severity range https://www.broadcom.com/support/vmware-services/security-response with a maximum CVSSv3 base score of 6.8...

Oracle Linux 9 : gstreamer1-plugins-base (ELSA-2025-7243)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-7243 advisory. - Apply patches for CVE-2024-47538, CVE-2024-47541, CVE-2024-47542, CVE-2024-47600, CVE-2024-47607, CVE-2024-47615, CVE-2024-47835 Resolves: RHEL-70983...

PT-2025-16395 · Nixos · Nixos

Name of the Vulnerable Software and Affected Versions: NixOS versions prior to 24.11 and 25.05 Description: The issue is a local privilege escalation affecting all NixOS users, where a local user can create a program to be executed by root during shutdown when systemd.shutdownRamfs.enable is...

Veeam Addresses Critical Flaws, Urges Admins to Patch

...

PT-2024-1749

Name of the Vulnerable Software and Affected Versions ESET versions prior to the fixed version Description The issue is related to a local privilege escalation vulnerability that potentially allows an attacker to misuse ESET’s file operations to delete files without having proper permission. This...

Cisco Releases Security Advisory for IOS XE Software Web UI

Cisco released a security advisory to address a vulnerability CVE-2023-20198 affecting IOS XE Software Web UIlink is external. A cyber threat actor can exploit this vulnerability to take control of an affected device. CISA encourages users and administrators to review the Cisco security...

PT-2019-1447

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint versions prior to the fixed version Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Foundation 2013 Microsoft SharePoint Server 2010, 2019 Description A remote code execution vulnerability exists in...

FreeBSD-SA-05:09.htt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:09.htt Security Advisory The FreeBSD Project Topic: information disclosure when using HTT Category: core Module: sys Announced: 2005-05-13 Revised: 2005-05-13...

[SA14081] HP VirtualVault / Webproxy Apache Vulnerabilities

TITLE: HP VirtualVault / Webproxy Apache Vulnerabilities SECUNIA ADVISORY ID: SA14081 VERIFY ADVISORY: http://secunia.com/advisories/14081/ CRITICAL: Highly critical IMPACT: Privilege escalation, DoS, System access WHERE: From remote SOFTWARE: HP VirtualVault 4.x http://secunia.com/product/674/ H...

[SA14037] Sun Solaris UDP End Point Handling Denial of Service

TITLE: Sun Solaris UDP End Point Handling Denial of Service SECUNIA ADVISORY ID: SA14037 VERIFY ADVISORY: http://secunia.com/advisories/14037/ CRITICAL: Not critical IMPACT: DoS WHERE: Local system OPERATING SYSTEM: Sun Solaris 8 http://secunia.com/product/94/ Sun Solaris 9...

[SA13497] Sun Java Messaging Server Webmail Script Insertion Vulnerability

TITLE: Sun Java Messaging Server Webmail Script Insertion Vulnerability SECUNIA ADVISORY ID: SA13497 VERIFY ADVISORY: http://secunia.com/advisories/13497/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Sun Java System Messaging Server 6.x...

[SA13401] Sun Solaris in.rwhod Unspecified Vulnerability

TITLE: Sun Solaris in.rwhod Unspecified Vulnerability SECUNIA ADVISORY ID: SA13401 VERIFY ADVISORY: http://secunia.com/advisories/13401/ CRITICAL: Moderately critical IMPACT: System access WHERE: From local network OPERATING SYSTEM: Sun Solaris 9 http://secunia.com/product/95/ Sun Solaris 8...

cqure.net.20040430.citrixmetaframe

Hi, The following advisory has been released by cqure.net. The severity level has been set to low, as in Citrix's advisory available at; http://support.citrix.com/kb/entry.jspa?entryID=4289&categoryID=118 The reason for the low severity is the fact that you have to be local admin on the Citrix...

Symantec Firewall Malformed TCP Packet Options Remote DoS

The remote system appears vulnerable to an invalid Options field within a TCP packet. At least one vendor firewall Symantec has been reported prone to such a bug. An attacker, utilizing this flaw, would be able to remotely shut down the remote firewall stopping all network-based transactions by...