CVE-2025-47773

Combodo iTop is affected by a cross-site scripting (XSS) vulnerability in the dashboard editing functionality invoked via AJAX calls. The issue affects versions prior to 2.7.13 and prior to 3.2.2; versions 2.7.13 and 3.2.2 are reported to protect rendered HTML content. The root cause is an XSS fl...

EUVD-2025-50807

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a dashboard is edited via an AJAX call. Versions 2.7.13 and 3.2.2 protect rendered HTML content...

CVE-2025-47773 Combodo iTop has XSS vulnerability in /pages/ajax.render.php

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a dashboard is edited via an AJAX call. Versions 2.7.13 and 3.2.2 protect rendered HTML content...

PT-2025-46184

Name of the Vulnerable Software and Affected Versions Combodo iTop versions prior to 2.7.13 Combodo iTop versions prior to 3.2.2 Description Combodo iTop, a web-based IT service management tool, is susceptible to cross-site scripting when a dashboard is edited through an AJAX call. This allows fo...

[SECURITY] Fedora 41 Update: libnbd-1.22.5-1.fc41

NBD =E2=80=94 Network Block Device =E2=80=94 is a protocol for accessing Bloc k Devices hard disks and disk-like things over a Network. This is the NBD client library in userspace, a simple library for writing NBD clients. The key features are: Synchronous and asynchronous APIs, both for ease of...

[SECURITY] Fedora 42 Update: libnbd-1.22.5-1.fc42

NBD =E2=80=94 Network Block Device =E2=80=94 is a protocol for accessing Bloc k Devices hard disks and disk-like things over a Network. This is the NBD client library in userspace, a simple library for writing NBD clients. The key features are: Synchronous and asynchronous APIs, both for ease of...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990582)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990582 advisory. In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix races between hole punching and AIO+DIO After commit ocfs2: return real error code in...

[SECURITY] Fedora 43 Update: libnbd-1.23.10-1.fc43

NBD =E2=80=94 Network Block Device =E2=80=94 is a protocol for accessing Bloc k Devices hard disks and disk-like things over a Network. This is the NBD client library in userspace, a simple library for writing NBD clients. The key features are: Synchronous and asynchronous APIs, both for ease of...

[SECURITY] Fedora 43 Update: openapi-python-client-0.26.2-6.fc43

The openapi-python-client is a powerful tool designed to generate modern Python clients from OpenAPI 3.0+ documents supporting both synchronous and asynchronous HTTP requests. It automates the creation of Python classes and methods that correspond to the endpoints and schema defined in your OpenA...

[SECURITY] Fedora 42 Update: openapi-python-client-0.26.2-6.fc42

The openapi-python-client is a powerful tool designed to generate modern Python clients from OpenAPI 3.0+ documents supporting both synchronous and asynchronous HTTP requests. It automates the creation of Python classes and methods that correspond to the endpoints and schema defined in your OpenA...

WordPress Document Library Lite plugin improper authorization vulnerability

WordPress Document Library Lite plugin is a WordPress plugin for creating document libraries and download management features with support for multiple file types and responsive layouts. The WordPress Document Library Lite plugin suffers from an improper authorization vulnerability that stems fro...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989966)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989966 advisory. In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix races between hole punching and AIO+DIO After commit ocfs2: return real error code in...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990244)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990244 advisory. In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix races between hole punching and AIO+DIO After commit ocfs2: return real error code in...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988947)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988947 advisory. In the Linux kernel, the following vulnerability has been resolved: aio: fix use-after-free due to missing POLLFREE handling signalfdpoll and binderpoll are special ...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990345)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990345 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: Use sndcardfreewhenclosed at disconnection The USB disconnect callback is supposed t...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989868)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989868 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: us122l: Use sndcardfreewhenclosed at disconnection The USB disconnect callback is supposed ...

[SECURITY] Fedora 42 Update: openapi-python-client-0.26.2-4.fc42

The openapi-python-client is a powerful tool designed to generate modern Python clients from OpenAPI 3.0+ documents supporting both synchronous and asynchronous HTTP requests. It automates the creation of Python classes and methods that correspond to the endpoints and schema defined in your OpenA...

[SECURITY] Fedora 41 Update: openapi-python-client-0.24.3-2.fc41

The openapi-python-client is a powerful tool designed to generate modern Python clients from OpenAPI 3.0+ documents supporting both synchronous and asynchronous HTTP requests. It automates the creation of Python classes and methods that correspond to the endpoints and schema defined in your OpenA...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: tls: Separating the handling of no-async decryption requests from async. If we are not using async, the handling is much simpler. There is no reference counting; we simply need to wait for the completion to wake us up and return...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: net: atm: fix /proc/net/atm/lec handling /proc/net/atm/lec must ensure safety against devlec changes. It appears that there were calls to devput without prior calls to devhold, leading to imbalance and UAF Use-after-Allocation...