CLSA-2026-1778897873 ghostscript: Fix of CVE-2025-48708

CVE-2025-48708: fix argument sanitization to redact values supplied with '' separator...

PT-2026-30274

Description A scope modification vulnerability exists in @nyariv/sandboxjs version 0.8.35 and below. The vulnerability allows untrusted sandboxed code to leak internal interpreter objects through the new operator, exposing sandbox scope objects in the scope hierarchy to untrusted code; an...

CVE-2026-23759

CVE-2026-23759 affects Perle IOLAN STS/SCS terminal server models with firmware earlier than 6.0. The issue is an authenticated OS command injection via the restricted shell accessed over Telnet or SSH. The shell's handling of the ps subcommand does not sanitize arguments, passing user-supplied p...

CVE-2026-32260

Summary: CVE-2026-32260 affects Deno’s node:child_process polyfill (shell: true mode). From 2.7.0 to 2.7.1, a two-stage argument sanitization in transformDenoShellCommand contains a priority bug: when an argument includes a $VAR pattern, it is wrapped in double quotes instead of single quotes. Th...

USN-8088-1 golang-github-go-git-go-git vulnerabilities

Ionut Lalu discovered that go-git incorrectly handled certain specially crafted Git server responses. An attacker could possibly use this issue to cause a denial of service. CVE-2023-49568, CVE-2025-21614 Ionut Lalu discovered that go-git incorrectly handled file system paths when using the...

Unity Linux 20.1070e Security Update: ghostscript (UTSA-2025-993339)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993339 advisory. gslibctxstashsanitizedarg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the case. A created PDF document includes its...

CVE-2025-35028

By providing a command-line argument starting with a semi-colon ; to an API endpoint created by the EnhancedCommandExecutor class of the HexStrike AI MCP server, the resultant composed command is executed directly in the context of the MCP server’s normal privilege; typically, this is root. There...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ghostscript (SUSE-SU-2025:03461-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:03461-1 advisory. - CVE-2025-48708: Fixed password disclosure due to lacks of argument sanitization bsc1243701 Tenable has...

Security update for ghostscript

This update for ghostscript fixes the following issues: CVE-2025-48708: Fixed password disclosure due to lacks of argument sanitization bsc1243701 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively...

SUSE-SU-2025:03461-1 Security update for ghostscript

This update for ghostscript fixes the following issues: - CVE-2025-48708: Fixed password disclosure due to lacks of argument sanitization bsc1243701...

SUSE-SU-2025:03460-1 Security update for ghostscript

This update for ghostscript fixes the following issues: - CVE-2025-48708: Fixed password disclosure due to lacks of argument sanitization bsc1243701...

Security update for ghostscript

This update for ghostscript fixes the following issues: CVE-2025-48708: Fixed password disclosure due to lacks of argument sanitization bsc1243701 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively...

EUVD-2018-17533

Malware in sbrugna...

EUVD-2025-28243

Malicious code in bioql PyPI...

EUVD-2025-16939

Malicious code in bioql PyPI...

CLSA-2025-1755886078 tuned: Fix of CVE-2024-52337

CVE-2024-52337: sanitize API arguments to prevent log spoofing by both escaping ' characters and restricting newlines from being inserted...

PT-2025-29464 · Avl Rooms · Avl Rooms

Name of the Vulnerable Software and Affected Versions: AVL Rooms version 1.0 Description: A critical issue exists in AVL Rooms that allows for SQL injection. The vulnerability is located in the /city.php file, where manipulation of the city argument can trigger the attack remotely. The exploit fo...

PT-2025-29317 · Campcodes · Campcodes Sales/Inventory System

Name of the Vulnerable Software and Affected Versions: Campcodes Sales and Inventory System version 1.0 Description: A critical issue exists in Campcodes Sales and Inventory System 1.0 related to the processing of the /pages/product add.php file. Manipulation of the prod name argument can lead to...

PT-2025-29295 · Unknown · Modern Bag

Name of the Vulnerable Software and Affected Versions: Modern Bag version 1.0 Description: A critical issue exists in an unknown functionality of the file /action.php. The manipulation of the argument proId can lead to SQL injection. This issue may be exploited remotely. The exploit has been...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 : Ghostscript vulnerabilities (USN-7623-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7623-1 advisory. It was discovered that OpenJPEG, vendored in Ghostscript did not correctly handle large...